Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 164

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 167

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 170

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 173

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 176

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 178

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 180

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 202

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 206

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 224

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 225

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 227

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 321

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 321

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 321

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/includes/class.layout.php on line 321

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/admin/class.options.metapanel.php on line 56

Warning: Creating default object from empty value in /home/ethical/public_html/wp-content/themes/platform/admin/class.options.metapanel.php on line 49
06 | October | 2011 | Certified Ethical Hackers Security Analyst Malware Hacking Information
From the daily archives: Thursday, October 6, 2011

armitage.pngBy Raphael Mudge, Armitage Creator

Armitage is a front-end for Metasploit that allows team collaboration and exposes the advanced features of the framework. Raphael Mudge has made a six-part training series on Armitage and Metasploit for the ethicalhacker.net community. These demonstration-heavy lectures introduce the penetration testing process and walk you through each step. You’ll learn how to break into hosts, carry out post-exploitation activities, develop more access from your initial foothold, and you’ll do this in a team environment.

These lectures were initially created for the Austin, TX ISSA and OWASP half-day Metasploit training event in June. Elated after several tex-mex meals, Raphael recorded these lectures for us. If you’re new to penetration testing and want to understand Metasploit and Armitage, these lectures are for you. Also, be sure to read Hacking Linux with Armitage from February 2011. Enjoy the training!

Active Image
Active Image del.icio.us

Discuss in Forums

Discuss Topic (14)

This lecture introduces penetration testing, this course, and the overall network penetration testing process.

2. Metasploit

This lecture introduces the Metasploit Framework and Armitage. By the end of this lecture, you will understand Metasploit, the vocabulary around it, and how to work in the Metasploit console.

3. Access

This lecture teaches you how to use Metasploit to break into hosts. You’ll learn how to hack without exploits, use client-side attacks, and launch the right remote exploit when applicable.

4. Post-Exploitation

This lecture teaches what to do after you break into a host. You’ll learn how to interact with a host, browse files, steal keystrokes, kill programs, and use Metasploit’s powerful post-exploitation modules. Armitage’s logging features are covered as well.

5. Maneuver

The last step is to take your access and turn it into more access. This lecture shows how to use Metasploit’s pivoting to get at otherwise unreachable hosts, scan through a pivot, dump hashes, and abuse a Windows Active Directory domain.

6. Team Tactics

Now you know the whole network attack process, but you’ll rarely work alone. This lecture shows you how to use the teaming features of Armitage to accomplish everything from the previous lectures. You’ll learn how to use Armitage for real-time communication, data sharing, and session sharing. Finally, you’ll also learn how to use external tools with Metasploit’s pivoting ability.

Lab

The Austin, TX version of this training also included a hands-on lab and exercises. You just need VMWare Player, Metasploit, and the Metasploitable virtual machine to play along.

The instructions call for a Mint-9 Virtual Machine as well. This virtual machine is a standard Mint Linux distribution that Raphael installed Java and the Java plugin onto. Replace references to this VM with any VM capable of running Java applets in a browser.

If you’d like to try this lab out, the materials are available at:

http://codebazaar.blogspot.com/2011/06/introduction-to-metasploit-and-armitage.html

Further Resources

The following resources were mentioned throughout these lectures:


About the Author

Raphael Mudge is a Washington, DC based security engineer. He’s created several projects including jIRCii, Sleep, and After the Deadline. He’s now working on Armitage, a cyber attack management tool for Metasploit. You can contact him at http://www.hick.org/~raffi/.

Article source: http://www.ethicalhacker.net/content/view/379/2/

Tagged with:
 

Digital Mobile Forensics Deep Dive: This three-day highly advanced and technical course provides students with the knowledge and real world hands-on practical skills for performing Mobile Forensic Investigations. The course is based on vendor neutral Digital Forensic principals, with focus on Apple OS, Google Android, RIM Blackberry and an array of other mobile devices and operating systems.

Attendees get to choose from a suite of workshops which are highly technical and advanced, covering current and important security topics such as penetration testing (Joe McCray), mobile forensics (Wayne Burke), cryptography (Chuck Statton), network defense (Kevin Cardwell), and application security (Tim Pierson). The event concludes with a one-day security training seminar that will have a few mini-lectures, and allows for participants to actually learn, and not just listen or be rushed through a short presentation like how it’s like in many other events or conference.”

Article source: http://www.ethicalhacker.net/content/view/381/8/

Tagged with:
 
Set your Twitter account name in your settings to use the TwitterBar Section.