armitage
armitage copied to clipboard
Armitage host Attack Analysis not finding exploits
I'm using Kali Linux 2019.1. I've been using Armitage for a long time, but after I updated Kali (1 week ago) there is a problem now. The "Find attack" option in Armitage doesn't show the attack tab when right-clicking the hosts. When I click Find attacks, I get the usual message that the attacks have been found (without any loading, I get the message immediately) and nothing is done. Hail Mary also won't execute any attacks, because none are found. Other than this problem, everything else is working fine. I also tried running msfd init, msfdb init, and msfdb start but the problem persists. So basically, the problem appeared AFTER upgrading my Kali version (I did a 'apt full-upgrade'). First thing I did was search for fixes online but I was only able to find posts with NO ANSWERS like this: https://null-byte.wonderhowto.com/forum/armitage-cant-show-attack-menu-host-0177888/. No answers in there. I also read the whole official FAQ: http://www.fastandeasyhacking.com/faq, but I didn't find any reference to my problem. I searched github too, but sadly no answers there as well. OK so the problem goes like this: I start Metasploit v5 (msfd init), then PostgreSQL, then Armitage. Armitage starts fine without any errors or bugs. Then I add a host. Again, there are no problems. The host(s) appears in the database and I can see it clearly (a black monitor). I then run a scan (nmap or metasploit scan, I've tried them both). The scan runs without errors and when it's finished, I get the following message: "Scan Complete! Use Attacks->Find Attacks to suggest applicable exploits for your target". So naturally, I go to Attacks->Find Attacks and I click it. The Find Attacks option is supposed to find applicable exploits for the target, it's supposed to show a loading bar but it won't load at all. Now that's the problem that I'm talking about. The Find attacks option won't do its job after upgrading Kali. I click it and the loading bar doesn't show and attacks are simply not found. After clicking Find Attacks I actually get a message which goes like this: "Attack Analysis Complete... You will now see an 'Attack' menu attached to each host in the Targets window. Happy hunting". However, when I go to Target options, no such menu appears (Attack menu).
I've noticed the exact same problem this week when using armitage with no luck on finding or creating a solution. As mentioned above, everything else in armitage seems to work ok. I also uninstalled armitage, msfdb remove, service postgresql stop, reboot, apt-get install armitage, service postgresql start, msfdb init. After clicking 'Find Attacks' I get message: "Attack Analysis Complete... You will now see an 'Attack' menu attached to each host in the Targets window. Happy hunting!" immediately. No progress window before and no attack menu when right-clicking hosts. sysinfo: Linux kali 4.19.0-kali4-amd64 #1 SMP Debian 4.19.28-2kali1 (2019-03-18) x86_64 GNU/Linux Distributor ID: Kali Description: Kali GNU/Linux Rolling Release: 2019.1 Codename: n/a
@WestJohnny Try downloading ISO:
Kali Linux 64 Bit | HTTP | Torrent | 3.3G | 2019.1a | 2d23cf0b35285ba68111154f169efa87fbb9ff618e68ea4cf6bd1023215d063e
https://www.kali.org/downloads/
Created a new VM then installed from ISO. Armitage works (Find Attacks) like it suppose to for me on this new box.
"Happy Hunting!" EDIT After apt-get update and apt-get upgrade, armitage broke again, same as above in original post.
I have a fork with some additions over at https://github.com/kimocoder/armitage
Try that
Same for me. Grabbed ISO, apt update && apt -y full-upgrade, and I see the same behavior.
Tried Armitage with latest Kali and have the same issue.
Same issue
Same. Latest weekly build of Kali.
@WestJohnny. What version of java does that build have? After update, did java version change? I'm suspecting its a java update issue. While not always good try downgrading java and see if it fixes it. I'm going to do myself and try to compile for it on android and let you know what happens.
@nafwa03
root@kali:~# java -version
openjdk version "11.0.3" 2019-04-16
OpenJDK Runtime Environment (build 11.0.3+1-Debian-1)
OpenJDK 64-Bit Server VM (build 11.0.3+1-Debian-1, mixed mode, sharing)
I tried downgrading to openjdk-8, changed alternatives for both javac and java but armitage is still not working correctly (not finding attacks).
@d2-d2 Yeah I tried that too..was worth a shot. Digging into possible problem with one of the third party components. Interestingly it also appears that its not recognizing OS therefore not able to iterate through potential attacks. Rummaging through the code now.
