Jump to content

Karma And Airdrop-Ng


SystemCrash86
 Share

Recommended Posts

Using karmetasploit is the same as using the Jasager on the WiFi pineapple, right?

You use karma in karmetasploit to respond to all probes as soon as WiFi is turned on. The fake access point provided by airbase-ng from the aircrack-ng suite. Is that right?

If so I have a question about using airdrop-ng, also from the aircrack-ng suite at the same time as using karmetasploit.

My set up is Backtrack 5r3, Alfa Awus036h as my usb wireless card and my laptops internal WiFi card and my own Desktop PC in this case playing the “victim”

Both wireless card support packet injection.

Everything is up-to-date.

In setting everything up I have loaded up Backtrack and connected my internal WiFi card to my own internet access point so I have internet access.

I then connect my Alfa Awus036h and set it up as my fake access point which will be used by Karmetasploit.

Everything works, using my Desktop PC I am able to connect the fake access point (provided by airbase-ng on Alfa wireless card) and use the internet because my other wireless card is connected to my internet hub.

But I would like to use airdrop-ng but I am having some trouble setting up the rules to force my PC to connect to my fake ap. In the allowed rules do I put the bssid of my fake ap so they can connect to it but also do I have to use the bssid of my wireless router so everyone can get internet access. Do I use one or both bssids? How would that look like? I am doing all this from my backtrack machine so when using airdrop I don’t want to lose my connectivity which is providing the internet to the fake ap.

I saw Darren using the WiFi pineapple on the “Airport WiFi Challenge” using Jasager and airdrop-ng together. Just wondering how he got them to play nice together - using Jasager (Karma + fake ap) and airdrop-ng while still maintaining internet access

Link to comment
Share on other sites

Using karmetasploit is the same as using the Jasager on the WiFi pineapple, right?

You use karma in karmetasploit to respond to all probes as soon as WiFi is turned on. The fake access point provided by airbase-ng from the aircrack-ng suite. Is that right?

No they aren't the same thing. airbase-ng is a simulated AP using monitor mode to listen to traffic and packet injection to respond. Karma uses Master mode to create a true access point.

If so I have a question about using airdrop-ng, also from the aircrack-ng suite at the same time as using karmetasploit.

My set up is Backtrack 5r3, Alfa Awus036h as my usb wireless card and my laptops internal WiFi card and my own Desktop PC in this case playing the “victim”

Both wireless card support packet injection.

Everything is up-to-date.

In setting everything up I have loaded up Backtrack and connected my internal WiFi card to my own internet access point so I have internet access.

I then connect my Alfa Awus036h and set it up as my fake access point which will be used by Karmetasploit.

Everything works, using my Desktop PC I am able to connect the fake access point (provided by airbase-ng on Alfa wireless card) and use the internet because my other wireless card is connected to my internet hub.

But I would like to use airdrop-ng but I am having some trouble setting up the rules to force my PC to connect to my fake ap. In the allowed rules do I put the bssid of my fake ap so they can connect to it but also do I have to use the bssid of my wireless router so everyone can get internet access. Do I use one or both bssids? How would that look like? I am doing all this from my backtrack machine so when using airdrop I don’t want to lose my connectivity which is providing the internet to the fake ap.

I saw Darren using the WiFi pineapple on the “Airport WiFi Challenge” using Jasager and airdrop-ng together. Just wondering how he got them to play nice together - using Jasager (Karma + fake ap) and airdrop-ng while still maintaining internet access

You might be able to get this working but with two cards it won't be efficient and probably won't work as well as you'd want.

The problem is that you can't use the card that is in managed mode (connected to the real AP) to do the deauth so you have to do everything else with your other card.

You put that on a single channel to act as an AP but then want it to also deauth. You should be setting your fake AP up on an unused channel so you don't get interference with the real APs that are in the area but when you run the deauth the card has to jump to the second channel to do the deauth so the fake AP then loses connection to any clients. This constant jumping makes for a very choppy connection.

Your best option is to plug directly into your AP with a cable then use one card to do the fake AP and the other to do the deauth.

Link to comment
Share on other sites

  • 2 months later...

SystemCrash86

I beleve you want to

d/any/any

a/karma-bssid/any

a/internet-router/alfa-mac-on-bt-machine

sorry I don't remember the true commands for the black/white listing but that is the idea.

Thanks, When i was watching Darren's Airport challenge he showed us the rules he made for airdrop-ng so that all clients would disconnect from the access point they were connected to and reconnect to the wifi pineapple.

His rules were as follows:

a/bssid of wifi pineapple|any

d/any|any

Now my question is, where is the pineapple getting its internet from? Because its not in the airdrop-ng rules that he set up which means that everyone is connecting to the pineapple but they dont have internet access.

What would be the rules for airdrop-ng to include internet access to the clients who are connecting?

I have a pineapple, a home router providing internet access and alfa Awus036h adaptor and when i tried airdrop-ng i lost connection so i would like to know what the airdrop-ng rule file should look like inorder to make this work

Link to comment
Share on other sites

Thanks, When i was watching Darren's Airport challenge he showed us the rules he made for airdrop-ng so that all clients would disconnect from the access point they were connected to and reconnect to the wifi pineapple.

His rules were as follows:

a/bssid of wifi pineapple|any

d/any|any

Now my question is, where is the pineapple getting its internet from? Because its not in the airdrop-ng rules that he set up which means that everyone is connecting to the pineapple but they dont have internet access.

What would be the rules for airdrop-ng to include internet access to the clients who are connecting?

