|PREVIEW eForensics Magazine 2017 04 Exploitation with Armitage.pdf|
About this eBook
This eBook is based on online course materials published at eForensics Magazine. You can use this publication as a standalone guide on how to add Armitage to your pentesting toolbox. You will learn how to set it up, test it, prepare for a penetration test with it, and finally, use it for targeted attacks – unless you want to see what a Hail Mary does!
The course introduces students to Armitage using five vulnerable machines (Windows XP, Windows 7, OWASP, BEE-BOX, and Metasploitable 2) which will be utilized for the purpose of testing our scanning and exploitation. It will also introduce the students to Tenable’s Nessus Vulnerability Scanner, Zaproxy, and OpenVAS. Finally, it will make use of the information gathered in order to implement exploits using Armitage.
What will you learn?
- Awareness of Armitage and what it is used for
- Awareness of 5 vulnerable virtual machines
- Awareness of multiple vulnerability scanners
What skills will you gain?
- Ability to use Armitage to scan and exploit systems
- Ability to scan for vulnerabilities using Nessus, Zaproxy, and OpenVAS
- Ability to use Kali Linux 2
What will you need?
- Computer with: 4gb RAM, 50GB disk space, 1 gigahertz (GHz) or faster x86-bit or x64-bit processor.
What should you know before you start?
- How to use VMPlayer
- How to use Nessus
- Kali Linux 2 knowledge
- Basic Linux commands
About the author
Paul Janes CISSP, GIAC GISP is President of CoreTriad, LLC, a locally owned company that specializes in vulnerability assessments for small businesses and develops online training for cybersecurity professionals. He is a subject matter expert most recently involved in the development of an accredited Cyber First Responder Certification and is a speaker for industry security conferences.
Paul has over 19 years experience in IT Security at a local Fortune 500. Areas of expertise include Vulnerability Assessments, Penetration Tests, (DLP) Data Loss Prevention, Risk Management, Project Management, and Server Management. Paul graduated with distinction from Capella University with a Master’s degree in Information Assurance and holds a Bachelor’s degree in Computer and Information Studies from Syracuse University.
In addition to what you can find here, the workshop contains video materials and exercises. You can find a discount code for the course inside this eBook, and the publication is included in the workshop for free!
Table of contents
Introduction; Kali Linux Update; Install Nessus; Windows XP scan without credentials; Windows XP scan with credentials; Windows 7 scan without credentials; Windows 7 scan with credentials; Metasploitable 2 scan; BeeBox scan.
Zaproxy; OpenVAS; Nessus; Zaproxy Scan of BeeBox; OpenVAS setup of Metasploitable 2; OpenVAS scan of Metasploitable 2; Nessus scan OWASP
Introduction to Armitage; Armitage setup – Metasploitable 2; Armitage setup – OWASP; Armitage setup – Beebox; Armitage setup – Windows 7; Armitage setup – Windows XP; Our first exploit; Clean Up; Windows 7 exploit?
Nessus reports; Zaproxy report; OpenVAS report; Attacks with Armitage; Attacks with Armitage – Windows XP; Attacks with Armitage – Metasploitable 2; Attacks with Armitage – OWASP