Team Operations

1. Team Operations Collaborate with Armitage and Metasploit

2. Overview • Team Operations • Teaming Features • Architecture and Setup • Session Passing • Using External Tools • Team Organization

3. Team Operations

4. Armitage Teaming • User Experience • Single user-like • Local control of Metasploit • Teaming Features • Real Time Communication • Data Sharing • Session Sharing

5. Features: Event Log

6. Features: Data Sharing

7. Features: Session Sharing

8. Architecture

9. Setup • Perform these steps on shared server… • Start Metasploit’s RPC daemon • msfrpcd -U username -P password –f • Start Deconfliction server • armitage --server attack_server_ip55553 username password • Connect clients!

10. Setup

11. Setup

12. Session Passing • Inject meterpreter into memory • Point at any multi/handleryou like • Uses: • Send session to a friend • Duplicate your access

13. Session Passing • Inject meterpreter into memory • Point at any multi/handleryou like • Uses: • Send session to a friend • Duplicate your access

14. Session Passing • Inject meterpreter into memory • Point at any multi/handleryou like • Uses: • Send session to a friend • Duplicate your access

15. External Tools • In a team environment, not everyone will use Armitage • Everyone can still benefit from Armitage’s accesses • Metasploit SOCKS proxy routes client traffic using pivot • Web browsers may use a proxy server to connect

16. External Tools

17. External Tools

18. Team Organization • Split team into roles • Attack • Multiple post-exploitation roles • Distribute attacks • Centralize post-exploitation

19. Team Organization • Use Armitage on big screen • Event log augments existingcommunication channel • External tools may play too(not everyone needs Armitage)

20. Summary • Team Operations • Teaming Features • Architecture and Setup • Session Passing • Using External Tools • Team Organization