SKA: Simple Karma Attack

Last Commit: 09/20/2019

SKA: Simple Karma Attack

Introduction

Knowledge about karma attack was not public before 2004. In this year two famous technologists, Dino dai Zovi and Shaun Macaulay, made it public. SKA is the tool which can give you the opportunity to implement a very simple and fast karma attack. This Karma attack tends to find its way into user devices by taking advantage of Wi-Fi connectivity loopholes. The attack is a variant of the evil-twin process.

Evil Twin Attack: “An evil twin is a fraudulent Wi-Fi access point that appears to be legitimate but is set up to eavesdrop on wireless communications. The evil twin is the wireless LAN equivalent of the phishing scam.” (Source: Wikipedia)

Very useful type of the attack when it comes to passwords stealing using already known phishing methods.
Karma Attack: “Type of attack that exploits a behaviour of some Wi-Fi devices, combined with the lack of access point authentication in numerous WiFi protocols. It is a variant of the evil twin attack.” (Source: Wikipedia)

SKA: MiTM Attack on Device Wi-Fi Vulnerability

A successfully executed Karma attack, creates the AP which can be used for initiating and executing any other desired device attacks.  This AP takes the position of a middle man platform which will attack any device with Wi-Fi vulnerabilities i.e. a less vigilant authentication system when reconnecting to old networks.

Devices that broadcast their SS identification numbers for their previous connections are at risk from the attack. This is because the broadcast are not protected as the device is prepared to reconnect without needing authentication. The attack therefore takes advantage of this lack of encryption and hence disguises itself as one of those previous connection to gain access to the device.

How it works?

  1. Choosing of NICs.
  2. Capturing of probe-requests and choosing of the false AP name.
  3. Activating of fake AP.
  4. The new AP contains a DHCP server which gives a correct IP to the targeted user and doesn’t allow any alerts to be shown on victim’s devices.
  5. Activating of HTTP redirection.
  6. HTTP requests are being redirected to fake site while the traffic through HTTPS normally continues.
  7. Activating the Apache server which will host the phishing site.
  8. At the very end of the attack the script will be cleaned and Apache configuration will be restored.

Supported Platforms:

Operating systems that are similar to UNIX systems are vulnerable. These include:

  • Windows,
  • Linux,
  • OS X,
  • Android,
  • IOS, despite recent updates.

Modules:

  • NICs
  • Sniff Probe
  • Fake AP
  • HTTP
  • DHCP
  • download
  • Apache

Install [Potential Problems]

SKA will alert you if there are some problems with NetworkManager demon or Apache config file. (More info here).

The DNS line must be disabled. This can be found in the configfile of the Network manager (/etc/NetworkManager/):

$ dns=dnsmasq 

Identify the MAC address of the wireless adapter, then configure as follows:

$ unmanaged-devices=mac:XX:XX:XX:XX:XX:XX
Download Box