Académique Documents
Professionnel Documents
Culture Documents
==================
6 Mar 13 (2000h)
--------
- Fixed issue with additional team server connections reporting wrong
application and receiving a summary rejection by the team server.
24 Jun 12
---------
- Meterpreter -> Kill now uses session.stop RPC call
- Simplified code to stop a running job
- Added an option to disable TCP_NODELAY from the comamnd line:
Use this if you see "bad mac" SSL errors when connected to a
team server.
- Log Keystrokes tab now changes color when there is activity
- Randomized filename for USERPASS_FILE to allow multiple brute
forces to happen at once.
- Added a View item in the File Browser's popup menu. This will
let you quickly read several highlighted text files (it also
saves the files to the right place locally too)
21 May 12
---------
- Added a hack to prevent the input area from flickering when the
prompt changes.
- Updated the color palette to something a little more subtle.
- Added an optimization to how modules are launched. This will make
a difference for team use in high latency situations.
- Rewrote MSF Scans feature to use console queue. This option is more
reliable and it makes the code easier to follow.
- Added a hack to combine chat message writes with a read request.
This will make the event log more responsive in a high latency
situation (can't you tell I care about this "situation")
- Fixed text highlights through Ctrl+F on Windows. UNIX platforms
were always OK. Another good reason to not use these tools on
Windows. Ever.
- View -> Downloads Sync Files feature now works on Windows. It looks
like leaving those pesky :'s in the file paths is bad.
17 May 12
---------
- Fixed bug with loot/download viewer breaking with a font resize.
- Default console font color is now grey. I never noticed that I had
white text on a black background before. That's a lot of contrast.
This is adjustable too through Armitage -> Preferences.
- And... the Armitage console now displays pretty colors. If you don't
like colors, set the console.show_colors.boolean preference to false
through Armitage -> Preferences.
- Fixed a bug preventing input field from getting focus when popping a
console tab using Ctrl+W.
14 May 12
---------
- Oopserific--dynamic workspace shortcuts were not bound until you
clicked the Workspaces menu. I fixed that.
- Improved console pool's ability to detect a dead console. If you saw
"null" prompts in an open tab, it's because of a dead console. Fixed
- Bound Ctrl+Backspace to reset dynamic workspaces. Ctrl+0 is now back
to what it originally did (resetting the font size to default).
- Added Ctrl+T to take a screenshot of the active tab
- Added Ctrl+W to pop the active tab into its own window
- Armitage team server is now SSL enabled. The teamserver script (you
are using it, right?) generates a certificate for you using keytool.
The server presents the SHA1 hash of its certificate. Armitage users
have the opportunity to verify and trust the hash of the certificate
presented to them or to reject it and not connect.
- Added Ctrl+Left / Ctrl+Right to quickly navigate through tabs.
- Added a check to prevent clients from connecting to msfrpcd directly
when teaming is enabled.
- Fixed a bug that prevented command shells from opening on some sessions
- Team server client now caches certain calls to RPC server.
- Reworked the Loot/Downloads View button. Now, all highlighted files are
displayed in one View tab. This makes searching easier. Each file is
displayed with a colored header (to make it easier to tell when one file
ends and the other begins).
- Added Sync Files button to Loot/Downloads tabs when connected to a team
server. This button will download all files associated with the highlighted
rows and save them in the Armitage data directory.
7 May 12
--------
Note: Armitage team server setup has changed. Refer to the manual for
the latest information: http://www.fastandeasyhacking.com/manual#7
- Armitage team mode now routes all Metasploit-bound calls through the
deconfliction server. Armitage also pools "temporary" Metasploit
consoles. It's too bad this is logged as one change, because it's
more like twenty. These changes were motivated by a desire to avoid
triggering a race condition that was introduced w/ Metasploit 4.3.0.
http://dev.metasploit.com/redmine/issues/6829
On the bright side these changes will allow a lot more flexibility
to optimize how Armitage interacts with msfrpcd and to do some neat
things (like logging) in a centralized way.
- Module description (in module launch dialog) is now resizable.
- Added Ctrl+D keyboard shortcut to close active tab.
- Armitage now uses (more robust) console queue for launching post
modules, handlers, brute force attacks, and other things.
- Fixed a race condition in the Jobs tab refresh after killing a job
- Armitage now filters smb hashes from non-psexec/smb login dialogs.
