Frequently Asked Questions

If you have a question--ask.

Getting Started (Kali Linux)

1. How do I run Armitage on Kali Linux?

Armitage is not distributed with Kali Linux. It is in the Kali Linux repository though. To install it, type:

apt-get install armitage

2. I get a database error on Kali Linux. How do I fix it?

Make sure the database is running. Use:

service postgresql start

Next, you may need to ask Kali to recreate the Metasploit framework database:

service metasploit start
service metasploit stop

Sometimes you need to do the above after an msfupdate as well.

3. Sometimes Armitage's menus stick (or I see graphic glitches)--how do I fix this?

Kali Linux comes with Java 1.6 and 1.7 pre-installed. Unfortunately, it defaults to Java 1.6 which has a few issues. You'll need to tell Kali Linux to use Java 1.7 by default. Here's how:

32-bit Kali Linux:

update-java-alternatives --jre -s java-1.7.0-openjdk-i386

64-bit Kali Linx:

update-java-alternatives --jre -s java-1.7.0-openjdk-amd64

Getting Started (Everything else)

4. Help! I updated Metasploit with msfupdate and Armitage no longer works

You have an old version of Metasploit installed. The msfupdate command updates the Ruby source code but it does not update the dependencies Metasploit and Armitage rely on.

Reinstall Metasploit. If you're a BackTrack Linux user--you must move over to Kali Linux. BackTrack Linux is no longer supported.

5. I can't get Armitage to work. I see ______ error. What do I do?

The best thing to do is search for a blog post written in poor English. The older the better. Try everything in this blog post and then email the developer telling him his software is broken. This is the right course of action--every time!

Actually, no. If you're stuck, read the Armitage startup troubleshooting guide. This same information is available if you click Help from the Setup dialog. It covers every startup error I have seen (with screenshots)

6. I do not see a Start MSF button, what is wrong with my Armitage?

Nothing. You're using the latest version of Armitage. The Start MSF button has been taken away. The Connect button now intelligently detects whether Metasploit is running locally or not. If Metasploit is not running, Armitage will ask you if you want it to start Metasploit. I suggest pressing Yes.

7. I use msfgui (Metasploit GUI) to start Metasploit's RPC daemon. Armitage won't connect, help!

You probably asked Metasploit GUI to start the Metasploit RPC server without SSL. Good job, Tiger! Armitage expects msfrpcd to listen for an SSL connection. An SSL client can't connect to a non-SSL server. It doesn't work.

Start Armitage and click Connect. This is all you need to do. Armitage will prompt you and ask if you want it to start Metasploit's RPC server.

I've seen a few videos and blogs misinform users that they should use msfgui to start Metasploit and then connect Armitage. I've never advised anyone to take this approach. I don't know where it came from. Let this be a lesson for you, read the official documentation and ignore the riff-raff.

8. Will you help me run Metasploit and Armitage on MacOS X or Windows?

No. I do not provide support for setting up Metasploit, its dependencies, and configuring your environment on MacOS X or Windows.

Using Armitage

9. Can Armitage exploit Windows 7 and Vista or is it Windows XP only?

I get this question, worded in this way, a lot. First, Armitage is a front-end that provides a workflow and collaboration tools on top of Metasploit. The correct question is: does Metasploit have attacks that work against Windows 7 and Windows Vista?

The answer is yes. Remote exploits against modern Windows versions are very rare. If you're hoping for this, please put these days behind you. Microsoft has a lot of smart people and they've put a lot of work into reducing mistakes that lead to exploitable conditions. They have also added mitigations to their software to make it harder to turn a programmer's mistake into an attack.

Attackers do what works and they have moved on. Now, to break into a modern system, you need to attack the applications the user is running and not the operating system. Client-side attacks against Internet Explorer, Firefox, Adobe Reader, Adobe Flash, Apple QuickTime, and Java are very common. Metasploit is the cutting edge of what's publicly available in this space.

Once you get a foothold, it's up to you to think like an attacker and use your position to gain access to other systems. There are resources available for your learning. I suggest that you go study them. If you're really serious about learning these ideas then invest in yourself and take a class.

10. Why can't I type in any of the tabs?

On Windows and MacOS X you have to click in the editbox to focus the input area and type. This is a known issue. The editbox is at the bottom of the tab. Just click in it until you see a blinking cursor.

