Linux

 

Linux tools, Howtos

 

Tools Index

 

Wireless Commands

 

FC6 Build Howto

 

FC5 Build Howto

 

FC4 Build Howto

 

Live Linux Distros

 

 

Site Search

 

 

 

 

Windows

 

WIN32 tools, Howtos

 

Tools Index

 

 

Get Firefox!

 

 

General

 

Miscellaneous WI-FI

 

Default WI-FI Settings

 

Rogue AP Howtos

 

WI-FI Certifications

 

802.11 Standards

 

STEP BY STEP Guides

 

Formats / Extensions

 

WI-FI Home Security

 

Useful Links

 

 

 

 

 

KARMA Main:

Project homepage: http://theta44.org/karma/index.html

"KARMA is a set of tools for assessing the security of wireless clients at multiple layers. Wireless sniffing tools discover clients and their preferred/trusted networks by passively listening for 802.11 Probe Request frames. From there, individual clients can be targeted by creating a Rogue AP for one of their probed networks (which they may join automatically) or using a custom driver that responds to probes and association requests for any SSID.  Higher-level fake services can then capture credentials or exploit client-side vulnerabilities on the host." -http://theta44.org

Download latest stable code (currently KARMA SNAPSHOT 20060124) from http://theta44.org/karma/index.html

Local Mirror: karma-20060124.tar.gz  MD5: e9d4ccbda89b4b1cd70eefb1db339d0a

Installing KARMA

Using KARMA (discovery)

Using KARMA (Rogue Services)

 

 

Installing KARMA:

The following installation process assumes that you are utilising the FC4 Auditing Laptop Build as described in the Auditing Laptop Build: HOWTO all other builds have not been tested. 

 

Thanks to Dino Dai Zovi (tools co-author) for the new KARMA snapshot, which is easily installed on FC4.

 

tar zxvf karma-20060124.tar.gz

 

cd karma-20060124

 

cp  src/misc/madwifi.patch  /root

 

cd /root

 

patch -p0  <  madwifi.patch

 

ln -s  /sbin/iwconfig  /usr/sbin/iwconfig

 

ln -s  /sbin/iwpriv  /usr/sbin/iwpriv

 

ln -s  /sbin/iwevent  /usr/sbin/iwevent

 

yum install ruby (answer "y" when prompted).

 

 

Using KARMA (discovery):

 

cd /tools/wifi/karma-20060124

 

bin/monitor-mode.sh ath0

 

(cd ./src/ && make) && ./src/karma ath0

 

 

"This display will list wireless clients in range and the networks they send probe requests for.  This reveals the entries in their preferred networks list." -http://theta44.org

 

KARMA runs in stealth mode so basic wireless scanning activity (e.g. Netstumbler) will not detect the servers presence.

 

 

Using KARMA (Rogue Services):

 

KARMA also provides a number of other configurations stored in karma-20060124/etc

 

 

karma-scan.xml

 

Description:

 

karma-scan.xml - "Attempts to find insecure wireless clients that will associate to rouge network and possibly obtain IP address via DHCP". -http://theta44.org

 

Usage:

 

cd /tools/wifi/karma-20060124

 

bin/monitor-mode.sh  ath0

 

bin/karma  etc/karma-scan.xml

 

 

 

Now the rogue services are started any probing clients will now connect to KARMA on our machine whichever SSID their machine chooses to use.

 

 

 

Above we can see the client received the IP address 169.254.0.254 from KARMA's DHCP server.

 

 

karma.xml

 

Description:

 

karma.xml - "Runs a rogue base station with DHCP, DNS and HTTP services.  The HTTP service re-directs all requests to the ExampleWebExploit module that displays a simple HTML page.  This page can be replaced with something that informs the user that their wireless settings are insecure and that it may be a violation of corporate policy etc" -http://theta44.org

 

Usage:

 

cd /tools/wifi/karma-20060124

 

bin/monitor-mode.sh  ath0

 

bin/karma  etc/karma.xml

 

 

 

KARMA is now offering a variety of services (POP, FTP and HTTP) for any curious user to connect up to.

 

 

 

Above we can see an attempted FTP connection to www.mysecretwebsite.com which actually was received by KARMA and the users credentials - username = myusername and password = mypassword were capture by KARMA.

 

 

karma-lan.xml

 

Description:

 

karma-lan.xml - "This configuration runs a  rogue DHCP, DNS and HTTP services on an existing (wired) network connection.  The HTTP service redirects all requests to ExampleWebExploit module that displays simple HTML page" -http://theta44.org

 

Usage:

 

cd /tools/wifi/karma-20060124

 

bin/monitor-mode.sh  ath0

 

bin/karma  etc/karma-lan.xml

 

The karma-lan.xml configuration file provides you with all the features (e.g. to capture POP, FTP and HTTP traffic) of karma.xml but for a wired interface.

Many thanks to Dino Dai Zovi for producing the new KARMA snapshot without which this guide would not exist.


 

 
 
   Copyright 2010 Wirelessdefence.org. All Rights Reserved.