I have a pineapple, a home router providing internet access and alfa Awus036h adaptor and when i tried airdrop-ng i lost connection so i would like to know what the airdrop-ng rule file should look like inorder to make this work

answer is in my post u quoted.

Allow your internet proving router to not get deauthed. A/internetrouter|macofwifiadaptergettinginternet

Link to comment
Share on other sites

Thanks, i tried that and for some reason it disconnected me, i must have mis-typed something.

Thanks again for all your help.

I was just watching the youtube video of the airport challange and i couldn't explain Darrens airdrop-ng deauth rules becasue he allowed everything to the pineapple but thats it. So i was just curious about that.

Link to comment
Share on other sites

I also tried to replicate D's demo to no avail. After a bit of research I found ppl all over bitching about how pissy airdrop-ng is. I couldn't get it to work either, so I just turned my attention elsewhere for now. Will keep a watchful eye.

I have 2 awus036h's and 1 036nha plus 3 pineapples. I have been somewhat successful in setting up 2 adapters on laptop to simultaneously use mdk3 to blast out deauth packets using a whitelist file for the pineapple mac. I also use a 16dbi antennae on the pineapple so (in theory) the signal is stronger and thus 'captures' victims before they have the chance to reconnect to their wifi of choice. I use the third adapter for the real interesting/stubborn targets =P which in turn get a taste of aircrack-ng, my preferred method.

This is not, however, ideal. mdk3 is not fast enough for my needs. Many devices are able to reconnect because after the router flushes it's clients, mdk3 moves on to another bssid to deauth, leaving the victim capable of reconnecting. Again, why I have the auxillary adapter for those clients.

Anyone else have alternative set-ups to do mass deauth?

I really, really want to do this from a smaller/less complex setup. I originally acquired the pineapples in hopes of being able to do all this from a standalone setup, sans the battery pack for the usb hub and pineapple. (like the pineapple+usbhub feeding multiple interfaces and a 3g dongle.) I could use autossh to tunnel back into pineapple remotely and then use adapters to do the dirty work, instead of having to use my laptop.(which I'm reluctant to leave behind somewhere)

I got some images of my concoction I'll put on here soon. It is Amazing how many wires it takes to truly control wire-LESS ;)

Edited by condor
Link to comment
Share on other sites

Update

After some tweaking i managed to get my setup to work somewhat.

I have my laptop running Backtrack 5r3 with all the updates connected to a pineapple mark 4 via eth0 and using my laptops internal wireless card to connect to my home router in this case its wlan0. Thats working good and i have a somewhat stable connection****

Then i plug in my Alfa Awus036h wireless adaptor and turn on monitor mode which i use for airodump-ng and airdrop-ng after tweaking the rules file which i had previously had problems with. Then i ran airdrop-ng without any errors but everytime it ran it would make my computer freeze up so i had to add a -s sleep to the airdrop-ng command to slow it down and it ran without a hitch.

I know this worked because i still had my connection to the internet which wasn't being disconnected by airdrop-ng and i got more clients on the pineapple.

***** However on a side note, after a while i find that the pineapple can no longer access the internet. I know this becasue i tried to "reveal my public IP" and download more modules for the device but i get "error connection, please check your internet connection".

I am unable to explain this because i can ping sites including websites, computers and even the pineapple itself and i can open up a browser and surf the web so i am alittle confused as to what is going on.

All help is very much appreciated

Link to comment
Share on other sites

snaggle frickin ghost code. I have had MANY instances of the pineapple acting 'out of line'. But due to my noob status, I chalk it up to me not knowing shit. Sorry, bud, but I am glad to see that someone advanced as yourself, SystemCrash, is too having problems. Your situation seems absolutely weird. Can you ping cloud.wifipineapple.com? Isn't that the domain that the mkiv contacts to get ip info? I assume that would be best to get a 'public ip' depending on other variables

***** However on a side note, after a while i find that the pineapple can no longer access the internet. I know this becasue i tried to "reveal my public IP" and download more modules for the device but i get "error connection, please check your internet connection".

I am unable to explain this because i can ping sites including websites, computers and even the pineapple itself and i can open up a browser and surf the web so i am alittle confused as to what is going on.

All help is very much appreciated

What do you mean by 'after a little while' ? I can't seem to figure out why it would do this only after some use. What are the rule tweaks you mentioned?

Link to comment
Share on other sites

snaggle frickin ghost code. I have had MANY instances of the pineapple acting 'out of line'. But due to my noob status, I chalk it up to me not knowing shit. Sorry, bud, but I am glad to see that someone advanced as yourself, SystemCrash, is too having problems. Your situation seems absolutely weird. Can you ping cloud.wifipineapple.com? Isn't that the domain that the mkiv contacts to get ip info? I assume that would be best to get a 'public ip' depending on other variables

What do you mean by 'after a little while' ? I can't seem to figure out why it would do this only after some use. What are the rule tweaks you mentioned?

By using the information provided in this thread, thanks to everyone who answered my question i was able to change my airdrop-ng rules to:

a/router providing internet|computer connected to internet

a/wifi pineapple bssid|any

d/any|any

Before i was also adding in my alfa adaptor to the allow rules but then realised i didnt need to becasue all that would be doing was sending deauth requests using airdrop-ng. Then the issue with the pineapple address, on the bottom of the device it says one address but running airodump-ng it says another so i put the one seen in airodump-ng. On the pineapple the mac address ends in 69:D0 and in airodump-ng the bssid ends in 69:D2.

After running constantly for about say 45 min i loose connection on the pineapple, i mean i can't reveal my public ip address or download any modules and i get the error "error connection, please check your internet connection". Yet i can still open up a browser and surf the web. I am still unsure about this

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...