之前出的那个Broadcom的两种网卡型号的DoS代码使我知道了Lorcon这玩意儿,既然此文Lorcon2是重点那就顺便带过一下。

Lorcon是什么?
项目主页: http://802.11ninja.net/ && https://code.google.com/p/lorcon/
Lorcon is an open source network tool for Wi-Fi injection.

说白了就是一个开源的对于无线数据包进行注入的玩意儿;

现在听起来可能没有多牛逼,但是在当年mac80211还未有多少支持之前,这可是新鲜玩意儿;耳熟能详的aircrack-ng套装就是使用的比Lorcon新一点的osdep库。

后来这个模块也被很多作者用来写关于无线方面利用的Exploit,在exploit-db上大家会找到很多不管是python写的还是ruby写的,都会提到Lorcon这么个玩意儿。

Metasploit默认是不会顺带安装上Lorcon2模块的,所以/opt/metasploit/msf3/modules/auxiliary/dos/wifi/下 或者exploit下一些关于无线方面的利用 or 辅助什么的都没法使用,会提示某个ruby脚本怎么怎么滴。

查阅官方文档之后和看了部分资料后我就mark一下具体怎么让metasploit安装上lorcon模块把。

#apt-getinstalllibnl-dev#首先apt安装一个支持模块,要不编译还是后期使用会挂掉#cd/opt/metasploit3/msf3/external/ruby-lorcon2/#svncohttp://802.11ninja.net/svn/lorcon/trunklorcon2#cdlorcon2#./configure--prefix=/usr&&make&&makeinstall#cd..#rubyextconf.rb#注意请使用1.9.1或者以上版本的ruby,否则可能生成后的makefile无法make#make&&makeinstall#cpLorcon2.so/opt/metasploit/ruby/lib/ruby/site_ruby/1.9.1/i686-linux/cp/usr/lib/liborcon2*/opt/metasploit/msf3/lib/

基本就是svn原码 安装然后拷贝编译好后的.so文件丢进msf目录让msf后期调用

好了这样基本就搞定了,俺这里有一键执行脚本:

#!/bin/bash#ScripttoinstallLorcon2onBacktrack5R2#ByRobertPortvliet#Foundstone#Setupvariablesmsfwifi_dir="/opt/metasploit/msf3/modules/auxiliary/dos/wifi/"rubylorcon_dir="/opt/metasploit/msf3/external/ruby-lorcon2/"msfuzz_dir="/opt/metasploit/msf3/modules/auxiliary/fuzzers/wifi/"echo"[*]ThisscriptwillinstallLorcon2onBacktrack5R2"echo"[*]Installlibnlnetlinklibrary"apt-getinstalllibnl-devecho"[*]DownloadingLorcon2fromSVN"svncohttp://802.11ninja.net/svn/lorcon/trunklorcon2echo"[*]CopyingLorcon2toMSF"cp-r./lorcon2$rubylorcon_direcho"[*]FixingMSFwirelessmodules"sed-i's/+channel.chr/+datastore['\''CHANNEL'\''].to_i.chr/g'$msfwifi_dir/ssidlist_beacon.rbsed-i's/+channel.chr/+datastore['\''CHANNEL'\''].to_i.chr/g'$msfwifi_dir/netgear_*sed-i's/+channel.chr/+datastore['\''CHANNEL'\''].to_i.chr/g'$msfuzz_dir/*.rbsed-i's/Lorcon/Lorcon2/g'$msfwifi_dir/ssidlist_beacon.rbecho"[*]FixingRuby-Lorcon2beforebuilding"sed-i's/STR2CSTR/StringValuePtr/g'$rubylorcon_dir/Lorcon2.cecho"[*]BuildingLorcon2"cd$rubylorcon_dir/lorcon2./configure--prefix=/usr&&make&&makeinstallcd..echo"[*]BuildingRuby-Lorcon2"ruby./extconf.rb&&make&&makeinstallecho"[*]CopyingLorcon2librariesintoMetasploit"cp$rubylorcon_dir/Lorcon2.so/opt/metasploit/ruby/lib/ruby/site_ruby/1.9.1/i686-linux/cp/usr/lib/liborcon2*/opt/metasploit/msf3/lib/echo"[*]Finished,fireupawirelessmoduleandseeifitworks"

好了,以后Metasploit就可以使用无线模块的东西了~