Hack Like a Pro: Metasploit for the Aspiring Hacker, Part 4 (Armitage)

Metasploit for the Aspiring Hacker, Part 4 (Armitage)

Hack Like a Pro: Metasploit for the Aspiring Hacker, Part 4 (Armitage)

Welcome back, my hacker novitiates!

As you know by now, the Metasploit Framework is one of my favorite hacking tools. It is capable of embedding code into a remote system and controlling it, scanning systems for recon, and fuzzing systems to find buffer overflows. Plus, all of this can be integrated into Rapid7's excellent vulnerability scanner Nexpose.

Many beginners are uncomfortable using the interactive msfconsole and probably will be without a significant amount of hours spent using Metasploit. However, Metasploit does have other means of controlling the system that make system exploitation a touch easier for those of you uncomfortable with the command line.

For those who are more comfortable using a graphical user interface (GUI), Raphael Mudge has developed one that connects to and controls Metasploit much like a Windows application. He calls it Armitage, and I've covered it briefly in my Metasploit primer guide. Especially for new, aspiring hackers, Armitage can make learning hacking with Metasploit a quicker and much less painful process.

Let's take a look a Armitage and see how it can make hacking simpler.

Step 1: Download Armitage

The first step, of course, is to download Armtage. If you have BackTrack or the early versions of Kali, you probably don't have Armitage, but you can get it from Armitage's website.

Click on the download button and it will pull up the following webpage. Make certain that you download the Linux version.

Another download option includes using the command line tool aptitude. Just type the following to install it.

  • kali apt-get install armitage

In addition, you can also use the GUI-based tool in Kali, the "Add/Remove Software," and search for "Armitage."

Step 2: Start Metasploit

Once you have Armitage downloaded onto your system, the next step is to start Matsploit. Make certain the postgreSQL server is started by typing:

  • kali > service postgresql start

Now, start Metasploit by typing:

  • kali > msfconsole

Step 3: Start Armitage

Armitage uses a client/server architecture where Metasploit is the server and Armitage is the client. In essence, Armitage is a GUI client that I can interact and control the Metasploit server.

Start Armitage in Kali by typing:

  • kali > armitage

When you do so, you will see the following screen.

If you are running Metasploit from your "home" system, leave these default setting and click "Connect." If you want to run Armitage on a remote system, simply put the IP address of the system running Metasploit in the window asking you for the "Host."

Step 4: Start the RPC Server

Armitage connects to an RPC server in order to control Metasploit. You are likely to see the following screen after starting Armitage.

In some cases, it make take awhile to connect, such as in the screen below.

When Armitage finally connects to Metasploit's RPC server, you will greeted with the following screen.

Success! You are now running Metasploit from an easy to use GUI.

Step 5: Explore Armitage

Notice in the upper left-hand corner of the Armitage screen, you can see folders. These folders contain four types of Metasploit modules;

  1. auxiliary
  2. exploit
  3. payload
  4. post

If you have read my earlier Metasploit tutorials, you know that this is how Metasploit organizes its modules. For the beginner, the exploit and payload modules are the most important.

We can expand the exploit modules directory by clicking on the arrow head to its right. When we do so, it expands and show us its contents.

It categorizes the exploits by the type of operating system (OS) they are designed for, such as Windows, BSD, Linux, Solaris, etc. Remember, exploits are specific to an operating system, an application, ports, services, and sometimes even the language. If we scroll to the Windows subdirectory and expand it, we see all the Windows exploits categorized by type.

Now, when we are looking for an exploit to use on a particular system with a particular vulnerability, we can simply point and click to find it.

Step 6: Hail Mary!

Nearly everything you can do with the Metasploit console, you can with Armitage. There is one thing though that you do with Armitage that you cannot do with msfconsole (at least without scripting). That one thing is to throw the Hail Mary! The Hail Mary is where Armitage will throw every exploit it has against a site to see whether any of them work.

Simply go to the "Attacks" menu at the top of Armitage and select "Hail Mary." When you click on it it warns you like in the screen below.

