Last active
July 3, 2024 07:32
-
-
Save yosignals/7465dc36d890ba680a53bd304df450c6 to your computer and use it in GitHub Desktop.
Countermeasure for clients experiencing a KARMA (2004) / Mana / Wireless Attack - https://thecontractor.io/NTS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Check for administrative privileges | |
if (-not ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { | |
Write-Host "Please run this script as an Administrator." | |
exit | |
} | |
# List all network adapters and prompt user to select the wireless adapter | |
$wifiAdapters = Get-NetAdapter -IncludeHidden | Where-Object {$_.InterfaceDescription -match "Wi-Fi|Wireless"} | |
if ($wifiAdapters.Count -eq 0) { | |
Write-Host "No wireless adapter found" | |
exit | |
} | |
Write-Host "Available Wireless Adapters:" | |
$wifiAdapters | ForEach-Object { Write-Host "$($_.InterfaceIndex): $($_.Name) - $($_.InterfaceDescription)" } | |
$selectedIndex = Read-Host "Please enter the index of the wireless adapter to use" | |
$wifiAdapter = $wifiAdapters | Where-Object { $_.InterfaceIndex -eq $selectedIndex } | |
if ($null -eq $wifiAdapter) { | |
Write-Host "Invalid selection. Exiting." | |
exit | |
} | |
Write-Host "Selected wireless adapter: $($wifiAdapter.Name)" | |
# Add 'PoopSniffington' to preferred networks with the highest priority | |
$profileXml = @" | |
<?xml version="1.0"?> | |
<WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1"> | |
<name>PoopSniffington</name> | |
<SSIDConfig> | |
<SSID> | |
<name>PoopSniffington</name> | |
</SSID> | |
<nonBroadcast>true</nonBroadcast> | |
</SSIDConfig> | |
<connectionType>ESS</connectionType> | |
<connectionMode>auto</connectionMode> | |
<MSM> | |
<security> | |
<authEncryption> | |
<authentication>WPA2PSK</authentication> | |
<encryption>AES</encryption> | |
<useOneX>false</useOneX> | |
</authEncryption> | |
<sharedKey> | |
<keyType>passPhrase</keyType> | |
<protected>false</protected> | |
<keyMaterial>pewpoopew</keyMaterial> | |
</sharedKey> | |
</security> | |
</MSM> | |
<MacRandomization xmlns="http://www.microsoft.com/networking/WLAN/profile/v3"> | |
<enableRandomization>false</enableRandomization> | |
</MacRandomization> | |
</WLANProfile> | |
"@ | |
$profilePath = [System.IO.Path]::Combine($env:TEMP, "PoopSniffington.xml") | |
$profileXml | Out-File -FilePath $profilePath -Encoding UTF8 | |
# Add the WiFi profile using netsh | |
Write-Host "Adding profile PoopSniffington to interface $($wifiAdapter.Name)" | |
netsh wlan add profile filename="$profilePath" interface="$($wifiAdapter.Name)" | |
# Ensure it is set to highest priority | |
Write-Host "Setting profile order for PoopSniffington to highest priority" | |
netsh wlan set profileorder name="PoopSniffington" interface="$($wifiAdapter.Name)" priority=1 | |
# Verify the profile is in the preferred networks | |
Write-Host "Verifying profile PoopSniffington in preferred networks" | |
$profiles = netsh wlan show profiles | |
if ($profiles -match "PoopSniffington") { | |
Write-Host "Profile PoopSniffington is successfully added to preferred networks." | |
} else { | |
Write-Host "Profile PoopSniffington is not found in preferred networks." | |
exit | |
} | |
# Create the scheduled task | |
$taskName = "DisableWiFiOnPoopSniffington" | |
$taskAction = New-ScheduledTaskAction -Execute "Powershell.exe" -Argument "-NoProfile -WindowStyle Hidden -Command `"Disable-NetAdapter -Name '$($wifiAdapter.Name)' -Confirm:\$false; [System.Reflection.Assembly]::LoadWithPartialName('System.Windows.Forms'); [System.Windows.Forms.MessageBox]::Show('Connected to PoopSniffington - Disabling Wi-Fi adapter Karma Attack Detected!')`"" | |
$taskTrigger = New-ScheduledTaskTrigger -AtStartup | |
$principal = New-ScheduledTaskPrincipal -UserId "SYSTEM" -LogonType ServiceAccount -RunLevel Highest | |
Register-ScheduledTask -TaskName $taskName -Action $taskAction -Trigger $taskTrigger -Principal $principal | |
Write-Host "Scheduled task created to disable Wi-Fi adapter when connected to PoopSniffington." | |
# Exit the script | |
exit |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Work in progress :)