@nafwa03 OS detection still works when you use nmap scan with OS detection module. Still, no attacks can be found.
Try to Armitage->Set exploit rank->poor
@spiny-smart interesting, that worked for me. Hail mary is not working though. Exploits are failing (tested on DVL, vsftpd backdoored 21/ftp service.
Samme error here can't run Hail Mary: root@kali:~# java -version java version "11.0.2" 2018-10-16 LTS Java(TM) SE Runtime Environment 18.9 (build 11.0.2+7-LTS) Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11.0.2+7-LTS, mixed mode)
root@kali:~# lsb_release -a No LSB modules are available. Distributor ID: Kali Description: Kali GNU/Linux Rolling Release: 2019.2 Codename: n/a
I have installed Java 11.0.2 my self, but I can't run a Hail Mary. And I have noticed that my hostes misses there OS icon.
I have just runned a: root@kali:~# apt-get update && apt-get -y upgrade && apt-get -y dist-upgrade
Have also tested: root@kali:~# apt update && apt -y full-upgrade
But armitage is not working completly.
Thanks, Nenad
I know its on the official bug tracker but I have been able to narrow it down to connectivity to the postgres database. Not a connectivity per say but potential change in db field or something down that line.
Still issue, hope that this can help someone to find the error:
root@Dragic:~# msfrpc -U msf -P test -f -S -a 127.0.0.1
Traceback (most recent call last):
13: from /usr/bin/msfrpc:83:in <main>' 12: from /usr/share/metasploit-framework/lib/msf/core/rpc/v10/client.rb:57:in
login'
11: from /usr/share/metasploit-framework/lib/msf/core/rpc/v10/client.rb:105:in call' 10: from /usr/share/metasploit-framework/lib/msf/core/rpc/v10/client.rb:150:in
send_rpc_request'
9: from /usr/share/metasploit-framework/lib/rex/proto/http/client.rb:210:in send_recv' 8: from /usr/share/metasploit-framework/lib/rex/proto/http/client.rb:229:in
_send_recv'
7: from /usr/share/metasploit-framework/lib/rex/proto/http/client.rb:244:in send_request' 6: from /usr/share/metasploit-framework/lib/rex/proto/http/client.rb:177:in
connect'
5: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/rex-socket-0.1.17/lib/rex/socket/tcp.rb:28:in create' 4: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/rex-socket-0.1.17/lib/rex/socket/tcp.rb:37:in
create_param'
3: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/rex-socket-0.1.17/lib/rex/socket.rb:49:in create_param' 2: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/rex-socket-0.1.17/lib/rex/socket/comm/local.rb:33:in
create'
1: from /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/rex-socket-0.1.17/lib/rex/socket/comm/local.rb:263:in create_by_type' /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/rex-socket-0.1.17/lib/rex/socket/comm/local.rb:298:in
rescue in create_by_type': The connection was refused by the remote host (127.0.0.1:55553). (Rex::ConnectionRefused)
root@Dragic:~#
root@Dragic:~# nmap -sS 127.0.0.1 -p 55553 Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-11 11:11 CEST Nmap scan report for localhost (127.0.0.1) Host is up (0.000039s latency).
PORT STATE SERVICE 55553/tcp closed unknown
Nmap done: 1 IP address (1 host up) scanned in 0.19 seconds root@Dragic:~#
hello every one ! i have try parrot os latest version and kali linux latest version ... and i have the same problem too with all debian based distro
any answers for this issue from armitage creators
hello everyone I have found the solution to "fix armitage not launching attacks in kali" First you need klik on "Armitage" and go to "Set Exploit Rank" and put it on "Poor".
it works voor me!!
I hope it works for you too!!!!
here under is a url: image how it works
(https://user-images.githubusercontent.com/48694304/66708813-00a10100-ed57-11e9-9681-b5db0a6a18a4.png)
this is not a solution as this option will have you use only the exploit categorized as poor in an automated scan/attack. All the best exploit will therefore not be available, at-least not automatically, this makes it much harder to run scans when when you now have to search through manually
have u tried to use older versions? @Moustafaab this means u need to evaluate every single modul... its obviously not a "propper" solution.
Hi I also have the same problem Everything was upgraded and the problem was exactly the same
The same to you.
same to me
Yeah still not working after updated kali box.. if ya'll looked at the terminal you would see the real problem:
WARNING: Attempted to use foreach on non-array '' at attacks.sl:667
I presume that's the issue? Can also confirm it works before upgrading the box and then after upgrading it fails.
