Please create an account to participate in the Slashdot moderation system


Forgot your password?

Wi-Fi Exploits Coming to Metasploit 50

bucksDrop writes " is reporting that the Metasploit Project will add 802.11 (Wi-Fi) exploits to a new version of its point-and-click attack tool. Metasploit 3 will integrate kernel-mode payloads to allow users to use existing user-mode payloads for both kernel and non-kernel exploits. Metasploit is collaborating with Jon 'Johnny Cache' Ellch and implementing it by wrapping the LORCON library."
This discussion has been archived. No new comments can be posted.

Wi-Fi Exploits Coming to Metasploit

Comments Filter:
  • Thanks Guys (Score:4, Insightful)

    by 99BottlesOfBeerInMyF ( 813746 ) on Thursday October 26, 2006 @05:39PM (#16601172)

    No really, I appreciate all the work that goes into putting this together. I'm sure privately distributed cracking tools already have some of this functionality. Maybe this will get OS vendors to pay a little more attention to wireless security. Wireless is not likely to be widely exploited mechanism for a worm, but it is still something that needs more attention.

    • Why don't hardware vendors simply release the source to their drivers so problems like this can be squashed quickly? Of course, there is no guarantee that the white hats will find problems before the black hats do, but it exposes flaws more eyeballs.
      • by 99BottlesOfBeerInMyF ( 813746 ) on Thursday October 26, 2006 @05:50PM (#16601314)

        Why don't hardware vendors simply release the source to their drivers so problems like this can be squashed quickly?

        Some of them probably will, but a lot of hardware vendors are reflexively secretive. Others, use the drivers to work around bugs in their products or are embarrassed of the shoddy quality of their code. I'd love the believe that the industry will start to demand open source drivers, but realistically, it is more likely that the OS developer community will have to account for untrusted hardware drivers by seriously re-architecting the way the kernel interacts with drivers.

        • Why would any hardware vondor release open source drivers? So that the competition can look at them? I remember someone commenting at another thread asking that firmware for hardware be open sourced too. Hardware vendors might as well then just put all their designs up on display, pack up their stuff and go home.
          • Why would any hardware vondor[sic] release open source drivers? So that the competition can look at them?

            Why would IBM contribute to an open source OS? So the competition can look at it? IBM is not in the business of selling OS's and by contributing to open source they get both other companies and the open source community to share the labor costs and make a better solution for both IBM and others. Likewise, hardware vendors are not in the business of selling drivers and those drivers could benefit signi

      • Re: (Score:3, Informative)

        by ehrichweiss ( 706417 )
        I don't know why others might not release their drivers' source but I know that Broadcomm apparently can't do it for at least some of their wireless cards because they apparently can be tuned into some military-only frequencies and needless to say that's not a good thing.
        • by Fred_A ( 10934 )
          More generally speaking, with a number of chipsets, you can change a number of parameters through software, notably emission power, sometimes frequency way outside of the extent of what is allowed for WiFi use (as per radio band use regulations).
          This is the main reason put forward by the makers for not releasing completely open drivers. If they did their gear couldn't be certified.
      • Re: (Score:3, Insightful)

        by cdrguru ( 88047 )
        The number one reason this isn't done is the difference between the hardware manufactured by the driver author and the hardware manufactured by slave labor in China is the driver. Period. The chips are nearly a commodity now. There isn't anything unique about that - it is how they are used in the software.

        15-20 years ago, it is was the design of the hardware that was where the value was. Today, it is mostly the software running the hardware.

        An open driver just means that they are giving away whatever va
    • The tools required for wireless worms have been available to Windows users for some time now, if you know where to look:

      Wireless Weapons of Mass Destruction []
  • by Anonymous Coward on Thursday October 26, 2006 @05:42PM (#16601212)

    What is Wi-Fi?
  • So..... (Score:3, Funny)

    by robpoe ( 578975 ) on Thursday October 26, 2006 @05:43PM (#16601238)
    Do I wrap my laptop in tinfoil yet, or not?

  • ...that I speak for a lot of people, based on the low response to this particular gem of posting, when i say:
    WTF, mate?
  • I've played around with metasploit in the past, especially their VNC payloads. The tool seems to have a high likelihood of abuse, compared to a lot of the other security tools (starting from nmap,nessus and all). Except for a couple of courtesy terminals, the tool basically gets you in and gives you a general feeling of being in control.

    Canned scripts hardly ever teach you anything, especially when they work out of the box. Making them writing your own exploits is the easiest way to get a script kiddie

  • by spinja ( 994674 ) on Thursday October 26, 2006 @06:04PM (#16601456) Homepage
    Install the latest Lorcon snapshot:
    $ []

    Grab the latest version of metasploit 3:
    $ svn co []

    Compile the Metasploit Lorcon wrapper:
    $ cd trunk/external/msflorcon
    $ make

    Plug in a support network card (I use a WPN511 with the madwifi-old driver in Gentoo)

    Load the Metasploit Console (as root, since it needs raw WiFi access)
    # trunk/msfconsole

    Play with some of the demo modules :-)

    This is an example of sending fake beacon requests to flood the Windows Wireless Network Browser:
    msf > use auxiliary/dos/wireless/fakeap
    msf auxiliary(fakeap) > show options

    Module options:

          CHANNEL 11 yes The default channel number
          DRIVER madwifi yes The name of the wireless driver for lorcon
          INTERFACE ath0 yes The name of the wireless interface

    Type the "run" command, or use "set VARIABLE VALUE" to change these options.

    msf auxiliary(fakeap) >run
  • Hopefully now that the code is out there, someone independent (not Ellch and not a Mac blogger) will test this exploit on an out-of-the-box MacBook, and see if the hole lives up to the hype.
  • I recently removed a nasty trojan (a member of the 'Wareout' family) from my laptop, with the aid of the free Sophos Anti-Rootkit [] and fantastic free technical support from the great folks at the spybot forums []. My best guess was that I got the infection when I logged into a free wifi connection at a local cafe. I saw a brief message from my antivirus software that a trojan had been detected, but afterwards, it reported nothing. After reading the eweek article, I learned that my Intel Pro/Wireless driver had
  • Proof of concept exploits, are one thing, arguably useful. But helpfully integrating them into a tool script kiddies can use is just wrong. This is the kind of thing that makes computer security an ongoing nightmare.
    • by azemute ( 890775 )
      Because acceptance of the fact that there *is* a problem is the first step on the road to solving that problem. A whole mob of scriptkiddies get their hands on this, and someone is bound to take notice. Maybe not now, but in the near future. Until that happens, and it gets some spotlight coverage, no one is going to even recognize wireless as a security threat.

      Just pretending that the problem doesn't exist, doesn't make the problem go away.

Machines that have broken down will work perfectly when the repairman arrives.