Hello all!
I recently discovered something somewhat troubling during testing an Armitage "teamserver" setup.
I took two Kali Rolling laptops and set laptop A to use as the teamserver like so:
root@host:~# cd /usr/share/armitage
root@host:~# ./teamserver MY.IP password1
Keep in mind that this "password1" is different from the root login password. Both laptops have different login passwords.
Opening Armitage on both laptop A and B, I set laptop B Armitage to connect to laptop A Armitage teamserver.
Then I found something worrying.
Upon opening a console on Armitage laptop B, I found that I could freely move around the directories of laptop A without using laptop A's root password.
Is this a bug or a feature, and what is the best course of action to take, other than vetting members of your team and storing NO personal files on work laptops?