Running Armitage in Kali 2022.02

Photo by Leyre on Unsplash

Photo by Leyre on Unsplash

A simple quick-start guide
Updated 6. June 2022

Armitage is a GUI frontend for Metasploit that makes it possible to use a mouse to attack and exploit systems.

In this article, I will provide a step-by-step guide on how to install and get Armitage up and running. This is intended to help students struggling with the Intro to C2 room on TryHackMe.

Installation

With Kali 2022.02, the installation of Armitage is very simple because it is a part of the Kali package repo, ready for quick and easy installation.

sudo apt install armitage

After the installation is completed everything you need to run Armitage can be called using global terminal commands on your attack box.

Start teamserver

Armitage uses a central C2 (Command and Control) server that you can connect to using the Armitage GUI. If you run Armitage locally you start the teamserver, and make it listen for connections to an IP address you define yourself. Please note that you should not start the teamserver on an interface that is publically accessible. To access the teamserver port forwarding should be used.

sudo teamserver 127.0.0.1 mySuperPassword
[*] Generating X509 certificate and keystore (for SSL)
[*] Starting RPC daemon
To use retry middleware with Faraday v2.0+, install `faraday-retry` gem
[*] MSGRPC starting on 127.0.0.1:55554 (NO SSL):Msg...
[*] MSGRPC backgrounding at 2022-06-04 17:51:03 -0400...
[*] MSGRPC background PID 9455
[*] sleeping for 20s (to let msfrpcd initialize)
[*] Starting Armitage team server

Initiate MSF database

Preapare the DB Armitage will use

sudo msfdb init
[+] Starting database
[+] Creating database user 'msf'
[+] Creating databases 'msf'
[+] Creating databases 'msf_test'
[+] Creating configuration file '/usr/share/metasploit-framework/config/database.yml'
[+] Creating initial database schema
To use retry middleware with Faraday v2.0+, install `faraday-retry` gem

Start Armitage

Connect to teamserver, and start working

armitage

This will open a connection prompt. Type in the management IP address of your team server, and supply the password you just defined when starting the teamserver.

Please note that if you started the teamserver on a non-loopback eg. real IP address, you must use that IP address to connect. In other words, if you started a teamserver on 127.0.0.1, you must connect to that IP address. Please note that you cannot start teamserver on a public-facing IP address..

Bilde / Image

Connect to teamserver

After you clicked connect, you will be prompted with a question to start a Metasploit RPC server. Click "yes". After a short loading period, including a "Connection refused" status below the progress bar, Armitage will load.

Bilde / Image

Successfully loaded Armitage

Congratulations, you now a running instance of Armitage in your lab 🎉