Module: Msf::Exploit::Lorcon

Defined in:
lib/msf/core/exploit/lorcon.rb

Overview

This module provides methods for sending raw 802.11 frames using the ruby-lorcon extension. Please see the ruby-lorcon documentation for more information.

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#wifiObject

Returns the value of attribute wifi


123
124
125
# File 'lib/msf/core/exploit/lorcon.rb', line 123

def wifi
  @wifi
end

Instance Method Details

#channelObject


113
114
115
# File 'lib/msf/core/exploit/lorcon.rb', line 113

def channel
  self.wifi.channel
end

#close_wifiObject


102
103
104
# File 'lib/msf/core/exploit/lorcon.rb', line 102

def close_wifi
  self.wifi = nil
end

#eton(addr) ⇒ Object

Converts ethernet addresses to binary


109
110
111
# File 'lib/msf/core/exploit/lorcon.rb', line 109

def eton(addr)
  addr.split(':').map { |c| c.hex.chr }.join
end

#initialize(info = {}) ⇒ Object

Initializes an instance of an exploit module that accesses a 802.11 network


16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
# File 'lib/msf/core/exploit/lorcon.rb', line 16

def initialize(info = {})
  super


  default_intf   = 'ath0'
  default_driver = 'madwifing'


  if (Rex::Compat.is_windows())
    # Default to the the first airpcap device on Windows
    default_intf = "\\\\.\\airpcap00"

    # Default to the airpcap driver on Windows
    default_driver = 'airpcap'
  end

  register_options(
    [
      OptString.new('INTERFACE', [true, 'The name of the wireless interface', default_intf]),
      OptString.new('DRIVER', [true, 'The name of the wireless driver for lorcon', default_driver]),
      OptInt.new('CHANNEL', [true, 'The default channel number', 11]),
      OptInt.new('TXRATE', [true, 'The injected transmit rate', 2]),
      OptEnum.new('TXMOD', [true, 'The injected modulation type', 'DSSS', %w{DEFAULT FHSS DSSS OFDM TURBO MIMO MIMOGF}])
    ], Msf::Exploit::Lorcon
  )


  begin

    if(Rex::Compat.is_windows())
      airpcap = Rex::FileUtils.find_full_path("airpcap.dll")
      if (not airpcap)
        raise RuntimeError, "The airpcap.dll library must be installed"
      end
    end

    require 'Lorcon'
    @lorcon_loaded = true

  rescue ::Exception => e
    @lorcon_loaded = false
    @lorcon_error  = e
  end

end

#next_channelObject


117
118
119
120
121
# File 'lib/msf/core/exploit/lorcon.rb', line 117

def next_channel
  cur = self.wifi.channel
  nxt = (cur > 10) ? 1 : cur + 1
  self.wifi.channel = nxt
end

#open_wifiObject

Opens a handle to the specified wireless device


65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
# File 'lib/msf/core/exploit/lorcon.rb', line 65

def open_wifi

  if (not @lorcon_loaded)
    print_status("The Lorcon module is not available: #{@lorcon_error}")
    raise RuntimeError, "Lorcon not available"
  end

  # XXX: Force the interface to be up
  system("ifconfig", datastore['INTERFACE'], "up")

  self.wifi = ::Lorcon::Device.new(datastore['INTERFACE'], datastore['DRIVER'])
  if (not self.wifi)
    raise RuntimeError, "Could not open the wireless device interface"
  end

  # Configure the card for reliable injection
  self.wifi.fmode      = "INJECT"
  self.wifi.channel    = (datastore['CHANNEL'] || 11).to_i


  # Configure modulation
  begin
    self.wifi.modulation = datastore['TXMOD']
  rescue ::ArgumentError => e
    print_status("Warning: #{e}")
  end

  # Configure the transmission rate
  begin
    self.wifi.txrate     = datastore['TXRATE'].to_i if datastore['TXRATE']
  rescue ::ArgumentError => e
    print_status("Warning: #{e}")
  end

  self.wifi
end