Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Wi-Fi Exploits Coming to Metasploit



 By: Ryan Naraine
2006-10-26
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
The open-source project plans to add 802.11 exploits to a new version of its controversial attack tool, a move that simplifies the way wireless drivers and devices are exploited.

The Metasploit Project plans to add 802.11 (Wi-Fi) exploits to a new version of its point-and-click attack tool, a move that simplifies the way wireless drivers and devices are exploited.

The controversial open-source project, created and maintained by HD Moore, of Austin, Texas, has added a new exploit class that allows modules to send raw 802.11 frames at one of the most vulnerable parts of the operating system.

In recent months, there has been an increase in public awareness around the severity of wireless driver flaws. At the August 2006 Black Hat Briefings in Las Vegas, researchers David Maynor and Jon "Johnny Cache" Ellch showed off a new technique for breaking into computers via Wi-Fi driver vulnerabilities on Windows and Mac systems.

The Black Hat demo pushed several vendors—Intel, Apple and Toshiba—to release patches and prompted Microsoft to invite Ellch to its internal BlueHat security conference to explain the risks to Redmond executives and employees.

Click here to read more about a warning that Wi-Fi-enabled computers are sitting ducks for code execution attacks.

Resource Library:

According to Moore, Metasploit 3 will integrate kernel-mode payloads to allow users to use existing user-mode payloads for both kernel and non-kernel exploits.

Because the framework provides an easy-to-use interface for connecting vulnerabilities to actual payloads, this Metasploit gives users an avenue to target the most sensitive part of the operating system.

Moore told eWEEK he is collaborating with Ellch on an actual 802.11 exploit. The plan is to use Ellchs LORCON (Loss of Radio Connectivity) hacking tool to send exploits at Wi-Fi bugs that are haunting widely used devices and computers.

"Right now, this only supports the Linux platform, but we are planning for Windows support very soon," Moore explained.

Moore shrugged off criticisms that Metasploit gives black hat hackers all the tools needed to launch attacks, insisting that the target market can be broken into three categories.

"[This is for] penetration testers and network administrators that want to demonstrate the impact of an unpatched wireless vulnerability," he said.

Moore said security researchers looking for an easy way to investigate wireless device and driver vulnerabilities can also find value in the code, which can also be used to develop "fuzzers" for discovering new vulnerabilities.

Fuzzers, or fuzz testers, are used to pinpoint security vulnerabilities by sending random input to an application. If the program contains a vulnerability that leads to an exception, crash or server error, researchers can parse the results of the test to pinpoint the cause of the crash.

Moore, who works as director of security research at BreakingPoint Systems, in Austin, Texas, said security solution developers can also use the new Metasploit capabilities to perform QA (quality assurance) tests on their products.

"Depending on my available free time, we should have some working and useful demonstrations of this within a week," he said.

"Were close to completing work on injecting code into the Windows kernel in a way that causes it to run a standard Metasploit payload without crashing the target system," he explained.

"We need at least one solid example of a wireless driver exploit that can be used to demonstrate the system," he added.

This is where Ellchs expertise comes in.

"[Johnny] has a number of these that would work, but one in particular is both reliable and easy to demonstrate. He demonstrated [it] at the Microsoft BlueHat conference and were waiting for his go-ahead before adding the exploit code to the public source repository," Moore said.

Click here to read more about a fix for a "high risk" vulnerability in the Toshiba Bluetooth wireless device driver.

Ellch confirmed his code was being used in the Metasploit refresh, but declined an eWEEK request to comment on the extent of his involvement.

Widely regarded as an authority on wireless security issues, Ellch believes the 802.11 link-layer wireless protocol is an "overly complicated" protocol that has not been implemented securely by many vendors.

However, during his recent trip to Microsofts Redmond campus for BlueHat, he said he was happy to see the software vendor paying serious attention to Wi-Fi bugs.

"They have already re-implemented many tools similar to my own and are actively finding bugs in other vendors device drivers that they dont necessarily have access to the code for. I cant imagine a more serious response," Ellch said in an interview with eWEEK.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.





  Reader Comments: Wi-Fi Exploits Coming to Metasploit
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Ryan Naraine
 


x}r8s;ӮcV%uȖ\֔my,UyF((ئHIy77-}Nl@"7$|Aș3!9)ٝ0Oo-zIj|݇PAeFAUM7 JԶO7RM3i /4w7wGlJ AT{j" xL5 MH]ٚ7'x2)X $8kzZ'jZ$l(P8 w(ZB; ?*B4m$oqT}:XQ=2rН3ݟXBT Kt/"(?c&s?9; Ț_h@Q50NK <[8 #5nCUVekF֠}lui!l 1!osݿ!HͤNޤ@d jId::`YTi 1܉\Ї@ڮSVPf̲;o tG oc}uק&[! !$f >v?& RI'6q_F^_3'@8:)|E[5'0m_k|tfs< s~7 CoZe؄j% =y7`JaCzJ&5\_-׉E>7 ؗY͢Aeʆ}sʾVWR\W╻]`[BUzEÝ|c4:ן~)UUe=,GA GnGkp[I^׵Sq={'r9; ׼ ;AYHL~#߁jQEVKY/LZH<&n#ydZKj%ɥ~hY̞o fVҘ 'UUXA[~6t.˫nCӣnlL,!V4*V]?c[ˠjq}Ҿ~^{}rһ"Ηq՝F4pgs V? p6O{:$~54Y01\ \^Kjg$ڽ磳1)H|]:Mq:8?# | ,-˝)Tt</Rzhf5 x CX&%e":u vPy۬)MZ!Rƒ uKsQ8j\K0Fp JpJq䨉k>ش 6,%̟iJyOf4Ջ"}Yt"Fͩ8 (J"bV3 ɋE94>BBp4|鎓z>:AGAtišwh4OP7h`Cҋ;LZ ~N;ݧn]='tno/*AbG@& ahh5 >D#m &>ql8d(n)s>ɹsP& zVtcP{DM`#ρY]7$>(@+>= lmVl}d`1 >5%ޣ q0yzۢ dSJJd$D!"-i]NP@Ar< -,rrd++~C~vGBj+'"Pl=!đtNܡZWh&RأXB ^X/E_R2әJ2j2khƪń(VFNL1|0Vf)e{4l` -z'$mLcpQY 4 xwCoBCEw[JͰ"hZ5{8.Ƈ5tlSr`8)ՠZ&4B ڛwyE"* ,qryd:*);m97y_MMEc7˅L< +׬UPL g<)*[hs<(:[(Or1r@uOSjqH1g0dz7[V@q=137RtgZC+>q^i.;[\g˺z+fYX]۽/ 7JeO4 mVJ{2,F6@1ٖk_Xt jQWtT0:Tdm6bZdžJ>}Cb&^&thQ?mM! `5}pöV/UKW+BDGX)Z-Qb͚sÖ@6@whL dolĖCex9bǮAwm=_T2n18yRvn Ma)e.G&fF- o+_ Š%1tJ]aY:- 'aOhI3kAkdfB _;$!U7:%E.C5ᝉ 1'xo+<|!CXu~"}l9 H3}"T0|*Uԫ5 H`mR@@kRUӈ.E^q~VW%$]'uX6H }j}t~h3<2 y ә^JZqthUUjVCgGsG<(yWEbIxԀA_zPClK'_!f8c0{N \̇O>{X 0{h'0^˒V`|Ya_Q>]HkK2)<:,7\W4Uud¹`Y!.Ծ)X=0`7yip 9]P˶(SN3jLfh2 !~ Kˣy ֟gic3b_@4T_/="8KQ3bRThα;tbG fC]\n<1׌%Jk欭x +RSJb/ 86e!o`";<^6P,4Ͻ"tu}/ec۝Ervm8z|Hg\Ukpƽ b/^\W9.^٤Ĉ԰ϊhwyUMۂa2"(҇Fseuu|Ƭ.n>{J9O ej[ GpSVsOnUc{*|:vi1vm0\=>w"qgD d넱Ŏ| l_"I)(/9 Ε U`ҖMЋF(+49aؠGsHoR10>VoO!+.7@A7[\JEVK`qEZ%y)HǞ1]]2Y1Gci}SU!ӔReΌ)6ڴCiA/Z2|L΋=rXo7{d',jLGI<~&.rOfWW\ϸ_A|/GRiemRߑJ [ cu ($j^ç, ,_t2jUk`?ʠ< j;! 