- Added armitage.log_data_here.folder setting. This setting lets you
specify where Armitage will save its logs, downloaded files, and
screenshots. *cough* Some penetration testers like to dump everything
to an encrypted volume. *cough*. I apologize it took this long to
get this feature in place.
- Improved perceived responsiveness of a console interaction
17 Apr 12
---------
- Modified how Armitage determines a console command is complete to stay
compat with behavior changes in a recent Metasploit update.
- Armitage now queues console commands to prevent out of order execution.
16 Apr 12
---------
- The search field in the module browser now updates results in real time.
Start typing and Armitage will start filtering the module tree for you.
Clear the field to reset it to the default state.
- Added keyboard shortcuts to switch dynamic workspaces...
Ctrl+1 = first workspace
Ctrl+2 = second workspace
....
Ctrl+0 = show all
- Added keyboard shortcuts:
Ctrl+N = new console
Ctrl+O = open preferences
- Armitage's Meterpreter -> Access -> Dump Hashes -> lsass method is now
much better about grabbing all of the hashdump output and adding it to
the creds table. The hashdump command returns output as an arbitrary
number of chunks. I now use a different read strategy for determining when
the output is complete.
- You may now use Ctrl+Alt to deselect highlighted items in a range in the
Jobs and Workspaces table views (most other table views that do multi
selection should allow this already).
- Added Shell -> Pass Session for *NIX shell sessions. Uses the system_session
module to pass a shell session elsewhere (or duplicate the current shell)
29 Mar 12
---------
- Fixed a bug that affects first-time users. Armitage was not initializing a
console before trying to connect to the database.
28 Mar 12
---------
- Team server now delivers chat messages in batches vs. one line at a time.
This will make syncing on reconnect much better (in theory)
- Several optimizations to prevent unnecessary reads/calls to deconfliction
server when in team mode. This will primarily affect high latency situations.
- Use Shift+Click to close all tabs with the same name. This feature now closes
all tabs in the same group (e.g., all screenshots, file browsers, command
shells, etc.)
- Armitage now logs launches of the enum_dns module.
- Hosts -> DNS Enumerate now populates NS field with highlighted host.
- Armitage now adds a tooltip to tabs associated with a session. Hover your
mouse over a tab X button to see which host the tab is associated with.
- Fixed a potential exception caused when listing downloads.
- Created a queue to process certain commands meant for Metasploit in order and
in a throttled manner. Started moving some Armitage calls to it. Now you can
fire an exploit at 1,000 hosts and Armitage won't blink. It might take awhile
before that exploit finishes firing against all of the hosts though :)
- The file browser now has a "List Drives" button. It's only available on
Windows sessions. Click it to see which drives are available.
- File browser can now navigate to folders with apostrophes in their name.
- Made some major internal changes to how Armitage interacts with Metasploit. The
goal is to make a more robust and faster hacking experience for you.
22 Mar 12
---------
- Updated Armitage NMap profiles with the following:
-T4 (instead of -T5) [wait longer for open services to reply]
-n [forces NMap to not resolve the hostname of IP addresses]
--min-hostgroup 96 [allows more parallelism when scanning hosts]
- Armitage now intercepts screenshot and webcam_snap commands from meterpreter
shell and performs the appropriate action with them.
- View -> Creds -> Export button now works in team mode.
- Doh! Armitage now properly shows VMWare icon when OS is set to a VMWare ESXi
- Armitage "is command finished?" heuristic now accounts for commands like
del /S which prompt with a (Y/N)? - you can safely use these commands again.
- Armitage now detects whether a client connecting to the team server is out
dated or not. It rejects old clients. They will get a message indicating they
need to update and then their client won't do anything else. You'll see a
message printed to STDOUT where the team server ran about the rejection.
- Added a * indicator to the active workspace in the workspaces menu.
- Added Hosts -> DNS Enumerate, this menu launches a Metasploit module that will
attempt to discover hosts by querying a name server in different ways.
- Added a file chooser helper to WORDLIST option.
- Armitage now displays a pivot relationship between a compromised host and the
NAT/proxy device it is connected through.
- Added a Copy button to services tab. This button copies the highlighted hosts
to the clipboard. I found myself needing this several times recently.
