Results 1 to 4 of 4

Thread: Broadcom Exploit - Metasploit question

  1. #1
    Junior Member SBerry's Avatar
    Join Date
    Dec 2007
    Posts
    94

    Default Broadcom Exploit - Metasploit question

    Has any one successfully exploited the buffer overflow in the broadcom driver??
    I have a dell laptop which came with the vulnerable driver and i am trying to exploit it with metasploit.
    I have tried a number of different cards including the rt2500(Pci), rt73(usb), RealTek 8187 to try the overflow.

    I am positive the rt2500 is supported by ruby-lorcan but still no joy.
    I get the following error with the 2500
    [*] Started reverse handler [-] Exploit failed: Lorcon could not open the interface: Error enabling rfmontx private ioctl: 'rfmontx' on ra0 does not accept char parameters.
    msf exploit(broadcom_wifi_ssid) >

    I tried both the console and the web interface. I have set the driver to rt2500 and the interface to ra0

    Could anyone shed some light on what im doing wrong or what i have done wrong in configuring this exploit

  2. #2
    Just burned his ISO
    Join Date
    Jul 2007
    Posts
    2

    Default

    did you get this to work? I am able to send the frames - but I cant get a session created.

  3. #3
    Junior Member SBerry's Avatar
    Join Date
    Dec 2007
    Posts
    94

    Default

    I havent even got it working on one of the cards i have. I am waiting for an Atheros to get it going. Maybe the driver your trying to overflow is a later release and not exploitable. Download the old BCMWL5.SYS

    What card are you using as the attacker??

  4. #4
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    13

    Default

    i have an old dell with Broadcom 4318 chip in it's Intel 1370 minipci wifi card (bcm43xx module). Even though it sais it can inject, actual injection crashes with writing to memory error while I'm running airodump on it. it works in monitoring mode although airodump displays 0 for 'pwr' of my AP and my 2nd wifi card (even though it's 5" away). Does anybody know if that's the card or driver limitation?

    So I'm using orinoco PCMCIA atheros based card for monitoring and injection while I'm connected with the broadcom card.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •