Results 1 to 2 of 2

Thread: Possible Armitage attack avenue

  1. 2016-02-04 #1
    rootjb0
    rootjb0 is offline Junior Member
    Join Date
    2015-Aug
    Posts
    13

    Exclamation Possible Armitage attack avenue

    Hello all!

    I recently discovered something somewhat troubling during testing an Armitage "teamserver" setup.

    I took two Kali Rolling laptops and set laptop A to use as the teamserver like so:

    root@host:~# cd /usr/share/armitage
    root@host:~# ./teamserver MY.IP password1

    Keep in mind that this "password1" is different from the root login password. Both laptops have different login passwords.

    Opening Armitage on both laptop A and B, I set laptop B Armitage to connect to laptop A Armitage teamserver.

    Then I found something worrying.

    Upon opening a console on Armitage laptop B, I found that I could freely move around the directories of laptop A without using laptop A's root password.

    Is this a bug or a feature, and what is the best course of action to take, other than vetting members of your team and storing NO personal files on work laptops?
    Last edited by rootjb0; 2016-02-04 at 06:51. Reason: spelling; late at night
  2. 2016-02-04 #2
    grid
    grid is offline Senior Member
    Join Date
    2013-Apr
    Location
    Kali forums
    Posts
    805
    I haven't used Armitage much, but this sounds like a bug to me. I'd get in touch with the Armitage team at http://www.fastandeasyhacking.com/contact

Similar Threads

  1. WPS Pixie Dust Attack (Offline WPS Attack)
    By soxrok2212 in forum Project Archive
    Replies: 582
    Last Post: 2018-01-07, 11:58
  2. WPS Pixie Dust Attack (Offline WPS Attack)
    By soxrok2212 in forum General Archive
    Replies: 353
    Last Post: 2015-05-05, 08:32

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules