Karmetasploit 3 documentation available. Karmetasploit = KARMA + Metasploit 3

HD Moore just posted documentation for Karmetasploit:

I just posted the first public documentation on Karmetasploit. This project is a combination of Dino Dai Zovi and Shane Macaulay's KARMA and the Metasploit Framework. The result is an extremely effective way to absorb information and remote shells from the wireless-enabled machines around you. This first version is still a proof-of-concept, but it already has an impressive feature list:

- Capture POP3 and IMAP4 passwords (clear-text and SSL)
- Accept outbound email sent over SMTP
- Parse out FTP and HTTP login information
- Steal cookies from large lists of popular web sites
- Steal saved form fields from the same web sites
- Use SMB relay attacks to load the Meterpreter payload
- Automatically exploit a wide range of browser flaws
(source: Metasploit blog)
Just one piece of advice. Unless you create an IPSEC tunnel or you can use WPA, don't use a wireless network. Too much can go wrong. If you want to know how many attacks are possible on an unprotected wlan connection, just download this video from The Last HOPE from Renderman: How Do I Pwn Thee - Let Me Count The Ways (torrent). Just set up a openVPN server at home (or use ssh tunneling in worst case).

Related posts:
(Picture under Creative Commons from Blog Story's Photosstream)

No comments: