© 2010 – MAD Security, LLCAll rights reserved

Team OperationsCollaborate with Armitage and Metasploit

Overview

• Team Operations• Teaming Features• Architecture and Setup• Session Passing• Using External Tools• Team Organization

Team Operations

Armitage Teaming

• User Experience– Single user-like– Local control of Metasploit

• Teaming Features– Real Time Communication– Data Sharing– Session Sharing

Features: Event Log

Features: Data Sharing

Features: Session Sharing

Architecture

Setup

• Perform these steps on shared server…• Start Metasploit’s RPC daemon

– msfrpcd -U username -P password –f• Start Deconfliction server

– armitage --server attack_server_ip 55553 username password

• Connect clients!

Setup

Setup

Session Passing

• Inject meterpreter into memory• Point at any multi/handler

you like• Uses:

– Send session to a friend– Duplicate your access

Session Passing

• Inject meterpreter into memory• Point at any multi/handler

you like• Uses:

– Send session to a friend– Duplicate your access

Session Passing

• Inject meterpreter into memory• Point at any multi/handler

you like• Uses:

– Send session to a friend– Duplicate your access

External Tools

• In a team environment, not everyone will use Armitage– Everyone can still benefit from Armitage’s accesses

• Metasploit SOCKS proxy routes client traffic using pivot

• Web browsers may use a proxy server to connect

External Tools

External Tools

Team Organization

• Split team into roles– Attack– Multiple post-exploitation roles

• Distribute attacks• Centralize post-exploitation

Team Organization

• Use Armitage on big screen• Event log augments existing

communication channel• External tools may play too

(not everyone needs Armitage)

Summary

• Team Operations• Teaming Features• Architecture and Setup• Session Passing• Using External Tools• Team Organization