7 Steps to Hack a Target with Virtually No Experience

Here are seven steps to exploit a vulnerable system with almost no experience.

Owned Target!

Owned Target!

Disclaimer: You need written permission/authorization to perform a penetration test (hack) on a system owned by someone else. Yes, even if it is someone you know or a friend. Remain ethical - run your tests against your own targets or obtain permission (written).

Setup

Exploit

1. Log on to Kali (root/toor).

2. Create the Metasploit database by opening a terminal window and running "msfdb init":

Metasploit msfdb init

Metasploit msfdb init

3. Run Armitage by typing "armitage" in the terminal window and hitting enter.

Accept the defaults for the rest of the Armitage screens:

1. Armitage Metaspoit database connect screen

1. Armitage Metaspoit database connect screen

2. Start Metasploit RPC server

2. Start Metasploit RPC server

3. This is normal. Be patient - do not cancel.

3. This is normal. Be patient - do not cancel.

 

While the Metasploit RPC server starts in the background, you will see a connection refused message.  This is normal and should go away once the backend Metsaploit RPC server starts for Armitage (Metasploit GUI frontend).

Armitage should finally start and you should see a GUI:

Armitage GUI

Armitage GUI

4. Choose the target (host or range of IP addresses) to attack:

Select "Add Hosts...":

Armitage Add Hosts... Menu Item

Armitage Add Hosts... Menu Item

Enter the target (hosts) IP addresses, then click Add.  In this example we entered 10.1.1.22.

Armitage Add Hosts Window

Armitage Add Hosts Window

It may take a second for the target to appear in the Armitage target window.

5. Scan the target(s) for open ports, services, operating system, etc.

Right-click on the target and choose scan:

Armitage Scan Target

Armitage Scan Target

When the scan is complete you should see a message at the very end in the Armitage "Scan" window that states "Scan complete in 12.345s".  This means the scan is completely finished:

Armitage Scan complete

Armitage Scan complete

6. Find Exploits

Click on "Attacks" in the Armitage menu, then select "Find Attacks":

Armitage Find Attacks

Armitage Find Attacks

It may take 30-45 seconds for the Progress to complete.  When finished you should get the "Attack Analysis Complete..." message:

Armitage Attack Analysis Complete...

Armitage Attack Analysis Complete...

7.  Launch Exploit(s)

In this case, we'll do a "Hail Mary" attack.  The Hail Mary is not very stealthy because it will try every attack that Armitage thinks may work against the target.  This is not very surgical, but often effective.

Armitage Hail Mary Attack

Armitage Hail Mary Attack

Click on "Yes" to the Armitage Really?!? warning.

Armitage Hail Mary warning

Armitage Hail Mary warning

If one of the many attacks the Hail Mary tried works, you may get a Meterpreter session, represented graphically by the lightning looking hands around the red target: 

Owned target

Owned target

From here you can do whatever you want...  Play around with the Meterpreter shell to dump hashes, take screenshots, log keystrokes, etc., from the victim:

Meterpreter shell options

Meterpreter shell options

That's it.  Congratulations on your hack!

Additional Resources