• Training
    • Overview
    • Schedule
    • Catalog
    • Training Reviews
    • Delivery Options
    • About Our Training
    • Exam Pass Guarantee
    • Student Funding
    • Alpine Security GSA Schedule
    • DoD 8570/8140 Approved Training
  • Services
    • Overview
    • Medical Device Cybersecurity
    • CISO-as-a-Service
    • Penetration Testing
    • DFARS and CMMC Compliance Audit
    • Breach Prevention Audit
    • Cybersecurity Risk Management Program
    • Enterprise Security Audit
    • Alpine Services Reviews
  • Blog
  • News
  • About Us
    • About Us
    • Meet The Team
    • Why Alpine?
  • Contact
CISO Global (formerly Alpine Security)CISO Global (formerly Alpine Security)
CISO Global (formerly Alpine Security)CISO Global (formerly Alpine Security)
  • Training
    • Overview
    • Schedule
    • Catalog
    • Training Reviews
    • Delivery Options
    • About Our Training
    • Exam Pass Guarantee
    • Student Funding
    • Alpine Security GSA Schedule
    • DoD 8570/8140 Approved Training
  • Services
    • Overview
    • Medical Device Cybersecurity
    • CISO-as-a-Service
    • Penetration Testing
    • DFARS and CMMC Compliance Audit
    • Breach Prevention Audit
    • Cybersecurity Risk Management Program
    • Enterprise Security Audit
    • Alpine Services Reviews
  • Blog
  • News
  • About Us
    • About Us
    • Meet The Team
    • Why Alpine?
  • Contact

7 Steps to Hack a Target with Virtually No Experience

7 Steps to Hack a Target with Virtually No Experience

Here are seven steps to exploit a vulnerable system with almost no experience.

 Owned Target!

Owned Target!

Disclaimer: You need written permission/authorization to perform a penetration test (hack) on a system owned by someone else. Yes, even if it is someone you know or a friend. Remain ethical – run your tests against your own targets or obtain permission (written).

Setup

  • Download the Prebuilt Kali Linux VMware or VirtualBox Image.
  • Download VMware Workstation Player or VirtualBox.
  • Unzip Kali and open with VMware or VirtualBox.

Exploit

1. Log on to Kali (root/toor).

2. Create the Metasploit database by opening a terminal window and running “msfdb init”:

 Metasploit msfdb init

Metasploit msfdb init

3. Run Armitage by typing “armitage” in the terminal window and hitting enter.

Accept the defaults for the rest of the Armitage screens:

 1. Armitage Metaspoit database connect screen

1. Armitage Metaspoit database connect screen


 2. Start Metasploit RPC server

2. Start Metasploit RPC server


 3. This is normal. Be patient - do not cancel.

3. This is normal. Be patient – do not cancel.

While the Metasploit RPC server starts in the background, you will see a connection refused message.  This is normal and should go away once the backend Metsaploit RPC server starts for Armitage (Metasploit GUI frontend).

Armitage should finally start and you should see a GUI:

 Armitage GUI

Armitage GUI

4. Choose the target (host or range of IP addresses) to attack:

Select “Add Hosts…”:

 Armitage Add Hosts... Menu Item

Armitage Add Hosts… Menu Item

Enter the target (hosts) IP addresses, then click Add.  In this example we entered 10.1.1.22.

 Armitage Add Hosts Window

Armitage Add Hosts Window

It may take a second for the target to appear in the Armitage target window.

5. Scan the target(s) for open ports, services, operating system, etc.

Right-click on the target and choose scan:

 Armitage Scan Target

Armitage Scan Target

When the scan is complete you should see a message at the very end in the Armitage “Scan” window that states “Scan complete in 12.345s”.  This means the scan is completely finished:

 Armitage Scan complete

Armitage Scan complete

6. Find Exploits

Click on “Attacks” in the Armitage menu, then select “Find Attacks”:

 Armitage Find Attacks

Armitage Find Attacks

It may take 30-45 seconds for the Progress to complete.  When finished you should get the “Attack Analysis Complete…” message:

 Armitage Attack Analysis Complete...

Armitage Attack Analysis Complete…

7.  Launch Exploit(s)

In this case, we’ll do a “Hail Mary” attack.  The Hail Mary is not very stealthy because it will try every attack that Armitage thinks may work against the target.  This is not very surgical, but often effective.

 Armitage Hail Mary Attack

Armitage Hail Mary Attack

Click on “Yes” to the Armitage Really?!? warning.

 Armitage Hail Mary warning

Armitage Hail Mary warning

 

If one of the many attacks the Hail Mary tried works, you may get a Meterpreter session, represented graphically by the lightning looking hands around the red target:

 Owned target

Owned target

 

From here you can do whatever you want…  Play around with the Meterpreter shell to dump hashes, take screenshots, log keystrokes, etc., from the victim:

 Meterpreter shell options

Meterpreter shell options

That’s it.  Congratulations on your hack!

Tags: ArmitageHackingHail MaryKaliMetasploit
Share

You also might be interested in

Black Hat vs White Hat Hackers
A black hat hacker is fencing with a white hat hacker 3D illustration internet security concept

Black Hat vs White Hat Hackers

Mar 9, 2018

Do Script Kiddies Carry Out Most Cyber Attacks?
Boy With Glasses Using Laptop Computer While Sitting on Desk at Home. Studying Concept.

Do Script Kiddies Carry Out Most Cyber Attacks?

Mar 19, 2018

Hacker Hat Colors: An Inside Look at the Hacking Ecosystem
Colorful hats isolated on white background

Hacker Hat Colors: An Inside Look at the Hacking Ecosystem

Mar 24, 2018

BLOG SEARCH:

Connect with Us

Interested in our cybersecurity training or services? Complete the form below and we’ll get back with you right away. We appreciate your interest.


Recent Posts

  • The State of Ransomware 2020
  • National Cybersecurity Awareness Month: 6 Things to Practice During the Month
  • Cybersecurity Checklist for Business Closures, Consolidations, and Acquisitions
  • What Is DevSecOps?
  • Cybersecurity and a Remote Workforce: What Does the Future Look Like?
  • 6 Penetration Testing Trends to Have on Your Cybersecurity Radar
  • Incorporating Privacy and Security by Design into MedTech
  • What is the Difference Between CMMC, DFARS, and NIST 800-171?
  • At Risk: Medical Device Cybersecurity Vulnerabilities Expose Patients to Life-threatening Consequences
  • 5 Reasons to Hire a Fractional CISO
  • Why Private Cybersecurity Training Matters for Your Organization
  • Is the CEH Certification Right For You?
  • Internal Penetration Test vs Vulnerability Assessment: Which is Right for You?
  • Best Beginner Cybersecurity Certification to Get
  • Penetration Testing for Compliance: The Top 5 Laws and Regulations that Require Testing

Alpine Security is a member of the CISO Global family of companies.

Contact Us:

  • CISO Global
  • 6900 E. Camelback Road, Suite 900 Scottsdale, AZ 85251
  • 480-389-3444
  • info@ciso.inc
  • www.ciso.inc

Get Info

About Our Training
About Our Services
Meet the Team
Blog
Terms of Use
Privacy Policy

Join The Community

  • Facebook
  • LinkedIn
  • Twitter
  • YouTube
  • Mail

Proud Partners

© 2021 · Alpine Security, a Cerberus Sentinel Company

Prev Next