Countermeasure for clients experiencing a KARMA (2004) / Mana / Wireless Attack - https://thecontractor.io/NTS

NTS.ps1

# Check for administrative privileges
if (-not ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
    Write-Host "Please run this script as an Administrator."
    exit
}

# List all network adapters and prompt user to select the wireless adapter
$wifiAdapters = Get-NetAdapter -IncludeHidden | Where-Object {$_.InterfaceDescription -match "Wi-Fi|Wireless"}

if ($wifiAdapters.Count -eq 0) {
    Write-Host "No wireless adapter found"
    exit
}

Write-Host "Available Wireless Adapters:"
$wifiAdapters | ForEach-Object { Write-Host "$($_.InterfaceIndex): $($_.Name) - $($_.InterfaceDescription)" }

$selectedIndex = Read-Host "Please enter the index of the wireless adapter to use"
$wifiAdapter = $wifiAdapters | Where-Object { $_.InterfaceIndex -eq $selectedIndex }

if ($null -eq $wifiAdapter) {
    Write-Host "Invalid selection. Exiting."
    exit
}

Write-Host "Selected wireless adapter: $($wifiAdapter.Name)"

# Add 'PoopSniffington' to preferred networks with the highest priority
$profileXml = @"
<?xml version="1.0"?>
<WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1">
    <name>PoopSniffington</name>
    <SSIDConfig>
        <SSID>
            <name>PoopSniffington</name>
        </SSID>
 	<nonBroadcast>true</nonBroadcast>
    </SSIDConfig>
    <connectionType>ESS</connectionType>
    <connectionMode>auto</connectionMode>
    <MSM>
        <security>
            <authEncryption>
                <authentication>WPA2PSK</authentication>
                <encryption>AES</encryption>
                <useOneX>false</useOneX>
            </authEncryption>
            <sharedKey>
                <keyType>passPhrase</keyType>
                <protected>false</protected>
                <keyMaterial>pewpoopew</keyMaterial>
            </sharedKey>
        </security>
    </MSM>
    <MacRandomization xmlns="http://www.microsoft.com/networking/WLAN/profile/v3">
        <enableRandomization>false</enableRandomization>
    </MacRandomization>
</WLANProfile>
"@

$profilePath = [System.IO.Path]::Combine($env:TEMP, "PoopSniffington.xml")
$profileXml | Out-File -FilePath $profilePath -Encoding UTF8

# Add the WiFi profile using netsh
Write-Host "Adding profile PoopSniffington to interface $($wifiAdapter.Name)"
netsh wlan add profile filename="$profilePath" interface="$($wifiAdapter.Name)"

# Ensure it is set to highest priority
Write-Host "Setting profile order for PoopSniffington to highest priority"
netsh wlan set profileorder name="PoopSniffington" interface="$($wifiAdapter.Name)" priority=1

# Verify the profile is in the preferred networks
Write-Host "Verifying profile PoopSniffington in preferred networks"
$profiles = netsh wlan show profiles
if ($profiles -match "PoopSniffington") {
    Write-Host "Profile PoopSniffington is successfully added to preferred networks."
} else {
    Write-Host "Profile PoopSniffington is not found in preferred networks."
    exit
}

# Create the scheduled task
$taskName = "DisableWiFiOnPoopSniffington"
$taskAction = New-ScheduledTaskAction -Execute "Powershell.exe" -Argument "-NoProfile -WindowStyle Hidden -Command `"Disable-NetAdapter -Name '$($wifiAdapter.Name)' -Confirm:\$false; [System.Reflection.Assembly]::LoadWithPartialName('System.Windows.Forms'); [System.Windows.Forms.MessageBox]::Show('Connected to PoopSniffington -  Disabling Wi-Fi adapter Karma Attack Detected!')`""
$taskTrigger = New-ScheduledTaskTrigger -AtStartup

$principal = New-ScheduledTaskPrincipal -UserId "SYSTEM" -LogonType ServiceAccount -RunLevel Highest

Register-ScheduledTask -TaskName $taskName -Action $taskAction -Trigger $taskTrigger -Principal $principal

Write-Host "Scheduled task created to disable Wi-Fi adapter when connected to PoopSniffington."

# Exit the script
exit

Work in progress :)