8`&MMx)A`r0uq3(-E49I8L xϰLty'JUVqm?r^>_ycqr`RH3 J@F$;Ĥ}vl݋6zv9DQ 2lO4z7qwŏEGJ:7]9$hZgݏ,Y# !BuZW)ͦ5fpRb s 3^z0L‴5),w\qb`NZ _k=Wئ7haF`6e19ºUXHE`&|P($S0r(`$X*XU2_ǎ2sY5r6^SF(+bK"$DY \egqʼn9/`Ea1:*:_:Q8kᷜo5?Oů1Ok7tAh[(ktNz< \1[iNjw!9g>48zy݇$K 21xc|.A-6ҹJ> S4SJd"8%;)~ڰ{+ /D=:dSNŭs*(iaf-uyjdJ9#S"\~ 6L P,OҴy=#lQ1 i(K"ih#$lbTȆ oNٺ6<5ަm晿BǭƗHȣ{͖ˤeė4 Y) " |82B[(GH T䵴Zv*ڇᑿ81 t<ƓDAH0E;䀜b{~R߯Il7sp=u"?ug9c7:;NjG/sy"O+Q ,:]@!_zǜGoIM21J}? ;zS>^]s>ͥ=`L\M\gwhJNPD(Vp)£㻞Xa*'q)y H-Э>{h&|)s'I֚u haJono6Şa6 ݣvR:}i?v;}p¾"CWqk:@Nl"$$EUՊZFr,WU3$]eoNeVt0M3}9JfyӼ4iɜAxl7B_7nC\pb]C1~o~˸aW*]c{*{w}wﰧ]VZtCqB1Vx/)&%ΒEL @OKtGY_BQKwv{Y!0N Ħw=13~1OO=rcS}G]]A U h CzW`{ƅ=RH3#1= <v<.߮ B;FJX۴rUCauk§ ,'iƿWc#ޚU2$;hߔ1g.o(#ڟ_K;VM11=%E?=3q D xQ0e\ڊ]aKn~ V~/w,Viui.GKXuL+e_]UGtypǘkd"RmD(k 3>I+)6LH-*U;vK b&{ϏL>Q:˾;:p ne"b8v}}Q5C-&WMΨnb;3Hʎ9a竏a7.Ą@ӏJi0$}۽m X^p'O.ʩ`Zԍ $.Ý7[fue"`f>1 N2@}\I d[VR @>,t$=0OȤ3&gΠ JnyuYQ \" " &1',äsopey@Cx;J~أGZ̨cscIapٰJwRSZqYLdB+v!oWHBJCymb1VXc nCҺ;kcLoTc.40SH.";Ť }\A &XER6І )ԉG=)]Md dݦ~83I*+s-Li5%&d'?`ښD| &[4-^OgS%.`@t]L2'4kԆNC+KfOj(C9@{NC؉m5#$ _0QzXJa3f9 OR4:$aQo燁.X{#זtbEXHnd8ISr9 !5˗S 'm*TRާL~黿R#J:؁g; [Kxv(ڔJ嚊)6!Z 4tFfIyZAlOCO"}IU%)^`Y.ƺu D)p,az#X'>HlrR*@ЙI;NRž"\= ?Z~qڲu&]`n'18n> 31 Ϥ?&Ԥ8ϲCx]# DBHW֭nK_TRrVMD(XsmцSX{qtW~EmQ-Ov/n`A~ \huHtOJ]WI}+YPR "FP0wJbvHryk9g)56m׹vE0LozeUhSvS?\^)ifK$4ݠ+Bq踶;yH}8Q2quFkգi~%SHCwVhl|3ߓ=i/Js'() k{RՃyeWb_g[^G.ʹ^k s=ݶKPf/y [PZë2PMצr@'OSh~_u NmMdy6#ZxM_ &` ljVVEqF{L [GV̽K 畲lfS;`MmT6 d+KԬE5:&WJE:`ῳXF)⌱faeH%s)%hI5P"KK)zpM@{YaLu-EM~@ d/^"68򩾺oIp0YW ,B2/ 3(hMÙ@t}œ3Ql"A8 e{|a>»N;f Crpя"wxcO{ eTZWIecVPsa%<{>Sg!;VPhl :UPdo'8. 2â?$2[&iߣ;-Y?`#?T'}dɷ;1V-c f2UȏT%~'Y`ENwgOAGq副oL" [Z@M!tl.x]t$A_ē;ή~GĉbDݵ#𪣚Z/GYȿ TV\0#!kjj`X@4#z@]oq4, zD?SM}1w⋢>v-8E _+=6i[1ږ{x%Q=tkiLfƗQµOI*d SDcޥƦE"#McZ~Oyڡo1_ +uMi fOPVT! }vn ɕF0¹5 K_\ɨ':gۍyd䕊V.