Wireless Vulnerabilities & Exploits
Wireless Vulnerabilities & Exploits
WVE ID: WVE-2006-0032
Type: Exploit
Status: Candidate
Classification:
Authentication Management
Hijacking
Infrastructure
Description:
KARMA is a set of tools for assessing the security of wireless clients at multiple layers. It listens to all client probe requests and becomes a fake AP for any requested network while emulating a production network environment.
Discussion:
Wireless sniffing tools discover clients and their preferred network list by passively listening for 802.11 Probe Request frames. From there, individual clients can be targeted by creating a Rogue AP for one of their probed networks (which they may join automatically) or using a custom driver that responds to probes and association requests for any SSID. Higher-level fake services can then capture credentials or exploit client-side vulnerabilities on the host.
The tool provides an exploit framework known as BYOX (Bring Your Own Exploits). A number of client-side exploits have been written, tested and demonstrated within this framework.
Credits
Author:
Dino A. Dai Zovi
: None
Author:
Shane Macaulay
: None
References
URL:
http://theta44.org/karma/index.html
Released: 2006-01-24
Submitter
Raul
Siles
(raul.siles@hp.com)
: HP
Submitted: Tue Apr 11 10:44:18 -0700 2006
Candidate Date: Wed Apr 12 06:34:52 -0700 2006
