Karma RogueAP(Powerfull Wireless Pen-Testing Tool)

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

Como eres nuevo en Yo Evoluciono, te recomendamos que te suscribas a nuestro feed RSS. No te pierdas ningún artículo: Cada uno te sorprenderá! Muchas gracias por tu visita!

THIS WORKS WITH ATHEROS BASED CHIPSET ONLY.

Project homepage: http://theta44.org/karma/index.html

“KARMA is a set of tools for assessing the security of wireless clients at multiple layers. Wireless sniffing tools discover clients and their preferred/trusted networks by passively listening for 802.11 Probe Request frames. From there, individual clients can be targeted by creating a Rogue AP for one of their probed networks (which they may join automatically) or using a custom driver that responds to probes and association requests for any SSID.  Higher-level fake services can then capture credentials or exploit client-side vulnerabilities on the host.” -http://theta44.org

first of all install the latest madwifi snapshots here

http://snapshots.madwifi.org/madwifi-trunk/madwifi-trunk-r3813-20080720.tar.gz

bt ~#tar -zxvf madwifi-trunk-r3813-20080720.tar.gz

bt ~#cd madwifi-trunk-r3813-20080720

bt ~#make && make install

bt ~ # ln -s  /sbin/iwconfig  /usr/sbin/iwconfig
bt ~# ln -s  /sbin/iwpriv  /usr/sbin/iwpriv
bt ~#  ln -s  /sbin/iwevent  /usr/sbin/iwevent
bt ~# airmon-ng start ath0
bt ~#airmon-ng start wifi0

Putting the card into monitor mode

bt ~#wlanconfig ath0 destroy

bt ~#wlanconfig ath0 create wlandev wifi0 wlanmode master

goto karma directory

karma.xml - “Runs a rogue base station with DHCP, DNS and HTTP services.  The HTTP service re-directs all requests to the ExampleWebExploit module that displays a simple HTML page.  This page can be replaced with something that informs the user that their wireless settings are insecure and that it may be a violation of corporate policy etc” -http://theta44.org

bt karma#bin/monitor-mode.sh ath0

bt karma#(cd ./src/ && make) && ./src/karma ath0

bt karma#

bt karma#bin/karma  etc/karma.xml

Now the rogue services are started any probing clients will now connect to KARMA on our machine whichever SSID their machine chooses to use.

Iwconfig output showing ath0 working as RogueAP.we can see bssid of RogueAP

We can see our FakeAP is working now and broadcasting BSSID & other clients probing for legitimate AP automatically connects with our rogueAP

karma-scan.xml - “Attempts to find insecure wireless clients that will associate to rouge network and possibly obtain IP address via DHCP”. -http://theta44.org

bt karma#bin/karma etc/karma-scan.xml

karma.scan.xml

This tool have layer attack approach.I am still working on it so that we can lauch more attack like Nmap scanning and metasploit for exploit the known vulnerabilites.

- Si te gustó el artículo, deja una marca social (usando el botón “Compártelo” aquí abajo) y enseñaselo al mundo. Todos te lo agradecerán, ¡No lo dudes! -

Compártelo