Usage - Auto-run

The auto-run scripts.

The auto-run feature monitors the log file for clients either associating or acquiring an IP address from the DHCP server and then fires off scripts in response to these actions. The scripts are set up like standard linux init.d scripts with a selection of scripts in /karma/etc/init.d which are then linked through to /karma/etc/rc.assoc and /karma/etc/rc.dhcp. As with init scripts, the scripts should start with S and are ran in numeric order.

The association scripts are passed the MAC address as the first parameter and the SSID as the second, the DHCP scripts are also passed the IP address as the third parameter.

At the moment there are only a couple of dummy stubs in these directories but there is obviously a lot of scope for scripts such as automatically running nmap and nessus.

A script I had in mind for the association is to check the MAC address to see if it is associated with a chipset with a known vulnerable driver, such as the Intel Centrino vulnerabilities from 2006. If it is you can automatically send out exploits and auto-own the client before they even realise they are connected. I plan to start work on these scripts and will release them as I get them stable. If anyone wants to contribute scripts I'll give full credit and post them in the downloads section.

© DigiNinja.org 2009. Site design by Seedling Media.