11. Armitage picked the wrong LHOST, how do I fix it?

Type:

setg LHOST [your IP address]

That's it. Armitage uses this value to tell reverse connect attacks where to connect to. You do not need to reset Armitage's listener when you change this value.

12. I can't get any exploits to work. What am I doing wrong?

Start with something that you know is exploitable. I recommend downloading the Metasploitable virtual machine. Hacking this will give you confidence that yes, exploits work and yes, you're probably using Metasploit correctly.

Not all exploits work in all situations. Remember that you're sending code to a system that is meant to trigger a flaw. If a firewall is on, then maybe the data isn't getting to the service. Maybe you're running a version of the software that no longer has the flaw.

Metasploit is not a magic key into other systems. Knowing what to use in different situations is a skill and it comes with experience.

13. Why do the hosts in the targets area move back after I move them?

Armitage automatically arranges the hosts in the targets area by default. You can turn this behavior off. Make sure no host is selected and right-click inside the targets area. Go to Auto Arrange -> None.

14. What are the warning messages in the console I launched Armitage from?

These are harmless. They're debug output for me to read. I was too lazy to remove them. They always have the form Warning: some message here at file.sl:##. The scary "Warning" text is from the warn function in the language I used to write Armitage. Ignore it.

15. How do I use Armitage against an Internet address?

There are no restrictions in the software. I recommend experimenting with virtual machines on a private test network. If you choose to use this tool against an internet host, make sure you have a letter of permission from the system's owner.

Meta

16. What's the best way to learn how to use Armitage for Metasploit?

There are a lot of resources on both Armitage and Metasploit available to you. Here's a recommended order for you:

  1. Penetration Testing with Cobalt Strike. This is a seven-part video series with a lot of demonstrations. It will take you through the entire hacking process using Armitage's big brother Cobalt Strike. Lectures 3 and 4 are Cobalt Strike specific. The rest of the material applies to Armitage. This series is an update to last year's Armitage and Metasploit Training.
  2. Hacking Linux with Armitage. This article will take you through the entire network attack process using Armitage and the freely available Metasploitable virtual machine as a target. I recommend reading this article and reproducing each step in it.
  3. Get in through the backdoor: Post-exploitation with Armitage. Many folks ask me how to hack a modern operating system (e.g., Windows 7) using Armitage. This article in Hakin9 will show you how to do this. You'll need to download the PDF of this issue to read the article.
  4. The Armitage Manual. Technically you should read this first. But, if you didn't--I'll forgive you. This manual is a reference for Armitage. It doesn't give context like these other resources do. Still, you should read it to understand what Armitage can do and the technical details of setting up different features. This manual is always accurate with the latest version of Armitage.
  5. Metasploit Unleashed. This is a free course offered by the Offensive Security folks. To be really effective with Armitage, you'll need to understand Metasploit. This course takes you through a lot of what Metasploit can do.

As a penetration tester, I find tools give me about 15% of what I need. The rest of my work is problem solving, system administration, and luck. If you want to learn how to hack, don't neglect these skills either. Here are a few other recommended items:

  • De-ICE Pen Test LiveCD. These CDs are self-contained scenarios requiring you to use problem solving and Linux knowledge to penetration test a fake company. Keep in mind, the answers are not obvious.
  • Penetration Testing and Vulnerability Analysis. This is a great course at NYU-Poly that will help you understand hacking from the perspective of the exploit developer.
  • OWASP WebGoat Project. This is a LiveCD environment with several web application attack scenarios. It will guide you through the very basics of conducting a web application assessment.

17. Will you teach me to hack?

If you want my views on the hacking process and how to do it, then ask your organization to invite me to teach a course at your location. I have materials, labs, and an exercise for a threat emulation course. I've given this course several times now and my students have taken a lot from it.

18. Why does Armitage exist?

I've met too many security professionals who don't know how to use Metasploit. Sadly, I was one of them. I've always felt Metasploit could use a non-commercial GUI organized around the hacking process. So, I made Armitage

Armitage exists to help security professionals better understand the hacking process and appreciate what's possible with the powerful Metasploit framework. Security professionals who understand hacking will make better decisions to protect you and your information.

19. I'm a journalist (or a blogger), do you have images and other media that I may use?

Yes. Feel free to embed any of the screenshots or videos into your article or blog post. If you'd like higher resolution images, I'll provide PSD files of the key Armitage graphics on request. Contact me and I'll do my best to respond quickly.