Let's say you have lost your username and password to one of your Windows computers. Follow these steps to create a new user account so that you can access your Windows computer. This assumes that Metasploit and Armitage are installed on a machine in your LAN (probably Linux Kali).
- Ensure Metasploit and Postgresql are active and running
- service start metasploit
- service start postregsql
- Select Applications > Exploitation tools > Armitage
- In Armitage, select Hosts > Add Host
- In the Add Host pop-up box, enter the IP address of the target computer and select OK. The target computer now appears in Armitage.
- Right-click on the target computer and select Scan. Wait for scan complete to display. If the target computer has anti-virus, the anti-virus may protect the computer from the scan.
- After the scan completes, select Attacks > Hail Mary
- In the Really?!? pop-up box, select Yes. If a target machine is not patched, the Hail Mary attack may give you access to the target machine, and a red lightning bolt icon appears in Armitage on the target machine. If the target machine is patch, the Hail Mary attack will display No Sessions.
- Assuming the red lightning bolt icon does appear on the target machine, select Armitage > Interact > Command Shell
- Issue these command to create a new user account with administrator privileges:
- net user username password /add
- net localgroup administrator username /add