I just coudnt resist by not posting the first public documentation on karmetasploit This project is a combination of Dino Dai Zovi and Shane Macaulay’s KARMA and the Metasploit Framework. The result is an extremely effective way to absorb information and remote shells from the wireless-enabled machines around you. This first version is still a proof-of-concept, but it already has an impressive feature list, they are :
- Capture POP3 and IMAP4 passwords (clear-text and SSL)
- Accept outbound email sent over SMTP
- Parse out FTP and HTTP login information
- Steal cookies from large lists of popular web sites
- Steal saved form fields from the same web sites
- Use SMB relay attacks to load the Meterpreter payload
- Automatically exploit a wide range of browser flaws
One of the cool features is the probe-to-beacon code that we submitted as a patch to airbase-ng. Windows XP and Mac OS X systems use probe requests to determine if any of their preferred wireless networks are in range. Windows Vista no longer sends probes, instead it listens for a beacon containing the name of a preferred network. The new feature of airbase-ng (-C XX) allows one probing client to be used to discover a client that is listening for beacons. This works by rebroadcasting all probed networks as beacons for a short period of time. The result is that all actively-probing clients can be used to discover passive clients that are listening for the same network name ,
for more go here
August 20th, 2008 at 3:39 pm
Great content. I’ll keep coming back for similar posts which I cannot wait to read….
October 20th, 2008 at 6:13 am
Baco
sure u can come back regularly u can find many more things intersting here