Jump to content

rsmudge

Active Members
  • Posts

    3
  • Joined

  • Last visited

Posts posted by rsmudge

  1. @bobbyb1980 here are two videos that will help you out:

    Armitage and Metasploit Training, part 5: Maneuver

    This video will show you how to setup a pivot, scan through a pivot, and attack hosts through a pivot

    Armitage and Metasploit Training, part 6: Team Tactics

    This video will show you how to setup a remote server as a "shared" Metasploit host. You'll also learn how to use proxychains to route externals tools through a pivot.

    The entire series if you're interested is at: http://www.ethicalhacker.net/content/view/379/1/

  2. @nomadpenguin You shouldn't use MySQL with Armitage. The Metasploit team uses postgresql. Also, there is a known issue where Metasploit updates fail to update the db tables properly when MySQL is in use. Armitage and Metasploit work with BackTrack 5 out of the box.

    Postgresql should always be running by default on BackTrack 5. If it's not (hence the "is the database running message?"), then you need to get it running. Type:

    /etc/init.d/framework-postgres start

    It'll either start or you'll see an error message. If you see bogus data in lock file "postmaster.pid" then you'll need to type the following:

    rm /opt/framework3/postgresql/data/postmaster.pid

    rm /opt/framework3/postgresql/.s.PGSQL.7175

    rm /opt/framework3/postgresql/.s.PGSQL.7175.lock

    /etc/init.d/framework-postgres start

    [see: http://www.backtrack-linux.org/forums/backtrack-5-beginners-section/41151-fatal-bogus-data-lock-file-postmaster-pid-help-please.html for the original thread on this issue].

    Also, Armitage has a nice Help button in the setup dialog now. Click that button to see every possible thing that I know can go wrong (and what the corresponding remedy is).

  3. If you're launching this exploit through Armitage's module launcher, then beware that Armitage will try to configure the payload for you. By default, LPORT is set to some random value. You'll also notice that DisablePayloadHandler is set to true by default as well. Together, these values instruct Metasploit to not start a new payload handler when launching the attack and to instruct meterpreter to connect back to that random port number (which by the way, isn't so random--Armitage has a meterpreter listener running there already). If you don't change LPORT and everything else is ok with the targeted environment, it'll work.

    If you want to change LPORT, go ahead. Just be sure to set DisablePayloadHandler to false.

    Optionally, double click the Payload option name (it'll have a thick cross next to it). This will open up a dialog to let you choose what kind of payload you want and whether a listener exists or should be started. This will update all of the payload related options at once and you can tweak from there.

    configurepayload.png

    This is explained in the documentation too. http://www.fastandeasyhacking.com/manual

    Now on to the exploit, be aware of a few things about this one:

    (1) ms11_003_ie_css_import does not like to be served over SSL. In my experience you won't get code execution when this happens

    (2) The ms11_003_ie_css_import requires that .NET 2.0 is installed on the target machine (necessary for the exploit)

    (3) The exploit does not trigger twice. If you use it, you have to reboot before you try it again.

    Since you're going after IE6, this exploit is not what I would use. I recommend trying ie_createobject or the ms10_002_aurora exploit

    Good luck.

×
×
  • Create New...