- Improved reverse payload selection logic (now it includes rev php meterpreter)
- Armitage now sets a different LPORT for each exploit launched with a rev payload
10:30am
- Changed algorithm for determining which edges to highlight in graph view. If
there
is a pivot and both sides have a session, then the edge is highlighted.
8 Mar 12 1.43-dev
--------
- Armitage now uses session_host to determine which host a session is associated
with. This value is grabbed directly from the OS itself. You'll no longer have
20 meterpreter sessions associated with a NAT/firewall device.
- Armitage now spins up a new listener for each client-side attack (no longer
relying on the random default listener created on startup). Of course you can
change this... double-click the PAYLOAD option to set it to something else.
- Token stealing dialog now disables refresh button while grabbing tokens. Enables
it again when done.
- Armitage now talks to Metasploit every two minutes to prevent auth timeout.
- Armitage now displays a firewall icon for hosts with no OS marked as a firewall
by MSF.
- Armitage now selects an IPv6 bind payload when attacking IPv6 hosts.
- Armitage now explicitly sets RPORT for different MSF Scan options and psexec.
- Updated the about dialog to include a version number and release date.
- Added a ./teamserver [external IP] [shared pass] script to the UNIX distro of
Armitage. This script makes it much easier to startup Armitage's team server
mode.
29 Feb 12
---------
- Armitage now displays a VMWare icon for hosts flagged as ESX/ESXi servers
- Overhauled token stealing user experience--this is the cadillac version. You
now get a nice list of the available tokens (from the post module), click to
impersonate, refresh, rev2self, and getuid.
- Improved file browser responsiveness
- Table view now allows individual hosts to be deselected in an interveral
(Armitage will no longer reselect these hosts for you)
- Dynamic workspaces no longer requires a comma and a space between entries (a
comma is good enough)
- Improved the [Host] -> Remove menu option
- Deconfliction server now returns the previous 100 events to new clients.
- File browser directory up button is now more obvious
- Keyboard accelerators when you right-click in the graph view are now correct.
- Adjusted the graph view scrolling increments to something sane.
- Added a slight delay between commands issued to a console to prevent them
from executing out of order.
21 Feb 12
---------
- Added Cut/Copy/Paste menu to table cell editor.
- Module browser search field now treats spaces as a wildcard. You may type:
"win meterp" and Armitage will treat it as "win*meterp"
- Hovering over an edge in graph view no longer reports a "null" tooltip
- Fixed parsing of ps output for the process dialog (it's much much better now)
14 Feb 12
---------
- Added ports 5631 (pc anywhere) and 902 (vmauthd) to the MSF Scans feature.
- Several cosmetic tweaks to the spacing in Armitage tables.
- Moved table render code from Sleep to Java to avoid potential lock conflicts
- Added support for vba-exe payload output type.
- Payload generation dialog now sets more appropriate default options for the
vba output type when it is selected.
- Meterp command shell "read more stuff?" heuristic now accounts for Yes/No/All
- Fixed ExitOnSession showing up twice when setting advanced options for a
client-side exploit
- You may now import multiple files through Hosts -> Import again.
- Added 5s timeout to d-server connect attempt.
- Added a --client [connect.properties] to specify which Metasploit server to
connect to. The connect.properties file is a Java properties file that looks
like this (without the leading whitespace):
host=127.0.0.1
port=55553
user=msf
pass=test
19 Jan 12
---------
- Data export now includes a sessions file. This lists all of the Metasploit
sessions you had in your database. There's some neat data here including
which exploit was used, which payload, start time, and close time. You can
calculate how much time you spent on your client's boxes. Cool stuff.
- Fixed a potential dead-lock caused by mouse enter/exit events firing code
that required a lock. Nice landmine to defuse.
- Fixed a weird condition with d-server detection. Sometimes (rarely)
Armitage wouldn't detect the d-server even when it's present.
- Added check to d-server allowing one lock per/client. Client won't reobtain
a lock until it lets it go. This prevents you from opening two shell tabs
for a shell session in team mode.
- Fixed an infinite loop condition when some Windows shell commands would
return output with no newlines (e.g., net stop [some service]). Thanks
Jesse for pointing me to this one.
- Data export now includes a timeline file. This file documents all of the
major engagement events seen by Armitage. Included with each of these
events is the source ip of the attack system and the user who carried out
the action (when teaming is setup).
