Broadcom Exploit - Metasploit question
Has any one successfully exploited the buffer overflow in the broadcom driver??
I have a dell laptop which came with the vulnerable driver and i am trying to exploit it with metasploit.
I have tried a number of different cards including the rt2500(Pci), rt73(usb), RealTek 8187 to try the overflow.
I am positive the rt2500 is supported by ruby-lorcan but still no joy.
I get the following error with the 2500
[*] Started reverse handler [-] Exploit failed: Lorcon could not open the interface: Error enabling rfmontx private ioctl: 'rfmontx' on ra0 does not accept char parameters.
msf exploit(broadcom_wifi_ssid) >
I tried both the console and the web interface. I have set the driver to rt2500 and the interface to ra0
Could anyone shed some light on what im doing wrong or what i have done wrong in configuring this exploit
did you get this to work? I am able to send the frames - but I cant get a session created.
I havent even got it working on one of the cards i have. I am waiting for an Atheros to get it going. Maybe the driver your trying to overflow is a later release and not exploitable. Download the old BCMWL5.SYS
What card are you using as the attacker??
i have an old dell with Broadcom 4318 chip in it's Intel 1370 minipci wifi card (bcm43xx module). Even though it sais it can inject, actual injection crashes with writing to memory error while I'm running airodump on it. it works in monitoring mode although airodump displays 0 for 'pwr' of my AP and my 2nd wifi card (even though it's 5" away). Does anybody know if that's the card or driver limitation?
So I'm using orinoco PCMCIA atheros based card for monitoring and injection while I'm connected with the broadcom card.