KARMA + Metasploit Framework 3 == Karmetasploit


Background

In 2004 Dino Dai Zovi and Shane Macaulay presented All Your Layer Are Belong To Us at Pacsec in Tokyo. This presentation focused on the insecure behavior of wireless clients. Accompanying the presentation was a tool called KARMA (KARMA Attacks Radioed Machines Automatically). This tool acts as wireless access point and responds to all probe requests from wireless clients. Once a client has associated with the KARMA access point, every service they try to access leads to a malicious application. The services side of KARMA was written in Ruby, making it a perfect match for integration with version 3 of the Metasploit Framework.

Introduction

The original version of KARMA depended on a modified version of the MADWIFI driver for Atheros-based wireless cards. While this approach works, its limits the types of network cards that can be used and requires some effort to maintain the patch against the latest version of the MADWIFI source code. To remedy this, the Aircrack-NG developers (specifically hirte) developed a user-mode access point that works with any wireless card that supports monitor mode and injection. This tool is called ‘airbase’ and was included in the 1.0rc1 release of Aircrack-NG. Not only does airbase solve the hardware limits of using a patched MADWIFI driver, but its also much easier to modify and integrate new features. The Metasploit staff contributed a patch to airbase that adds multiple ESSID beaconing, the option to temporarily beacon ESSIDs seen in probe requests, the ability to tune the beacon interval, and an option to force promiscuous (respond to all probes) mode regardless of whether an ESSID has been specified. The result is powerful replacement for the MADWIFI patch that can lure in a much wider range of wireless clients.

Source: http://dev.metasploit.com/redmine/projects/framework/wiki/Karmetasploit

Karmetasploit in action

Related Guides / Tutorial on How To Use

1.) http://carnal0wnage.blogspot.com/2008/08/playing-with-karmasploit-part-1.html
2.) http://carnal0wnage.blogspot.com/2008/08/metasploit-karmakarmasploit-part-2.html
3.) http://ubuntuforums.org/showthread.php?t=1092664

Advertisements

One Response to “KARMA + Metasploit Framework 3 == Karmetasploit”

  1. Setting up Karmetasploit in Ubuntu 10.10 « Genesis Database Says:

    […] one old post that I have never written on after saving the draf on the link that teaches how to run karmetasploit.  Basically, what we will be doing in this post is to run the karmetasploit module and start […]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: