© 2010 – MAD Security, LLC All rights reserved Team Operations Collaborate with Armitage and Metasploit

Overview Team Operations Teaming Features Architecture and Setup Session Passing Using External Tools Team Organization

Team Operations

Armitage Teaming User Experience –Single user-like –Local control of Metasploit Teaming Features –Real Time Communication –Data Sharing –Session Sharing

Features: Event Log

Features: Data Sharing

Features: Session Sharing

Architecture

Setup Perform these steps on shared server… Start Metasploit’s RPC daemon –msfrpcd -U username -P password –f Start Deconfliction server –armitage --server attack_server_ip username password Connect clients!

Setup

Setup

Session Passing Inject meterpreter into memory Point at any multi/handler you like Uses: –Send session to a friend –Duplicate your access

Session Passing Inject meterpreter into memory Point at any multi/handler you like Uses: –Send session to a friend –Duplicate your access

Session Passing Inject meterpreter into memory Point at any multi/handler you like Uses: –Send session to a friend –Duplicate your access

External Tools In a team environment, not everyone will use Armitage –Everyone can still benefit from Armitage’s accesses Metasploit SOCKS proxy routes client traffic using pivot Web browsers may use a proxy server to connect

External Tools

Team Organization Split team into roles –Attack –Multiple post-exploitation roles Distribute attacks Centralize post-exploitation

Team Organization Use Armitage on big screen Event log augments existing communication channel External tools may play too (not everyone needs Armitage)

Summary Team Operations Teaming Features Architecture and Setup Session Passing Using External Tools Team Organization