用法

The attached archive contains the following directories:
-hostapd-2.6 – A modified version of hostapd utilised in the exploit. This version of hostapd is configured to
support 802.11k RRM, and in particular Neighbor Reports. Moreover, this version of hostapd is
instrumented to add various commands, allowing injection and reception of crafted action frames
used throughout the exploit.
-OneRing – The exploit itself.

To run the exploit, you must execute the following steps:
-Connect (and enable) a SoftMAC Wi-Fi dongle to your machine (such as the TL-WN722N)
-Compile the provided version of hostapd
-Modify the “interface” setting under “hostapd-2.6/hostapd/hostapd.conf” to match your interface’s name
-Configure the following settings under “OneRing/rrm_exploit/conf.py”:
-HOSTAPD_DIR – The directory of the hostapd binary compiled above
-TARGET_MAC – The MAC address of the device being exploited
-AP_MAC – The MAC address of your wireless dongle
-INTERFACE – The name of the wireless dongle’s interface
-Configure the following settings under “OneRing/conf.py”:
-TARGET_MAC – The MAC address of the device being exploited
-TARGET_IP – The IP address of the device being exploited
-Assemble the backdoor shellcode by running “OneRing/rrm_exploit/assemble_backdoor.sh”
-Assemble each of the code chunks under “OneRing/code_chunks” by running “compile.sh”
-Run hostapd with the configuration file provided above, broadcasting a Wi-Fi network (“test80211k”)
-Connect the target device to the network
-Run “OneRing/attack.py”

CVE-2017-7115 附件下载

 

发表评论

电子邮件地址不会被公开。 必填项已用*标注