Pages

1/15/2011

In Attempt to run Armitage on Linux Mint 10

I'm currently using Linux Mint 10. Why? because it is easy to use after install and it's good for using in daily life, which is true.
But when it comes to server part or hacking, I cannot do anything at all.
Maybe because I'm running the desktop edition, so no package for apache, postgresql, mysql or Sun-Java6(which is not server). And to re-install any new OS again would be tremendous work for me right now.

I wanted to play with Armitage from the day I saw it released, but I just had time to play with it today.
Anyhow, to use Armitage, it requires one database(for metasploit), and Sun's Java (Armitage is running on Java JVM). Unfortunately, I couldn't find it in Synaptic. I need to install it myself.
So, I went to Ubuntu package search and did a search for the package that I think I need.

Installing PostgreSQL
There's no postgresql in Mint. Hopefully, I can find it from Ubuntu repository.
I found that all the required packages are in both security & main repository, for that I added them all. (either use synaptic, or add them into /etc/apt/sources.list )
deb http://security.ubuntu.com/ubuntu maverick-security main
deb http://www.gtlib.gatech.edu/pub/ubuntu/ maverick main
update the package list, then installing postgresql with these command
sudo apt-get update
sudo apt-get install postgresql

this packages are come from ubuntu

After this, it's time to configure the postgresql server.

In the installation process, it will create user named "postgres" in the system for me.
This user acts in the postgresql server's admin role. 
Note that the package creates for me (I don't know the password).
So, it'd be a good idea to change password, both on database server and system.
sudo su - postgres -c psql
ALTER USER postgres WITH PASSWORD ‘password’;
\q
sudo passwd -d postgres
sudo passwd postgres

Next, configuration files:
sudo gedit /etc/postgresql/8.2/main/postgresql.conf

#listen_addresses = ‘localhost’
change to
listen_addresses = ‘*’

#password_encryption = on
change to
password_encryption = on

sudo gedit /etc/postgresql/8.2/main/pg_hba.conf
change "indent" to "md5"

sudo service postgresql restart

Now Postgresql should be up and running.

Installing Sun's Java
It's a recommendation from Armitage that we "must" run it on Sun's Java JVM  (using package "sun-java6-jdk, not OpenJDK which was installed before by Mint).
It's very tricky part, since Mint doesn't provide any Sun's JDK package. 
Therefore I need to install a third-party repository, again. (-__-)
sudo add-apt-repository ppa:sun-java-community-team/sun-java6 
sudo apt-get update
This time, it's in PPA, but it's based on Ubuntu version anyway.

REMEMBER to completely remove any OpenJDK out of the system.
It's a good idea to remove EVERY java package first before installing this (including sun-java-jre).

Then, just install this package  "sun-java6-jdk"
sudo apt-get install sun-java6-jdk

To make sure that's correct version running.
Try this command in console.
java -version
It should show like this.
or try
update-java-alternatives -l
It'll show:
java-6-sun 63 /usr/lib/jvm/java-6-sun


Finally, all pre-requisite is done.
It's time to play with Armitage.


First create new user for metasploit in PostgreSQL server.
In this case, I'll use "msf" and "msfpass" as username and password, and I'll give it SuperUser priviledge.
sudo su - postgres
psql
CREATE USER msf WITH SUPERUSER password 'msfpass';
CREATE DATABASE msf3db;
\q
sudo service postgresql restart

Second step, is to run metasploit in RPC mode
make sure that there is no previous connection file in
/opt/metasploit/config   (possible name is database.yml)
to run metasploit in RPC mode, use this command
sudo msfrpcd -f -U msf -P test
** -f means running in foreground
 -U username
 -P password

At this point, we should have PostgreSQL running with username "msf", Java=Sun's Java
and metasploit running and extracted files from Armitage.tar.gz
Then, it's ready to use.

run Armitage using
sudo java -jar armitage.jar

put in the parameters as
Host: 127.0.0.1
Port: 55553
SSL: yes
User: msf
Pass: test
DB driver: postgresql
DB connect string: msf:"msfpass"@localhost:5432/msf3db
click "Connect"

This is after nmap scan.
Every machine shows here. The black screen means OS is unidentified.
It's very cool that Armitage automatically filter down the attack vectors for you after the host is listed.
(using db_autopwn  , "by port" or "by vulnerability")

I'll learn to use it further more, then maybe i'll post another blog post (or VDO)

5 comments:

  1. dont forget to install nmap :)

    ReplyDelete
  2. Thank you for the tip for making it more complete.

    Nmap is the first tool I always install, so I haven't noticed it requires Nmap.

    ReplyDelete
  3. Thanks i have been trying for ages to get passed the authentication screen

    ReplyDelete
  4. Thanks. You really did a good job at collecting all this info. After several hours of installing mysql and trying to get it to work, I gave up and went with postgresql. I used this guide and got it working, but it kicked me off the db if I did anything that accessed it.

    Though a lot of people say you don't have to sudo, I couldn't run nmap without sudo. My sql d/c problem came from permission problems with the config file. Apparently armitage runs db_connect repeatedly with values in database.yml. Once I changed permissions, everything ran smoothly.
    [metasploit install]\config\database.yml

    ReplyDelete
  5. Beginning the Linux framework can be as straightforward as turning on the force switch of your PC. In the event that Linux is designed to auto load, Linux will be up and pursuing a few moments.Conkey Themes

    ReplyDelete