This wouldn't really be effective in a hacking environment as its far from stealthy. It will create so much "noise" on the target that you will likely be detected immediately, but in a lab or pentesting environment, it can be useful to try numerous attacks against a target a see which, if any, will work.

Armitage enables the aspiring hacker to quickly grasp the basics of Metasploit hacking and begin to use this excellent and powerful tool in very short order. We all owe Raphael Mudge a debt of gratitude for developing and giving away this excellent piece of software!


Armitage was very helpful to me to understand first steps of the exploiting part, I'd also strongly recommend it.

For an in-depth introduction by the creator Raphael Mudge check this video on Hak5's channel (nothing to say about OTW's one, flawless as always).

OTW do you know Vivek Ramachandran !!!!!!!!!!!!!!!!!1

Great intro as always...Thank you
Captain i find this to be a very well put together piece of equipment but how about,

Start Metasploit & Armitage with Kali:

Applications > Kali linux > System Services > Metasploit > Community / Pro Start

# armitage

And you should be on your way..But first say " THANK YOU RAPHAEL" ,and proceed....and thanks OTW for the tour....

some issues:
After Armitage launched

Hosts > Nmap Scan(OS Detect) > (specific ip entered)

Host does appear in the workspace,(wonderful),but OS not detected..Why?
Without the proper OS detected how can you direct the proper "exploit"?
Should Nmap Scan be done outside of armitage and then imported?
Is there a real difference on the input?
I Wonder.........

OS not detected is very vague, it means that Nmap is not able to understand the OS fingerprint (like a strange printer), but other tools specified in this might be able to.

Good answer, Ciuffy.

nmap is not the best OS detection tool. Try xprobe2 or pOF.


thanks for reply,

@Cluffy : nmap scan returns "unable to detect OS" after a successful scan, it couldn't be a "strange printer". I'm still testing this and i already know the OS. I was just curious as to why it wasen't detected..One other thing, after nmap scan, printers look like printers in the workspace.Also routers may look like a printer in the workspace....Did i miss something in translation?

@OTW : Thanks!! As always you never disappoint!

Suggesting alternative tools is a great way of empowering the builder.It brings other tools to light which can accomplish the needed results......

Probably you misunderstood what I wanted to say (my bad), for "strange printer" (I definitely had to use a better term there) I meant a printer which vendor is not famous therefore nmap doesn't find it in its database of fingerprints, not that printers have OSes like computers do (or maybe I misunderstood your last point).

So, if some routers can't be recognized by nmap but there's something in the broadcasted packet that reminds him of a printer, he might sign it as a printer.

Armitage is a great tool but I'm having some issues...
So here are the steps i took:
started Metasploit
started Armitage
Hosts > Add Hosts >
Selected Host
Attacks > Find Attacks
"Querying exploits"
"Attack Analysis Complete...
You will now see an 'Attack' menu attached to each host in the Targets window."

Problem is that option is not available to me...Why?
The only options available:
host >

What gives?

Hi everyone!

Being able to connect to a remote metasploit server looks great... It gave me an idea. lets say i install metasploit on someone's computer(1), make it run stealthily and i config port forwarding on their router to make the machine accessible. Does that mean i could be running armitage from anywhere and the machine actually issuing commands (if i have a meterpreter shell) would be computer(1)? Doesnt that look awesome as a way to conceal yourself?

tell me if i'm wrong i'd like to know why

Armitage ! it didn't bypass any XP machine yet

when you do Quick scan (nmap) what do you put in "enter scan range?"
do I put my Ip (doesn't work) my targets ip? or my network ip?

I tried using ifconfig and tried all of the ips that came up (how desperate I was...) and not a single one came up with a positive scan even though I have another computer connected to the same wifi

You put in a subnet or a range of IP's you want to scan. For instance, you can use CIDR notation such as

and how do I find it? :D thanks for any feedback ! works on all? like im trying to test it out on my other pc, its connected to the same wifi, I open up Armitage , and Nmap>scan os

and type as the host, and nothing shows up, what am I doing wrong? is their a specific address I have to use? and if so how do I find that specific address? thanks OTW! your last answer helped me a bit but im just trying to have a clearer view :D

Share Your Thoughts

  • Hot
  • Latest