- Data export now exports timestamps with current timezone (not GMT)
- Fixed a nasty bug that's been with Armitage since the beginning! I wasn't
freeing edges properly in the graph view. If you had pivots setup in graph
view and used Armitage long enough--eventually Armitage would slow down until
the program became unusable. At least it's fixed now.
- Adjusted the d-server state identity hash combination algorithm to better
avoid collissions.
- Armitage now displays 'shell session' below a host if the host info is just
the Windows shell banner.
5 Jan 12
--------
- Armitage d-server now transmits hosts, service, and session state only
when something has changed. This makes teaming much snappier.
- Uploading an imported hosts file now shows a progress dialog.
- File browser upload function no longer blocks the user interface in team
mode. A progress dialog is shown for uploading larger files.
- Removed Ctrl+R refresh hosts shortcut from graph view (it's no longer
necessary)
- Armitage now exits if it was unable to connect to the collaboration server.
- Hosts -> NMap Scans and Hosts -> MSF Scans dialogs are now populated with
the selected values from the target area by default.
- You may now interact with a Windows command shell through Java meterpreter.
- Armitage no longer shows Webcam Shot option through Java meterpreter.
- Armitage now detects when it does not have read permissions for the database
YAML file and prompts with something helpful. Before it would just freeze
with a blank dialog. Not helpful. :)
- Armitage now only shows services that are open.
- View -> Reporting -> Export Data now has the capability of dumping the whole
database (not just the current workspace).
- Added a dialog to View -> Reporting Export Data. Now you have the ability to
dump all hosts or choose to dump one of the dynamic workspaces. This gives
you a lot of flexibility with which hosts are included.
- Cleaned up exported output of vulnerabilities in the Metasploit database:
-- duplicate entries are collapsed to one (this was the fault of my query)
-- refs column contains references separated by a comma and a space
-- added info and module columns. The module column indicates the appropriate
Metasploit module
-- Metasploit modules now populate name, info, and module in an appropriate
way.
- Values exported to TSV are cleaned up such that newlines are replaced with a
literal \n and tabs are converted to three spaces.
12 Dec 11
---------
- Armitage teaming mode now downloads the resulting file for any fileformat
exploit.
- Armitage -> Set Exploit Rank and Set Target View now show a * next to an
item to indicate the current setting.
- Shift+click on Launch in a module launch dialog will not close the module
launch dialog. One use case for this: set up a payload multi/handler,
shift+click Launch to do it, then change output type to exe, click Launch
and you're all set.
- Dynamic Workspace editor now trims whitespace from your entries. Errant
whitespace causes Armitage to reject the entry and your workspace never
acivates.
- Updated the "msfrpcd died" troubleshooting dialog. The new one takes folks
to a website with detailed information.
- Armitage now uses "load" to load a meterpreter module instead of "use"
- Key logger event log announcement now notes the session ID. This is so
your teammates will know not to migrate that session since it's recording
key strokes.
- Right-click X in tab -> Save Screenshot now displays filename without the
path.
- Deconfliction server now detects when database is not available and offers
troubleshooting steps.
- Loot/Downloads viewer now has a right-click menu to Copy selected text.
11.17.11 - All the things I wanted to do, but didn't have time
--------
Release Note 1: if you use Armitage teaming, things changed. You have to start
msfrpcd with a different set of flags and your team must use the latest version
of Armitage. If you have a script that starts msfrpcd, you must update it.
- db.services now limits its results to hosts that are returned by db.hosts.
This fixes a bug where services data for some hosts was not returned when
when >3,500 hosts are in the armitage database.
- MSF Scans menu is now available under Hosts menu again.
- Removed Browser Autopwn menu as its future in Metasploit is undecided.
- Find Attacks/Hail Mary now pull latest service info from DB before resolving
the attacks. This prevents a situation where Find Attacks after a scan yielded
nothing because Armitage had not synced with the database yet.
- Deconfliction server now complains when you try to use 127.0.0.1 as your host
- Added cut/copy/paste/clear menu to most textfields. (for Glen)
- Added Workspaces -> Manage to edit, add, and remove dynamic workspaces.
- Added code to intercept "sessions -i ##" and open a meterpreter tab instead.
- Armitage now honors port setting when starting msfrpcd for you.
- Armitage now detects msfrpcd shutdown and offers user advice to fix it. The
most common cause is probably a lack of msgpack.
- Fixed a deadlock that happened when generating a payload.
10.20.11
--------
- Modified hail mary attack to get a little more success with some common Windows
attacks.
10.17.11
--------
- Added menu item to dump hashes using the old lsass method or the smart hashdump
registry method.
10.13.11
--------
- added ability to set up VNC on a target when connected to a remote Metasploit
- Armitage now tells you where to connect your VNC client to access the desktop
of a compromised host. You'll need to have a local VNC client available.
10.12.11
--------
- Meterpreter N -> Hashdump now runs post/windows/gather/smart_hashdump module.
This gives you the benefit of seeing its output and it works in more
situations.
- Right-click the tab X button and select Save Screenshot to take a screenshot
of the current tab. This image will render the tab contents exactly as seen
on the screen. Useful for putting together a report or presentation.
(thanks Rob for the suggestion)
- Added a module launcher helper for RHOSTS and RHOST. This helper will let you
import a list of IPs (separated by newlines) from a file into these fields.
- View -> Reporting -> Export Data no longer fails if there are no hosts to
export data about.
- Armitage now runs post/auxiliary modules as jobs (meaning you may kill them
using View -> Jobs)
- hashdump and smart_hashdump post modules will now announce to the event log
that hashes were dumped when they're run (whether through the menu or
the module browser).
- View -> Reporting -> Export Data now takes a screenshot of the table view
and includes it in the artifacts (when table view is active)
09.26.11 - take 2
--------
- Improved performance when launching exploits and other modules that open
a new tab.
- Launching an exploit will only open a tab when fewer than four hosts are
highlighted. If four or more are highlighted, then Armitage will use the old
behavior of silently launching each exploit. [You're supposed to be able to
attack hundreds of hosts at once--hence my desire to add this caveat]
- When launching an exploit in the background, Armitage will show a dialog
indicating that the exploit was launched against X hosts.
09.26.11
--------
- You may now drag and drop Armitage tabs to rearrange their order.
- Armitage "show all commands" option (for better exploit feedback) is now on
by default.
- You may now right-click a screenshot/webcam shot to zoom in or out on the
image. The zoom-level stays fixed (in case you refresh the image later)
- Added a menu to the X button in the tabs. Through this menu you may open the
current tab in its own window or close all like tabs.
- Updated Hosts -> Import Hosts to reflect the current importable file types.
- Added View -> Reporting -> Export Data to dump most Metasploit tables into
TSV and XML files suitable for parsing (by you!) into a report format of
some sort.
- Armitage now encodes (-e x86/shikata_ga_nai -i 3) any Windows meterpreter
payload generated from the module launcher dialog.
- [host] -> Meterpreter -> Access -> Duplicate now uses multi_meter_inject to
launch Meterpreter into memory directly (rather than upload and execute a file)
- In teaming mode, Armitage will now automatically upload a file selected through
the + option (e.g., USER_FILE +) to the Metasploit server and set the value
in Metasploit accordingly.
- Modified error output for a failed Metasploit method to only display the
method name and error message. Displaying a large input would cause Armitage
UI to start flashing in some weird disco mode until a hard reset. Yeaah.
09.08.11
--------
- Armitage now highlights the event log tab when something new is posted and the
tab is not active. Control the color by editing tab.highlight.color pref.
- Fixed a bug preventing preference values from saving properly (and having an
effect).
- Added "Check all credentials" option to the login dialogs. This option will
login to the service to test each credential. Successful logins will populate
the credentials table.
- Fixed a bug preventing the first open console from scrolling all the way to
the bottom when open.
- Credential export button now escapes the file path (making the button work on
Windows). This bug is another good example of why you should use Armitage on
Linux. It'll just work. Windows users: expect surprises.
- Use Ctrl+Shift on a tab X button to remove the tab and create a desktop window
with its contents. I suspect you'll find this really useful at times.
- Armitage now remembers your auto-layout setting. Right-click in the graph area
to change it.
- Setting armitage.show_all_commands.boolean to true will now run each exploit in
its own tab. Setting this is a good way to get feedback on the attacks you
launch and to learn the Metasploit console better.
07.31.11
--------
- Fixed bug preventing Meterpreter -> Access -> Hashdump from noting all hashes
into the credentials table.
** There were a few changes made to MSF over the past few days that
broke the credentials and loots dialog. This update brings Armitage
back to compatability with what exists in MSF trunk. **
*Respun* Armitage.dmg with .app file fix for MacOS X Lion. Thanks to
@NightLion for contributing this.
16 Mar 11
---------
- Shell -> Disconnect now executes in a separate thread.
- Armitage now creates ~/armitage-tmp and writes there if the current dir
is /Applications or it can't write to the current directory.
- Fixed a potential deadlock issue in the file browser
- Directory up button in file browser now shows that it has been pressed
- Added Execute option to file browser (now you can run a program by
right-clicking on it and selecting Execute--for Jesse)
- Multiple improvements to responsiveness of command shell and meterpreter
tabs. This should benefit collaboration mode too.
10 Mar 11 Changes
---------
Quick story: NECCDC 2011 Red Team. TJ launches a script that lands 70
sessions in the first few seconds. 11 red team members are connected to
Armitage eager to carry out their pieces of pwnage. The Ruby process pegs
the CPU and Armitage fails spectacularly. Very funny. This releases fixes
that.
- Armitage YAML parser now accepts quoted strings in the YAML fields
- Added caching of sessions.list, db.hosts, and db.services to Armitage
collaboration server. This should help prevent msfrpcd from overloading
when many clients are connected and owning boxen at one time.
- Improved GUI responsiveness by making several parts of the Armitage GUI
spawn a new thread to avoid blocking while communicating with Metasploit
- Added a tooltip to the "Start MSF" and "Connect" buttons to clarify use
- Export credentials button now prompts for a remote file when connected
to a remote Metasploit instance.
- Export credentials and payload generate output now transparently
downloads to your local host when connected to Armitage's collab server.
- Armitage now loads stdapi in Meterpreter if it finds it's not loaded.
Armitage also prompts you to rerun the failed command when this happens.
- Right-click in services now shows popup for taking actions against
selected hosts. Now you can do mass actions against hosts sorted by port.
- Added Access -> Persist to Meterpreter menu. This will run Meterpreter's
persistence script using the default Armitage handler. Meterpreter will
start at boot and at login.
- Added an Armitage.app file for MacOS X. Use Armitage from OS X as a
client to connect to Metasploit hosted in other places.
- Added a check for whether current working directory is writeable or not.
If it's not, Armitage does all of its read/write operations in home dir.
Tested with 10 concurrent Armitage clients from four boxes with 140+ shell
sessions and a few meterpreter sessions. I think we're ready to rock now.
27 Feb 11 Changes
---------
- Webcam snap features works again. Sorry about that. :)
- Download file button in file browser now works through the collaboration
server. This feature has a few limitations / requirements:
25 Feb 11 Changes
---------
See: http://www.youtube.com/watch?v=coF8dVLBnOQ
- Armitage now consumes data from msfrpcd's stderr when Start MSF button is
used. This means Armitage won't lock up when database tables are
initialized during the first run on Windows.
- pivoting, logins, hail mary, and pass-the-hash now print to the event log.
- Pass-the-hash dialog is now available via [host] -> Login -> psexec.
- Fixed bug causing Event Log menu to be present outside of collab mode.
- armitage.sh start-up shell script is now named armitage
- Console destroy and shell unlocking commands on tab close now happen in a
new thread to prevent the GUI from blocking.
- Armitage now stops meterpreter read thread when it detects a dead session.
- Replaced jyaml with a quick and dirty parser that doesn't mistake ####e#
for a double number. This was screwing up connecting to postgres for some
of you.
- Upload button in file browser now works through Armitage's collab server
- Added Ctrl+P shortcut to save screen capture of hosts graph view
22 Feb 11 Changes
---------
- Improved shell "when should I read more data from this channel" heuristic.
This means command shell sessions should not freeze on an errant Meterp.
read command that blocks until the universe is recreated.
- Fixed a potential deadlock using Armitage's meterpreter dialogs with a
meterpreter tab open.
- Command shell tab now only opens when Armitage knows channel and PID
settings
- Rewrote how Armitage interfaces with Meterpreter. This has a few impacts:
-- Armitage now waits for a command to execute and reads its output
before executing another command. This prevents Armitage from getting
confused when you're doing a lot of stuff at once.
-- You can now open multiple meterpreter console tabs for a session
-- Commands executed by Armitage's dialogs will not show up in your
Meterpreter tab(s).
- File browser now does a cd "current directory" before each action.
- Added a network attack collaboration feature to Armitage. This is as
beta as it gets (although it *should* work). To use it, start msfrpcd
and connect Armitage's collaboration server (on the same box as msfrcpd!)
1. View -> Event Log for chatting and watching major events
2. Command shell and webcam/screenshot features work for remote clients
3. Armitage clients automatically lock a shell session when they're in use
and notify other clients that it's locked if they try to use it.
4. Transparent real-time sharing of meterpreter amongst multiple clients.
- Payload generation now works on Windows (I wasn't escaping the backslashes
in the paths... doh!)
- Armitage now prompts you for a path (and not a file chooser) when generating
a payload using a remote connection to Metasploit.
- Armitage now loads database settings from file in MSF_DATABASE_CONFIG env var
- You can now highlight text in the Armitage console tabs on MacOS X.
- Fixed a potential deadlock when opening a Windows command shell tab
13 Feb 11 Changes
---------
- Organized View menu (it was getting out of control)
- Added RPC Console item to view menu (Start MSF only). This item will show
the STDOUT for msfrpcd. Use this to watch nmap's output.
- Added Ctrl+A shortcut to select all text in a console tab
- Kill meterpreter, kill pivots, and credential dumps now use fresh
consoles to execute. This ensures they will execute even if the global
console is stale (this sometimes happens.)
- Added tab completion to Meterpreter window.
- Hosts -> Import Hosts now lets you select multiple files to import at once.
- Use SSL is now checked by default on Linux (and unchecked by def. on Win)
- Updated Armitage to remove or alter some UI options when connected to a
remote Metasploit RPC instance.
21 Jan 11 Changes
---------
- Increased wait time between connection attempts to MSF RPC
- Fixed bug with Windows command shell not working when using Armitage from a
Windows host.
- Host refresh using sysinfo now only happens when no OS is set for the host.
- Fixed a deadlock condition caused when an automatic sysinfo request was
made while a Meterpreter tab for the same host was open.
18 Jan 11 Changes
---------
- Added a Migrate Now! item to Meterpreter Access menu. Runs migrate -f.
- Right-click in Meterpreter console now shows menu as before (silly bugs).
- Armitage now detects hashdump failure and reports possible causes to you.
- Armitage now binds default handler to 0.0.0.0.
- Added a table view for the targets area. Go to View -> Targets to change the
setting. If you're working with many hosts, table view may be better for you.
- Added preliminary support for Metasploit post/ modules. You can launch them
and if a host is highlighted, Armitage will populate the SESSION var for you.
- Armitage now uses the sysinfo command in a meterpreter session to pull host
OS info if it doesn't know it. This also means Armitage will auto-populate
the host OS when a client-side attack is successful.
- Tab completion is now ignored when input field is empty
13 Jan 11 Changes
---------
- Hosts reported as Windows Me now display W2K era Windows logo.
- "Hail Mary" attack is now launched and managed by Armitage. Exploits are
selected using the output of db_autopwn AND the operating system information
Armitage knows. Also attacks are launched in a more optimal order (sorted by
exploit rank/age). This is a big improvement over db_autopwn by itself.
- Added a link to the Armitage Issue Tracker in the Help menu.
- Updated remote exploit payload selection to choose Java payloads or Windows
shell payloads before resorting to the generic/* payloads.
- Updated client-side exploit launcher to let you select the target. Armitage
uses this target (plus the exploit name) to determine which payload to use.
multi/java_signed_applet works very nicely now ;)
- Fixed (once and for all now) the mysterious OS info not refreshing bug.
Now those pretty OS pictures will show up if Metasploit knows about the OS.
- Added a 52 character length limit to a target's description in the target
dropdown. This stops weird GUI layouts caused by long target descriptions.
- Exploit recommendations now take into account FreeBSD hosts.
- Added an OpenBSD option to the hosts menu.
- Armitage now does a setg AutoLoadStdapi true when setting up MSF.
- Last modified field of file browser now sorts properly.
- Jobs console and its kill feature should now work in all circumstances.
- Session menus for meterpreter now limited for non-Win meterp sessions.
- Updated Armitage/Windows to provide a better startup experience. Simply
extract the archive over your MSF install and rock n' roll.
22 Dec 10 Changes
---------
- Updated meterpreter shell and command shell console to honor your set
preferences. I forgot to pass $preferences to the console constructor. Doh!
- Added a -d/--debug command line option. This will dump System.getProperties()
and a log of all exchanges with the MSF server to debug.log in the current
working directory.
- To play nice with existing conventions, Armitage is now licensed under the
BSD license. Distribute, use, reuse, recycle.... have fun.
- Fixed a deadlock condition that arose when a large nmap scan is imported
- About dialog now shows up centered.
- Armitage now has a graphic for Cisco IOS. You can mark a host as a Cisco IOS
device. Also Armitage recognizes IOS from an NMAP Scan.
- Fixed Armitage "crash" due to read timeouts. This would occur for those of
you who ran a really taxing operation (e.g., db_autopwn).
- Added a time limit flag to db_autopwn (20s)
- Ctrl+R is now even more aggressive clearing internal data structures.
- Shell N -> Meterpreter... no longer blocks waiting for the operation to
complete.
13 Dec 10 Changes
---------
- Added Meterpreter -> Browse -> Webcam Shot to grab webcam snap shots.
- You may now click the image in the webcam/screenshot view to save it.
- Workspace -> Create menu now automatically switches you to the net workspace.
- UNIX shell sessions now have an Upload... menu. This item will open a local
file and use the printf command on the remote host to put it together. It's
slow but it works.
- Removed the rename file menu item from the file browser. It turns out I had
my Windows command shell vs. meterpreter command interface crossed. The
command doesn't exist in Meterpreter.
- Upload button now waits until file is uploaded to refresh file listing
- Added Timestomp item to File Browser popup menu. This works like a clipboard.
Select Get MACE to capture the MACE values of the current file. Use Set MACE
on another file to set the MACE values to the currently known attributes.
- Dump hashes menu item no longer pulls up a new credentials tab.
- Added a Refresh button to the credentials tab.
- Updated db refresh code to be a little smarter about when it needs to merge
db_notes hints into the MSF database.
6 Dec 10 Changes
--------
- added -y filename.yml command line option for specifying a YAML file with
database parameters
- updated "Start MSF" to launch "ruby msfrpcd" on Windows. This requires the
current working directory of Armitage be set to the Metasploit base directory.
- jobs view now parses job output with only 3 columns of information.
- connect dialog is now centered on your screen when you start Armitage
- Armitage now saves your settings when you use Start MSF.
- Armitage now forces cells in editor mode to save before launching a module or
an exploit. This should prevent a few surprises where things seemed like they
weren't working for a few of you.
- MSF Discovery Scans are now started from a separate thread, preventing
Armitage from "locking up" while the scans launch. A dialog also comes up to
state how many scans were launched.
- MSF Discovery Scans are now limited to 2 threads/scan on Windows and 8 on
other operating systems. This prevents serious lag issues caused by
starting too many threads.
- connect dialog is now a window, meaning it has an icon in whatever your
window manager is and if you close it Armitage exits.
- updated DB Connect String helper dialog to ask for DB user, DB pass, DB host,
and DB name. This should prevent some of you from confusing the database
user/pass with the MSFRPCD user/pass.
- Current environment variables are now passed to msfrpcd when executed from
Armitage. This will allow msfrpcd to inherit any PATH changes and other
necessary things when Armitage is run from a shell script or batch file.
- Added .svn folders to the Armitage distribution. Now you can use svn update .
to keep your install of Armitage up to date.
- File browser upload and make directory commands now allow files with spaces
in them.
- Armitage will now exit if it takes longer than 5 seconds to shutdown msfrpcd
when cancel is pressed during the connecting phase.
25 Nov 10
---------
- start msf button now kills msfrpcd session if db_connect fails
- set default database options to mysql with BackTrack 4 R2 settings.
- Armitage -> Exit menu now kills msfrpcd, if the "Start MSF" button was used
- Added ability to set up a multi/handler from Payload launch dialog
13 Nov 10
---------
- fixed file browser directory icon showing up in every field within Windows L&F
- added an export button to the credentials view. This will save the credentials to
2 Nov 10
--------
- Initial (priv8) release.