Hacking a Network with Armitage 12-09-2012, 07:34 PM
#1
Hello,
Today I am going to show you how to 'hack' a network. (hack being the generalized term now) But lets get started.
When you are going to break into a network for a pentest or for some other reason it revolves around a few steps.
1.) Research
2.) Recon
3.) Breaking into said network
4.) more recon to find hosts
5.) exploiting these hosts
6.) finding more targets.
You first want to do research on your target finding info out about them that can be useful in the upcoming things. The we go on to recon. Here is where you find potential vulnerabilities, physical and on the net. If you can only access it through ethernet, is there an open plug? Is the wifi open? If not can it be cracked? once you are in the network you will use a network scanner like Angry IP scanner to see how many host are alive quickly by switching the delay down, maximum threads up, and show only alive hosts. Take note of these and scan them with nmap/zenmap or a vulnerability scanner like OpenVAS or Nessus to see what services and vulnerabilities are listed. then save your scan and bring it to a network exploitation framework like metasploit, or the Armitage front end and import your scan. Find a vulnerable target and exploit the target to get a meterpreter session or a shell on the host. once you are in the host run a arp scan and set up pivoting as you attack other hosts on the network. Then if this is a pentest that would be it for the actual exploitation and on to the reporting. If this were not a pen test you can do many things like migrate your meterpreter session and start key logging or put a backdoor in and access it later or make it part of a botnet that speaks to a dns. The possibilities are endless if you have the mind for it.
Today I am going to show you how to 'hack' a network. (hack being the generalized term now) But lets get started.
When you are going to break into a network for a pentest or for some other reason it revolves around a few steps.
1.) Research
2.) Recon
3.) Breaking into said network
4.) more recon to find hosts
5.) exploiting these hosts
6.) finding more targets.
You first want to do research on your target finding info out about them that can be useful in the upcoming things. The we go on to recon. Here is where you find potential vulnerabilities, physical and on the net. If you can only access it through ethernet, is there an open plug? Is the wifi open? If not can it be cracked? once you are in the network you will use a network scanner like Angry IP scanner to see how many host are alive quickly by switching the delay down, maximum threads up, and show only alive hosts. Take note of these and scan them with nmap/zenmap or a vulnerability scanner like OpenVAS or Nessus to see what services and vulnerabilities are listed. then save your scan and bring it to a network exploitation framework like metasploit, or the Armitage front end and import your scan. Find a vulnerable target and exploit the target to get a meterpreter session or a shell on the host. once you are in the host run a arp scan and set up pivoting as you attack other hosts on the network. Then if this is a pentest that would be it for the actual exploitation and on to the reporting. If this were not a pen test you can do many things like migrate your meterpreter session and start key logging or put a backdoor in and access it later or make it part of a botnet that speaks to a dns. The possibilities are endless if you have the mind for it.
Learning is the easy part. Putting it to use...now that's the hard part which still isnt very hard but is limited to your imagination.
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)
this is why I practice alot with Metasploit and armitage x3
![[Image: JJR.jpg]](https://dl.dropboxusercontent.com/u/18819048/JJR.jpg)
