|20-CS-5155-001||Cyber Defense Overview||Fall 2017|
Penetration Testing with Metasploit
Due: Sept. 24, 2018 (Submission instructions are here)
To be able to defend a network or system it is necessary to understand what must be defended against. To that end, this lab calls for you to use some of the tools that malfeasants use to examine systems, looking for vulnerabilities.
Armitage as a front end to Metasploit
A dialog box appears as shown below. Just click "connect".
Armitage takes a long time to start. For a while you see this:
which looks like a problem due to the connection exception. But the reason for the exception is that the metasploit framework is not ready for connections yet. Eventually, a connection is made and the following screen appears, except without the two icons that represent discovered machines from previous launches of armitage.
Those icons are the result of defining a workspace and machines in it. The `workspace' tab is used for this purpose. Armitage uses namp to scan those machines for services. Once that is done, attacks can be suggested for the machines. This is done by selecting one of the icons, dropping the `Attacks' menu as shown below, and selecting `Find Attacks'.
Now an `Attack' menu is made available for the selected icon. This can be accessed with a right click over the selected icon. Doing so allows one to choose an attack as illustrated below.
Selecting an attack results in a window, such as the one below, where parameters can be set.
When the attack is launched, progress and results are displayed in the bottom window.