There is a bit of setup required to get Karmetasploit up and going on Kali Linux Rolling. The first step is to obtain the run control file for Karmetasploit:

root@kali:~# wget https://www.offensive-security.com/wp-content/uploads/2015/04/karma.rc_.txt
--2015-04-03 16:17:27-- https://www.offensive-security.com/downloads/karma.rc
Resolving www.offensive-security.com (www.offensive-security.com)... 198.50.176.211
Connecting to www.offensive-security.com (www.offensive-security.com)|198.50.176.211|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1089 (1.1K) [text/plain]

Saving to: `karma.rc' 100%[======================================>] 1,089 --.-K/s in 0s

2015-04-03 16:17:28 (35.9 MB/s) - `karma.rc' saved [1089/1089]
root@kali:~#

Having obtained that requirement, we need to set up a bit of the infrastructure that will be required. When clients attach to the fake AP we run, they will be expecting to be assigned an IP address. As such, we need to put a DHCP server in place. Let’s install a DHCP server onto Kali.

root@kali:~# apt update
...snip...
root@kali:~# apt -y install isc-dhcp-server
Reading package lists... Done
Building dependency tree       
Reading state information... Done
...snip...
root@kali:~#

Next, let’s configure our dhcpd.conf file. We will replace the configuration file with the following output:

root@kali:~# cat /etc/dhcp/dhcpd.conf
option domain-name-servers 10.0.0.1;

default-lease-time 60;
max-lease-time 72;

ddns-update-style none;

authoritative;

log-facility local7;

subnet 10.0.0.0 netmask 255.255.255.0 {
  range 10.0.0.100 10.0.0.254;
  option routers 10.0.0.1;
  option domain-name-servers 10.0.0.1;
}
root@kali:~#

Then we need to install a couple of requirements.

root@kali:~# apt -y install libsqlite3-dev
Reading package lists... Done
Building dependency tree       
Reading state information... Done
...snip...
root@kali:~# gem install activerecord sqlite3
Fetching: activerecord-5.0.0.1.gem (100%)
Successfully installed activerecord-5.0.0.1
Parsing documentation for activerecord-5.0.0.1
Installing ri documentation for activerecord-5.0.0.1
Done installing documentation for activerecord after 7 seconds
Fetching: sqlite3-1.3.12.gem (100%)
Building native extensions.  This could take a while...
Successfully installed sqlite3-1.3.12
Parsing documentation for sqlite3-1.3.12
Installing ri documentation for sqlite3-1.3.12
Done installing documentation for sqlite3 after 0 seconds
2 gems installed
root@kali:~#

Now we are ready to go. First off, we need to locate our wireless card, then start our wireless adapter in monitor mode with airmon-ng. Afterwards we use airbase-ng to start a new wireless network.

root@kali:~# airmon-ng


PHY     Interface       Driver          Chipset

phy0	wlan0	        ath9k_htc	Atheros Communications, Inc. AR9271 802.11n

root@kali:~# airmon-ng start wlan0

PHY	Interface	Driver		Chipset

phy0	wlan0		ath9k_htc	Atheros Communications, Inc. AR9271 802.11n

		(mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon)
		(mac80211 station mode vif disabled for [phy0]wlan0)

Found 2 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!

PID     Name
693     dhclient
934     wpa_supplicant

root@kali:~# airbase-ng -P -C 30 -e "U R PWND" -v wlan0mon
For information, no action required: Using gettimeofday() instead of /dev/rtc
22:52:25  Created tap interface at0
22:52:25  Trying to set MTU on at0 to 1500
22:52:25  Trying to set MTU on wlan0mon to 1800
22:52:25  Access Point with BSSID 00:C0:CA:82:D9:63 started.

Airbase-ng has created a new interface for us, ‘at0’. This is the interface we will now use. We will now assign ourselves an IP address.

root@kali:~# ifconfig at0 up 10.0.0.1 netmask 255.255.255.0
root@kali:~#

Before we run our DHCP server, we need to create a lease database, then we can get it to listening on our new interface.

root@kali:~# touch /var/lib/dhcp/dhcpd.leases
root@kali:~# dhcpd -cf /etc/dhcp/dhcpd.conf at0
Internet Systems Consortium DHCP Server 4.3.3
Copyright 2004-2015 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Config file: /etc/dhcp/dhcpd.conf
Database file: /var/lib/dhcp/dhcpd.leases
PID file: /var/run/dhcpd.pid
Wrote 0 leases to leases file.
Listening on LPF/at0/00:c0:ca:82:d9:63/10.0.0.0/24
Sending on   LPF/at0/00:c0:ca:82:d9:63/10.0.0.0/24
Sending on   Socket/fallback/fallback-net

root@kali:~# ps aux | grep [d]hcpd
root      2373  0.0  0.4  28448  9532 ?        Ss   13:45   0:00 dhcpd -cf /etc/dhcp/dhcpd.conf at0
root@kali:~#
Menu
X Close

 

Certified Pentesting
Professional

OSCP
course starting at
$800 USD

Take Penetration Testing with Kali Linux to gain invaluable penetration testing skills and earn your OSCP.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSCP

Certified Pentesting
Expert

OSCE
course starting at
$1200 USD

Take Cracking the Perimeter to take your penetration testing skills to expert levels and earn your OSCE.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSCE

 

Certified Pentesting
Web Expert

OSWE
course starting at
$1400 USD

Take Advanced Web Attacks and Exploitation, to deep dive into web apps to earn your OSWE.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSWE

Certified Pentesting
Wireless Professional

OSWP
course starting at
$450 USD

Take Offensive Security Wireless Attacks to acquire knowledge about Wi-Fi attacks and earn your OSWP.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSWP

Certified Exploitation
Expert

OSEE
course starting at
See
Live Schedule

Take Advanced Windows Exploitation to develop exploits for Windows systems and earn your OSEE.

  • Live training course
  • Includes certification exam fee
  • Maximum instructor interaction
  • Highly challenging
  • Become an OSEE