իwt~ -Fp}X28f|Z<<}Q,mJ)Ag'=>|֢NcˡWǚRhٱZǁ;%%{qwme ^a ׍ 60ۉpd&íT2Ín,HHZ#/73#M@Rfqp ͬG[QZYɎva~Xev׈)hhtc==сH5,k4a\oaddd=+!@WTP7qZ3ZMqxeu!-.>M_#ƘsN(<@U<1#gfɝ7gL=[!VWvrC*2;Bm[Jo>o+ɀ cNirt'w%eZS{ٓ;N8G@[ &̋(HKt<.:6ɭ>F&sُp[3'FΐE!,E|Etz['U}>l1ALhb##zB0\' zhuE :W} d#<i̱=ЖA?Cc~b-0zd+2c35Y ~1uA[:q0qaqn?pБ`%A H3'Tht?]]}݋chTprHKd5"&t8Aߟ}i[@r!q$*)Ĵc1CLx 19ӈ)i䂽._`(T||u/#@[?b 6C;b<1cbH~>&P"1XJ/A"F21C~JDFx_6wh8uXg- .E.ӻqw6+נ6ͬOzy 6t(QS=1U&F  sXDej@̔0p(ˏIJ qXZ~DB(s I5ұka]M-#?0C(.ŌCZS*ѓȤ+t+R0cUR(w'0x5nV?7K.4%Wig2I+1;}^o)^:GL€،P r,4[g_IUCWAwA:gk{8nh9n0}P܄qP b;g]t Ȥou[g@g9埠SN/PKN_/?nr{P)GJ/oڝc(?^_~9Gǜ חv nsʡݜ{SS) _ח9s?9?σ=9<?0}9y}"^ )?ӜArϡ<"g~/.r"gz^N{ z9#_.>.s޿yIחaa97c}g9ʿ K::~s/$)GAy+Zpz~;29)G9R{WK}(ϑgUsV^Va{j{~W_} KN+ťfW*7yKxM}%kg[Z1iu bCa/ KPe^ٛLGP/<,Y}Mʱ 4rk 7[y@YII{2}tEi>r𞫫qLwe^hj'܌3X;ǟi7\]ΆЙ%†>ga#f^*B8DCwo0p= ʼnC ;wEm=SO NW鍆.h ;םCö0A |$U˚VVk[*j]T|Zc=bUUEVrp` VU+D`I9CTx|Feiګ,91C=b;h8[b(wp E Ч w̆H˘/͛YȌ)æʗᄽNگ$` }pLB Psgq =q] XIF<ZA0ǫl6VI2hؐC ؒ9N-#G1N>@&M™x,O~f+g -/ 6@ E!N,cx uY<ItOȹS]" >oє^\gCN*˗ X֭2YZϩ8֕%IeC k`VϹep-c2O-5U,%w|ufɉF-Cס`b̜#M^` A0St4s@.M " n#q\LZAۀYN yvw ]פpH%/I^}ctc!39D$&@> KGJLEN$~ R `?94Ǟ”(ـO咤 X+.Ġ/>''4WB)*3Up& i!q{?pFCv9 h/X;SVT#cE u/ ME^-sܪUE'I«E/=G"cT =w`?GbБ_45ptѷkd9HZ=I*4Wf΢ِ aNm& smqo b3SY,> V_dvO~{0VTp\eCgIrD~gF}&*P=Em-Er};{/}d/+2bХvk*Y/] K7 J,爔事6SAQ^+yJ? T@| %G\6LDRw}B0yNmv89DEPމ!/[v2g S*4%SЌxK*xEy?ĵ  Mv7Zձ]w O 7g}L޴O]*|?OGe Mwt4?@&s ܈}lI5#_z >D/7ag} r@c]Tآ_\nPTjӟfBTvlRP`OՙَSw>E-\ Hxk7uܦ3?[<-v; # +_2sE>v/-GJ~Q.u 7tle @J]о >m73T| %` GYU`ZKv#q얢UnD,lp/>cwϏq`2oz/'8K Ӿcd.GXI@ Ik.-wvua4,Lb9"[^'QI 8`RжX3,@a)5z`n~3 4pRaL ,b[иˣŬ"&D0Ȯ'o )}fbGnԌaBVav L$Fg8% S^೐b,/A,xr&r*]xWI"cXMb0x@t&W .rWbMd?zYkh ʓ@:iwϾJ{`g~NTvQKeVnw/>+e=;`ons gs7*Ѡ,jU z' l5mEgl(3W'J^R۝z"f/F)SذM*i29J{) qŕ˕bmTɩY;~XX96v6̈́M.b&;f1Բ")