Commit 8cad2c90 authored by Sophie Brun's avatar Sophie Brun

New upstream version 20160709+ds1

parent f3e5b46a
This process was executed on BackTrack Linux. I have no concern, desire,
motivation, care, or need to make this work on Windows.
Requirements:
1. Java 1.6.0+
2. Apache Ant (http://ant.apache.org I think)
To build this code:
./package.sh
To run it (after compiling):
./run.sh
<project name="armitage" default="all" basedir=".">
<property name="project.src" location="src/" />
<property name="project.build" location="bin/" />
<target name="all" depends="init, compile, jar" />
<target name="init">
<tstamp />
<mkdir dir="${project.build}" />
</target>
<target name="compile" depends="init" description="compile the source " >
<javac srcdir="${project.src}/"
destdir="${project.build}"
nowarn="yes"
depend="yes"
debug="true"
optimize="yes"
target="1.6"
source="1.6"
includeantruntime="fuckno"
>
<classpath path="./lib/jgraphx.jar;./lib/sleep.jar;./lib/msgpack-0.6.12-devel.jar;./lib/postgresql-9.1-901.jdbc4.jar;./lib/javassist-3.15.0-GA.jar" />
</javac>
</target>
<target name="jar" depends="compile">
<unzip src="lib/sleep.jar" dest="bin" />
<unzip src="lib/jgraphx.jar" dest="bin" />
<unzip src="lib/msgpack-0.6.12-devel.jar" dest="bin" />
<unzip src="lib/postgresql-9.1-901.jdbc4.jar" dest="bin" />
<unzip src="lib/javassist-3.15.0-GA.jar" dest="bin" />
<copy todir="bin/scripts">
<fileset dir="scripts" />
</copy>
<copy todir="bin/scripts-cortana">
<fileset dir="scripts-cortana" />
</copy>
<copy todir="bin/resources">
<fileset dir="resources" />
</copy>
<jar destfile="armitage.jar" basedir="bin" includes="**/*">
<manifest>
<attribute name="Main-Class" value="armitage.ArmitageMain" />
</manifest>
</jar>
<jar destfile="cortana.jar" basedir="bin" includes="**/*">
<manifest>
<attribute name="Main-Class" value="cortana.Main" />
</manifest>
</jar>
</target>
<target name="clean" description="clean up" >
<delete dir="${project.build}"/>
</target>
</project>
#
# Script to build SQL query for Metasploit creds model
# 1. Run this script
# 2. Use the output with db.creds/db.creds2 in src/msf/DatabaseImpl.java
#
# the different tables that contain origin information for our credentials
@origin = @('metasploit_credential_origin_manuals',
'metasploit_credential_origin_imports',
'metasploit_credential_origin_sessions',
'metasploit_credential_origin_services',
'metasploit_credential_origin_cracked_passwords');
# the tables we will be pulling data from!
@tables = @('metasploit_credential_publics',
'metasploit_credential_privates',
'metasploit_credential_cores');
# what we want to go into each row that's returned. Goal is to stay db.creds compatible
%keys = %(
user => "metasploit_credential_publics.username",
pass => "metasploit_credential_privates.data",
ptype => "metasploit_credential_privates.type",
#realm_key => "metasploit_credential_realms.key",
#realm_value => "metasploit_credential_realms.value",
id => "metasploit_credential_cores.id",
realm_id => "metasploit_credential_cores.realm_id");
#
%withservice = %(
host => "host(hosts.address)",
sname => "services.name",
port => "services.port",
proto => "services.proto");
#
%noservice = %(
host => "''",
sname => "''",
port => "0",
proto => "''");
%withsession = %(
host => "host(hosts.address)",
sname => "''",
port => "sessions.port",
proto => "''");
# map origin_type to tablename...
%origin_types = %(
Metasploit::Credential::Origin::Session => "metasploit_credential_origin_sessions",
Metasploit::Credential::Origin::Import => "metasploit_credential_origin_imports",
Metasploit::Credential::Origin::Service => "metasploit_credential_origin_services",
Metasploit::Credential::Origin::Manual => "metasploit_credential_origin_manuals",
Metasploit::Credential::Origin::Cracked_Password => "metasploit_credential_origin_cracked_passwords");
# build a list of columns
sub columns {
local('$key $value @r');
foreach $key => $value ($1) {
push(@r, "$value AS $key");
}
foreach $key => $value ($2) {
push(@r, "$value AS $key");
}
return join(", ", @r);
}
# build a list of tables to query from
sub tables {
local('@t $2');
@t = copy(@tables);
if ($2 == 1) {
push(@t, "hosts");
push(@t, "services");
}
else if ($2 == 2) {
push(@t, "hosts");
push(@t, "sessions");
}
push(@t, $1);
return join(", ", @t);
}
sub clauses {
local('@w $3');
push(@w, "metasploit_credential_cores.origin_id = $1 $+ .id");
push(@w, "metasploit_credential_cores.origin_type = ' $+ $2 $+ '");
push(@w, "metasploit_credential_cores.public_id = metasploit_credential_publics.id");
push(@w, "metasploit_credential_cores.private_id = metasploit_credential_privates.id");
# push(@w, "metasploit_credential_cores.realm_id = metasploit_credential_realms.id");
if ($3 == 1) {
push(@w, "$1 $+ .service_id = services.id");
push(@w, "services.host_id = hosts.id");
push(@w, "hosts.workspace_id = \" + workspaceid + \"");
}
else if ($3 == 2) {
push(@w, "$1 $+ .session_id = sessions.id");
push(@w, "sessions.host_id = hosts.id");
push(@w, "hosts.workspace_id = \" + workspaceid + \"");
}
return join(" AND ", @w);
}
#
# build our individual queries first...
#
@queries = @();
foreach $class => $table (%origin_types) {
# pull host information!
if ($table eq "metasploit_credential_origin_services") {
$c = columns(%keys, %withservice);
$t = tables($table, 1);
$w = clauses($table, $class, 1);
}
# pull info here too
else if ($table eq "metasploit_credential_origin_sessions") {
$c = columns(%keys, %withsession);
$t = tables($table, 2);
$w = clauses($table, $class, 2);
}
# do not pull host information
else {
$c = columns(%keys, %noservice);
$t = tables($table);
$w = clauses($table, $class);
}
push(@queries, "SELECT $c FROM $t WHERE $w");
}
println(join(" UNION ", @queries));
