Karmetasploit Howto

[floyd]

Quote:

Originally Posted by sylvestor2002

when I try to run the following command:

airbase-ng -P -C 30 -e "Free WiFi" -v ath0

I get an error message saying something about the "P" option does not exist. I checked the help and noticed that the "P" & "C" options are not listed. (It did exist before, but I ran the "apt-get update && apt-get upgrade" command and that's when airbase seems to have changed.)

airbase-ng

Airbase-ng 1.0 rc1 - (C) 2008 Thomas d'Otreppe
Original work: Martin Beck
http://www.aircrack-ng.org

You have an old version... Are you using BT4 Pre Final? Do you have internet connection (ifconfig eth0 up && dhclient eth0)? Login in as root. Try

apt-get update && apt-get upgrade && apt-get dist-upgrade

I have the following version:

Quote:

Airbase-ng 1.0 rc3 r1582 - (C) 2008, 2009 Thomas d'Otreppe
Original work: Martin Beck
http://www.aircrack-ng.org

Has anyone followed this guide successfully? I'm still figuring out why Metasploit only attacks when I try to reach an https page. When I want to reach a http site (like google.com), i see the "It works" page of apache (on the attacker pc /var/www/index.html) or if i shutdown apache first (apache2ctl stop) I don't see any page (404 not found). Any ideas?

I will post my script which I wrote to automate setting up karmetasploit when I get home...

[Eatme]

i dont get how this will get a wpa key..or its not intedned to ?

if not then ill keep using WKG.

[SoftwareDefinesRadio]

Duplicate post.

Sorry

Floyd,


Thank you.

This is very good.

[TheBrotherOf]

Thanks for the nice tutorial. I have a question about the logic behind the attack. It seems like we're not doing any sort of NAT in order for the victim to see internet access (unless I'm missing something), so what are we really going to get out of this? Once someone connects, notices the lack of internet connection, won't they just disconnect and try to move on? What sort of information are we able to gather or which exploits are we trying to achieve?

While I have been able to get this mostly working, I'm still having some issues:

1.) Windows never connects to my rogue AP. It always errors out (Windows can't connect to ________).

2.) I can connect with my Blackberry, and it gets an IP address, but it never stays connected for more than about 15 seconds. It will disconnect (or be disco'd) and then reconnect via another fake SSID from the rogue AP.

I've tried lowering the MTU size but that seems to have no effect. Anyone else have these issues?

[floyd]

Quote:

Originally Posted by TheBrotherOf

Thanks for the nice tutorial. I have a question about the logic behind the attack. It seems like we're not doing any sort of NAT in order for the victim to see internet access (unless I'm missing something), so what are we really going to get out of this? Once someone connects, notices the lack of internet connection, won't they just disconnect and try to move on? What sort of information are we able to gather or which exploits are we trying to achieve?

You're right. I have to add the NAT or whatever. But as I'm not doing real exploitation of a victim, I'm fine to see that it works. But I will try to set up some NAT or it would be great if you could test and contribute.

Btw does it work with http or only with https for you?

Quote:

Originally Posted by TheBrotherOf

While I have been able to get this mostly working, I'm still having some issues:

1.) Windows never connects to my rogue AP. It always errors out (Windows can't connect to ________).

Maybe something is wrong with your DHCP client on the attacker. Check your dhcp configuration again. I had the same issue and this was my fault.

Quote:

Originally Posted by TheBrotherOf

2.) I can connect with my Blackberry, and it gets an IP address, but it never stays connected for more than about 15 seconds. It will disconnect (or be disco'd) and then reconnect via another fake SSID from the rogue AP.

I've tried lowering the MTU size but that seems to have no effect. Anyone else have these issues?

The Blackberry issue is interesting. I'm not quite sure, but maybe try airbase without -P -C 30. I think then the attacker shouldn't set up a AP for every probed ESSID he sees flying aroung . But I think maybe it's just the same issue as with the windows pc.

[TheBrotherOf]

Quote:

Originally Posted by floyd

You're right. I have to add the NAT or whatever. But as I'm not doing real exploitation of a victim, I'm fine to see that it works. But I will try to set up some NAT or it would be great if you could test and contribute.

Btw does it work with http or only with https for you?

In trying to figure out my issue yesterday I came across several pages that provided NAT instructions - once I can get the AP working I'll test the NAT and post my results/instructions.

Quote:

Originally Posted by floyd

Maybe something is wrong with your DHCP client on the attacker. Check your dhcp configuration again. I had the same issue and this was my fault.

I'll check it out. I need to run Wireshark on the Windows box and see if I'm getting reasonable DHCP credentials or not.

Quote:

Originally Posted by floyd

The Blackberry issue is interesting. I'm not quite sure, but maybe try airbase without -P -C 30. I think then the attacker shouldn't set up a AP for every probed ESSID he sees flying aroung . But I think maybe it's just the same issue as with the windows pc.

That was my first thought too, running without -P -C yielded similar results. Connection lasted about 15 seconds.


Thanks for the insight, I'll report back once I get a chance to give this more time.

[Eatme]

which is better this or WKG

[TheBrotherOf]

I just fired up airbase and dhcp seems to be working fine now. I think the Blackberry is disconnecting itself once it figures out that there's no internet access. Windows machine is staying connected as long as I let it.

[sylvestor2002]

Quote:

Originally Posted by floyd

You have an old version... Are you using BT4 Pre Final? Do you have internet connection (ifconfig eth0 up && dhclient eth0)? Login in as root. Try

apt-get update && apt-get upgrade && apt-get dist-upgrade

I have the following version:



Has anyone followed this guide successfully? I'm still figuring out why Metasploit only attacks when I try to reach an https page. When I want to reach a http site (like google.com), i see the "It works" page of apache (on the attacker pc /var/www/index.html) or if i shutdown apache first (apache2ctl stop) I don't see any page (404 not found). Any ideas?

I will post my script which I wrote to automate setting up karmetasploit when I get home...

Actually, I am running bt4_pre final. Airbase-ng did work the with "C" and "P" commands, but after I ran the command:

apt-get update && apt-get updgrade

the "P" and "C" options didn't exists. I guess an old version of airbase-ng got installed ? Anyways, Luckily I had it installed on a memory stick, so I'll reinstall bt4_pre release as I don't know what other programs might have been over written by the "apt-get update && apt-get updgrade" command.

thanks.

[KMDave]

Quote:

Originally Posted by Eatme

which is better this or WKG

Dude, you've been answered already and if you don't receive an answer to a different question then ppl either already answered you and you didn't notice or they can't/won't answer it.

What is better you have to decide for yourself.