Same problem for me. I am using Parrot Security OS virtualbox and this shows up:
and then
Still Nothing
I have already set the exploit rank as poor
I have the same problem can i help me please, poor is not work for me!!
@WestJohnny do toi Know the issues?
setting the exploit to poor made the search work for me on the kali current repo version - however: ** Exploits launched through armitage failed - despite the same exploits working when invoked directly from metasploit** . worse case scenario stuff really
Mine worked after setting it to normal but the hail mary still didn't run properly
[Problem resolved] I have the same problem with running Kali version 5.3.0 -kali2), I have an old copy of Kali Linux (4.19.0), I try to access to a vitim machine (Metasploitable2) throught Armitage it work's, everythings is fine.
Not really a resolution just rolling back to a former kali version, theres a ton of bugs you'll be subject to again by rolling back all packages
Try to Armitage->Set exploit rank->poor Thx! It worked on: Distributor ID: Kali Description: Kali GNU/Linux Rolling Release: 2020.2 Codename: kali-rolling
The problem lies with Armitage and Metasploit 5.0. Rapid 7 changed some things and rsmudge is busy keeping Cobalt Strike up-to-date. Rather then try and get permission to commit the changes and I'd rather not be a maintainer, I've fixed the biggest problem of the find attacks not working. I hate that Armitage "always" chooses a random port when using a reverse connection, so I stopped that. And finally I added a few more host types and pictures, like voip, camera, and plc. I've placed the file on tinyupload.com which means all of the major browsers are going to try and stop you from downloading it. You will have to decide if you trust it or not. The filename is armitage.tgz and you'll need to extract it into /usr/share/armitage replacing all the files in that directory. The easiest way to trust it is to fire up a kali virtual machine you don't care about and give it a try.
I WILL NOT take requests for enhancements. Don't ask.
One last note: Armitage sucks and Java sucks. It's broken and will continue to break more as time goes on.
This update is just life support.
Here's the url: http://s000.tinyupload.com/index.php?file_id=90335440015618326725
If you try it and it works like I said, add a message indicating so.
Good luck.
The problem lies with Armitage and Metasploit 5.0. Rapid 7 changed some things and rsmudge is busy keeping Cobalt Strike up-to-date. Rather then try and get permission to commit the changes and I'd rather not be a maintainer, I've fixed the biggest problem of the find attacks not working. I hate that Armitage "always" chooses a random port when using a reverse connection, so I stopped that. And finally I added a few more host types and pictures, like voip, camera, and plc. I've placed the file on tinyupload.com which means all of the major browsers are going to try and stop you from downloading it. You will have to decide if you trust it or not. The filename is armitage.tgz and you'll need to extract it into /usr/share/armitage replacing all the files in that directory. The easiest way to trust it is to fire up a kali virtual machine you don't care about and give it a try.
I WILL NOT take requests for enhancements. Don't ask.
One last note: Armitage sucks and Java sucks. It's broken and will continue to break more as time goes on.
This update is just life support.
Here's the url: http://s000.tinyupload.com/index.php?file_id=90335440015618326725
If you try it and it works like I said, add a message indicating so.
Good luck.
I still have no success with the 'Find Attacks' on any Exploit Rank other than 'Poor' I believe I have set it up correctly as in the 'About' menu I can see the text: ** Special Update: 20 May 2019 by Anonymous ** To work with Metasploit 5.0
I am using the latest version of Kali and Armitage states it is version 1.4.11i
Thank you for your assistance.
only wirte - sudo rm /usr/share/metasploit-framework/modules/exploits/linux/misc/saltstack_salt_unauth_rce.rb in the terminal and it will work out. I do not appear in Armitage attacks after I have already done Find attacks can help me?
hi world same to me i set exploit to poor and it works
only wirte - sudo rm /usr/share/metasploit-framework/modules/exploits/linux/misc/saltstack_salt_unauth_rce.rb in the terminal and it will work out. I do not appear in Armitage attacks after I have already done Find attacks can help me?
It didn't help me. I still get this stuck during the exploits loading
The problem there is that there is an exploit that does not work. You need to see which exploit is not working and register it for example - exploits / linux / misc / saltstack_salt_unauth_rce. And the extension .rb then it should delete. Hope I helped :) I would be happy if you help me ...
You need to see which exploit is not working and register it for example - exploits / linux / misc / saltstack_salt_unauth_rce. And the extension .rb then it should delete.
That is why I deleted this file as I said earlier. It didn't help to me