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CFBundleName</key>
<string>Armitage</string>
<key>CFBundleVersion</key>
<string>03.03.11</string>
<key>CFBundleAllowMixedLocalizations</key>
<string>true</string>
<key>CFBundleExecutable</key>
<string>JavaAppLauncher</string>
<key>CFBundleDevelopmentRegion</key>
<string>English</string>
<key>CFBundlePackageType</key>
<string>APPL</string>
<key>CFBundleSignature</key>
<string>faha</string>
<key>CFBundleInfoDictionaryVersion</key>
<string>6.0</string>
<key>CFBundleIdentifier</key>
<string>Armitage</string>
<key>CFBundleDisplayName</key>
<string>Armitage</string>
<key>CFBundlePackageType</key>
<string>APPL</string>
<key>CFBundleShortVersionString</key>
<string>MacOS X Client</string>
<key>CFBundleSignature</key>
<string>cblt</string>
<key>CFBundleVersion</key>
<string>1</string>
<key>NSHumanReadableCopyright</key>
<string></string>
<key>JVMMainClassName</key>
<string>armitage.ArmitageMain</string>
<key>CFBundleIconFile</key>
<string>aquaicon2</string>
<key>JVMOptions</key>
<array>
<string>-XX:+AggressiveHeap</string>
<string>-XX:+UseParallelGC</string>
</array>
</dict>
</plist>
#
# unzip armitage.tgz in this directory first.
#
rm -rf dist
mkdir dist
cp -r Armitage.app dist
cp armitage/armitage.jar dist/Armitage.app/Contents/Java
cp armitage/*.txt dist/
cp *.rtf dist/
rm -rf armitage
mv dist Armitage
hdiutil create -ov -volname Armitage -srcfolder ./Armitage armitage.dmg
rm -rf armitage
{\rtf1\ansi\ansicpg1252\cocoartf1265
\cocoascreenfonts1{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
{\colortbl;\red255\green255\blue255;}
{\*\listtable{\list\listtemplateid1\listhybrid{\listlevel\levelnfc23\levelnfcn23\leveljc0\leveljcn0\levelfollow0\levelstartat1\levelspace360\levelindent0{\*\levelmarker \{disc\}}{\leveltext\leveltemplateid1\'01\uc0\u8226 ;}{\levelnumbers;}\fi-360\li720\lin720 }{\listname ;}\listid1}}
{\*\listoverridetable{\listoverride\listid1\listoverridecount0\ls1}}
\margl1440\margr1440\vieww10980\viewh8600\viewkind0
\pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural
\f0\fs24 \cf0 Welcome to
\b Armitage for Mac OS X
\b0 .\
\
A few things to note:\
\
\pard\tx220\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\li720\fi-720\pardirnatural
\ls1\ilvl0\cf0 {\listtext \'95 }Armitage requires Oracle\'92s Java 1.7. \
{\listtext \'95 }I do not provide help installing Metasploit on MacOS X. You're on your own.\
\pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural
\cf0 \
\pard\tx560\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural
\cf0 That said, you may use Armitage to connect to a remote Metasploit instance and collaborate with your team. It's for this use case I have created this package.\
\
If you opt to install Metasploit on MacOS X, make sure msfrpcd is in your $PATH. Consider using sudo -E to start armitage (to inherit the necessary environment info to start MSF).\
}
\ No newline at end of file
#
# fix the line formats so windows users can read the files too
#
perl -pi -e 's/\n/\r\n/g' readme.txt
perl -pi -e 's/\n/\r\n/g' whatsnew.txt
File added
File added
Copyright (c) 2015, Raphael Mudge
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation and/or
other materials provided with the distribution.
3. Neither the name of the copyright holder nor the names of its contributors
may be used to endorse or promote products derived from this software without
specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#!/bin/bash
#
# I know Apache Ant does all of this stuff... I hate working with XML though
#
rm -f armitage.zip
rm -f armitage.tgz
ant clean
ant compile
cp -r resources/ bin/
cp -r scripts/ bin/
rm -rf bin/*/*/.svn
rm -rf bin/*/.svn
ant jar
#
# build *NIX package
#
mkdir armitage
cp armitage.jar armitage
cp cortana.jar armitage
cp readme.txt armitage
cp whatsnew.txt armitage
cp -r dist/unix/* armitage
# kill the silly .svn file
rm -rf armitage/.svn
tar zcvf armitage.tgz armitage
rm -rf armitage
#
# build Windows package
#
mkdir armitage
cp -r dist/windows/* armitage
cp armitage.jar armitage/
cp cortana.jar armitage/
cp readme.txt armitage/readme.txt
cp whatsnew.txt armitage/whatsnew.txt
# kill that silly .svn file
rm -rf armitage/.svn
rm -rf armitage/*/*/.svn
rm -rf armitage/*/.svn
cd armitage
zip -r ../armitage.zip .
cd ..
rm -rf armitage
#
# update the release directory
#
cd release/
tar zxvf ../armitage.tgz
mv armitage/* armitage-unix
rm -rf armitage
cd ../release/
cd armitage-windows
unzip -o ../../armitage.zip
<html>
<body>
<center><h1>Armitage 1.4.11</h1></center>
<p>An attack management tool for Metasploit&reg;
<br />Release: 13 August 2015</p>
<br />
<p>Developed by:</p>
<ul>
<li>Raphael Mudge</li>
</ul>
<p><small>Metasploit&reg; is a registered trademark of Rapid7</small></p>
</body>
</html>
#Armitage Configuration
#Fri Oct 15 18:08:08 EDT 2010
graph.font.font=Monospaced-BOLD-14
console.clear_screen.shortcut=ctrl pressed K
graph.zoom_out.shortcut=ctrl pressed MINUS
graph.save_screenshot.shortcut=ctrl pressed P
console.font_size_reset.shortcut=ctrl pressed 0
console.page_down.shortcut=pressed PAGE_DOWN
graph.arrange_icons_circle.shortcut=ctrl pressed C
graph.selection.color=\#00ff00
graph.zoom_in.shortcut=ctrl pressed EQUALS
console.find.shortcut=ctrl pressed F
console.history_previous.shortcut=pressed UP
console.history_next.shortcut=pressed DOWN
console.page_up.shortcut=pressed PAGE_UP
console.highlight.color=\#0000cc
console.font_size_plus.shortcut=ctrl pressed EQUALS
console.font_size_minus.shortcut=ctrl pressed MINUS
console.foreground.color=\#cccccc
console.background.color=\#000000
console.font.font=Monospaced-BOLD-14
graph.arrange_icons_hierarchical.shortcut=ctrl pressed H
graph.foreground.color=\#cccccc
graph.background.color=\#111111
graph.zoom_reset.shortcut=ctrl pressed 0
console.clear_buffer.shortcut=pressed ESCAPE
graph.edge.color=\#3c6318
graph.arrange_icons_stack.shortcut=ctrl pressed S
graph.edge_highlight.color=\#00ff00
graph.default_layout.layout=stack
application.skin.skin=Nimbus
graph.clear_selection.shortcut=pressed ESCAPE
graph.select_all.shortcut=ctrl pressed A
armitage.required_exploit_rank.string=great
armitage.string.target_view=graph
console.select_all.shortcut=ctrl pressed A
armitage.log_everything.boolean=true
armitage.no_msf_banner.boolean=true
tab.highlight.color=#0000ff
armitage.show_all_commands.boolean=true
armitage.application_title.string=Armitage
console.color_0.color=\#ffffff
console.color_1.color=\#000000
console.color_2.color=\#3465A4
console.color_3.color=\#4E9A06
console.color_4.color=\#EF2929
console.color_5.color=\#CC0000
console.color_6.color=\#75507B
console.color_7.color=\#C4A000
console.color_8.color=\#FCE94F
console.color_9.color=\#8AE234
console.color_10.color=\#069A9A
console.color_11.color=\#34E2E2
console.color_12.color=\#729FCF
console.color_13.color=\#AD7FA8
console.color_14.color=\#808080
console.color_15.color=\#c0c0c0
console.show_colors.boolean=true
Metasploit's RPC daemon shut down. This is the
service Armitage uses to talk to Metasploit.
