© 2010 – MAD Security, LLC All rights reserved Team Operations Collaborate with Armitage and Metasploit.

© 2010 – MAD Security, LLCAll rights reserved

Team OperationsCollaborate with Armitage and Metasploit

Overview

• Team Operations• Teaming Features• Architecture and Setup• Session Passing• Using External Tools• Team Organization

Team Operations

Armitage Teaming

• User Experience– Single user-like– Local control of Metasploit

• Teaming Features– Real Time Communication– Data Sharing– Session Sharing

Features: Event Log

Features: Data Sharing

Features: Session Sharing

Architecture

Setup

• Perform these steps on shared server…• Start Metasploit’s RPC daemon

– msfrpcd -U username -P password –f• Start Deconfliction server

– armitage --server attack_server_ip 55553 username password

• Connect clients!

Setup

Setup

Session Passing

• Inject meterpreter into memory• Point at any multi/handler

you like• Uses:

– Send session to a friend– Duplicate your access

Session Passing


you like• Uses:


Session Passing


you like• Uses:


External Tools

• In a team environment, not everyone will use Armitage– Everyone can still benefit from Armitage’s accesses

• Metasploit SOCKS proxy routes client traffic using pivot

• Web browsers may use a proxy server to connect

External Tools

External Tools

Team Organization

• Split team into roles– Attack– Multiple post-exploitation roles

• Distribute attacks• Centralize post-exploitation

Team Organization

• Use Armitage on big screen• Event log augments existing

communication channel• External tools may play too

(not everyone needs Armitage)

Summary

• Team Operations• Teaming Features• Architecture and Setup• Session Passing• Using External Tools• Team Organization

© 2010 – MAD Security, LLC All rights reserved Team Operations Collaborate with Armitage and Metasploit.

Documents

team environment

access external toolsin

multihandleryou likeuses

proxy server

data sharing features

event log features

server attack

mad security