kali linux karmetasploit配置

Posted 2020-06-11

转官方说明：https://www.offensive-security.com/metasploit-unleashed/karmetasploit-configuration/

There is a bit of setup required to get Karmetasploit up and going. The first step is to obtain the run control file for Karmetasploit:

[email protected]:~# wget https://www.offensive-security.com/wp-content/uploads/2015/04/karma.rc_.txt
--2015-04-03 16:17:27-- https://www.offensive-security.com/downloads/karma.rc
Resolving www.offensive-security.com (www.offensive-security.com)... 198.50.176.211
Connecting to www.offensive-security.com (www.offensive-security.com)|198.50.176.211|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1089 (1.1K) [text/plain]

Saving to: `karma.rc‘ 100%[======================================>] 1,089 --.-K/s in 0s

2015-04-03 16:17:28 (35.9 MB/s) - `karma.rc‘ saved [1089/1089]

Having obtained that requirement, we need to set up a bit of the infrastructure that will be required. When clients attach to the fake AP we run, they will be expecting to be assigned an IP address. As such, we need to put a DHCP server in place. Let’s configure our ‘dhcpd.conf’ file.

[email protected]:~# cat /etc/dhcp3/dhcpd.conf
option domain-name-servers 10.0.0.1;

default-lease-time 60;
max-lease-time 72;

ddns-update-style none;

authoritative;

log-facility local7;

subnet 10.0.0.0 netmask 255.255.255.0 {
  range 10.0.0.100 10.0.0.254;
  option routers 10.0.0.1;
  option domain-name-servers 10.0.0.1;
}

Then we need to install a couple of requirements.

[email protected]:~# gem install activerecord sqlite3-ruby
Successfully installed activerecord-2.3.2
Building native extensions.  This could take a while...
Successfully installed sqlite3-ruby-1.2.4
2 gems installed
Installing ri documentation for activerecord-2.3.2...
Installing ri documentation for sqlite3-ruby-1.2.4...
Installing RDoc documentation for activerecord-2.3.2...
Installing RDoc documentation for sqlite3-ruby-1.2.4...

Now we are ready to go. First off, we need to restart our wireless adapter in monitor mode. To do so, we first stop the interface, then use airmon-ng to restart it in monitor mode. Then, we utilize airbase-ng to start a new network.

[email protected]:~# airmon-ng


Interface    Chipset        Driver

wifi0        Atheros        madwifi-ng
ath0         Atheros        madwifi-ng VAP (parent: wifi0)

[email protected]:~# airmon-ng stop ath0


Interface    Chipset        Driver

wifi0        Atheros        madwifi-ng
ath0         Atheros        madwifi-ng VAP (parent: wifi0) (VAP destroyed)


[email protected]:~# airmon-ng start wifi0


Found 3 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
-e
PID     Name
5636    NetworkManager
5641    wpa_supplicant
5748    dhclient3


Interface    Chipset        Driver

wifi0        Atheros        madwifi-ngError for wireless request "Set Frequency" (8B04) :
    SET failed on device ath0 ; No such device.
ath0: ERROR while getting interface flags: No such device

ath1         Atheros        madwifi-ng VAP (parent: wifi0)

[email protected]:~# airbase-ng -P -C 30 -e "U R PWND" -v ath1
For information, no action required: Using gettimeofday() instead of /dev/rtc
22:52:25  Created tap interface at0
22:52:25  Trying to set MTU on at0 to 1500
22:52:25  Trying to set MTU on ath1 to 1800
22:52:25  Access Point with BSSID 00:1A:4D:49:0B:26 started.

Airbase-ng has created a new interface for us, at0. This is the interface we will now utilize. We will now assign ourselves an IP address and start up our DHCP server listening on our new interface.

[email protected]:~# ifconfig at0 up 10.0.0.1 netmask 255.255.255.0
[email protected]:~# dhcpd3 -cf /etc/dhcp3/dhcpd.conf at0
Internet Systems Consortium DHCP Server V3.1.1
Copyright 2004-2008 Internet Systems Consortium.
All rights reserved.
For info, please visit http://www.isc.org/sw/dhcp/
Wrote 0 leases to leases file.
Listening on LPF/at0/00:1a:4d:49:0b:26/10.0.0/24
Sending on   LPF/at0/00:1a:4d:49:0b:26/10.0.0/24
Sending on   Socket/fallback/fallback-net
Can‘t create PID file /var/run/dhcpd.pid: Permission denied.
[email protected]:~# ps aux | grep dhcpd
dhcpd     6490  0.0  0.1   3812  1840 ?        Ss   22:55   0:00 dhcpd3 -cf /etc/dhcp3/dhcpd.conf at0
root      6493  0.0  0.0   3232   788 pts/0    S+   22:55   0:00 grep dhcpd