When this happens, it means something is wrong.
The developer of Armitage feels your pain from
afar. Would you like help troubleshooting this?
P.S. yes you would--the answer is known and it's
easy to deal with. Click Yes to visit the
troubleshooting guide at:
http://www.fastandeasyhacking.com/nomsfrpcd
^(../.. ..:..:..) \[\*\] (.*) $1 \cC[*]\o $2
^\[\*\] (.*) \cC[*]\o $1
^(../.. ..:..:..) \* (.*) $1 \cD*\o $2
^(../.. ..:..:..) <(.*?)> (.*?$ME$.*) $1 <\c7$2\o> $3
^(\w+)> \u$1\o>
^msf> \umsf\u>
^meterpreter > \umeterpreter\u >
^msf > \umsf\u >
^msf (.*?)\((.*?)\) > \umsf\u $1(\c4$2\o) >
^\[\*\] (.*) \cC[*]\o $1
^\[\+\] (.*) \c9[+]\o $1
^\[\!\] (.*) \c8[!]\o $1
^\[\-\] (.*) \c4[-]\o $1
^ =\[ (.*) =[\c7 $1
^(=[=\s]+) \cE$1
^(\s*-[-\s]+) \cE$1
^(.*?): (.*) $1\cE:\o $2
@echo off
set BASE=$$BASE$$
cd "%BASE%"
set PATH=%BASE%ruby\bin;%BASE%java\bin;%BASE%tools;%BASE%svn\bin;%BASE%nmap;%BASE%postgresql\bin;%PATH%
IF NOT EXIST "%BASE%java" GOTO NO_JAVA
set JAVA_HOME="%BASE%java"
:NO_JAVA
set MSF_DATABASE_CONFIG="%BASE%\config\database.yml"
cd "%BASE%msf3"
rubyw msfrpcd -a 127.0.0.1 -U $$USER$$ -P $$PASS$$ -S -f -p $$PORT$$
@echo off
set BASE=$$BASE$$..\..\
cd "%BASE%"
set PATH=%BASE%ruby\bin;%BASE%java\bin;%BASE%tools;%BASE%nmap;%BASE%postgresql\bin;%PATH%
IF NOT EXIST "%BASE%java" GOTO NO_JAVA
set JAVA_HOME="%BASE%java"
:NO_JAVA
set MSF_DATABASE_CONFIG="%BASE%apps\pro\ui\config\database.yml"
set MSF_BUNDLE_GEMS=0
set BUNDLE_GEMFILE=%BASE%apps\pro\ui\Gemfile
cd "%BASE%apps\pro\msf3"
rubyw msfrpcd -a 127.0.0.1 -U $$USER$$ -P $$PASS$$ -S -f -p $$PORT$$
java -classpath bin:lib/\*:. armitage.ArmitageMain $*
# This file is part of a stand-alone script environment that connects Cortana to
# Metasploit, Armitage, and a postgresql database. It's a little complicated and
# twisty turny in here. Here are the rough steps:
#
# 1. Connect to the database (&main)
# 2. setup the default reverse handler (&setupHandlers)
# 3. check for the collaboration server (&checkForCollaborationServer)
# 4. setup collaboration (&setup_collaboration)