How to Fix the SIOCSIFFLAGS Error in Kali Linux

I recently rebuilt my laptop and reloaded the applications I use for pentesting including Virtualbox and Kali Linux. If you need help setting up Kali Linux in Virtualbox here is a great link that walks through the setup process.

Once I had Kali up and running in my virtual environment I plugged in my ALFA wireless adapter and made sure the USB device was running in the virtual environment.

I ran iwconfig to verify the wireless interface.

iwconfig

So far so good and I ran ifconfig to verify the interface was up, but the only interface returned was the loopback.

loopback

After discovering the wireless interface was not up and I ran ifconfig wlan0 up to bring it up and got the SIOCSIFFLAGS error.

siocsifflags

I wrote about this error a while back when I was running Backtrack 5 and I first started using the Fern WiFi Cracker. I decided to expand on that post plus I was asked about creating a script to run all the commands at one time instead of typing them individually. The script should be run every time Kali is booted, but after your adapter is plugged in and recognized.

First open a text editor and type in the script shown in the screen shot below. I prefer the gedit text editor and since that is not loaded in Kali I used Leafpad and coming from the Windows world it reminds me of Notepad.

script

Name the file and save it to the Root directory.

saveas2

Open the Terminal window and do a quick ls command to verify the file is present.

lscommand

To run the script type ./<file name>

filepremissions

You’ll probably get an error message about permissions denied and running the chmod 755 <file name> command will adjust the permissions on the file as needed.

chmodalfa

Rerun the script ./<file name>

runscript

If there are no errors you are good to go and can run ifconfig to verify the wireless interface is up.

ifconfig

I will run the script every time I boot Kali whether or not the interface shows as being up in the ifconfig results.

Trouble shooting wireless issues in Kali Linux can be a frustrating process, but use your Google Fu skills and you’ll find a lot of good links and people offering up advice. Good Luck!

Changing Your MAC Address Using Macchanger

Macchanger is a free utility used to change the MAC address of the network adapter. Macchanger can randomly assign a MAC address or assign a specific MAC address of your choosing.

Usage

There are several instances changing the MAC address is necessary, but I use the utility while pentesting a wireless network with MAC filtering enabled and have to assign an approved MAC address to the wireless adapter.

Install

The Macchanger utility is included with Kali Linux, but to install the application, update it, or verify your using the most up to date version run the following command. In the screen shot that follows the install command confirms that the newest version is already installed.

#apt-get install macchanger

macchangeinstall

Help

Help with Macchanger can be accessed by running the following two commands.

#macchanger --help

#man macchanger

Assign a Random MAC Address

I’m using an Alfa USB wireless adapter and I will run the following commands to verify the adapters interface and the permanent MAC address.

#ifconfig

#ifconfig wlan1

Macchanger can also be used to verify the manufacture burned in MAC address by running the following command.

#macchanger--show wlan1

Change the MAC address using one of the following commands.

#macchanger -r wlan1

#macchanger -A wlan1

Error Message

If you get an error message the MAC address can’t be changed and the adapter is busy take the adapter down and then rerun Macchanger. (Only the OUI portion of the MAC address is shown in the screen shot and the last 3 octets are blocked out)

adapterbusy

#ifconfig wlan1 down 

#macchanger -A wlan1

changemac

Bring the interface back up and verify the MAC address is changed.

#ifconfig wlan1 up 

#macchanger --show wlan1

changemac2

To return the MAC address to the vendor burned in address run the following command. You may have to take the interface down first.

#ifconfig wlan1 down

#macchanger --permanent wlan1

Assign a Specific MAC Address

The following command will assign a specific MAC address.

#macchanger --mac=aa:bb:cc:11:22:33 wlan1

macspec

Using the Macchanger GUI

If you’re not comfortable running commands there is a Macchanger GUI. A couple of commands will have to be run from the terminal window. One to install the Macchanger GUI application and the second to start the GUI application.

#apt-get install macchanger-gtk

#macchanger-gtk

macchangegtk

After the GUI opens select the options to change the MAC address and click the Change MAC button.

As you can see Macchanger is a great utility to change the MAC address and is simple to use and offers a GUI application as well. Let me know any questions in the comments section below or share any commands you find easier to use with Macchanger, or pass along any other utilities you use to change the MAC address.

Thanks for visiting my blog and happy pentesting!

Cracking WPA using Fern WiFi Cracker

Note: For this demo I’m using a lab environment network that is not routed to the internet. I will be using the Fern WiFi Cracker open source wireless security tool included in the Kali Linux and Backtrack 5 r3 security distros. Before attempting to use Fern or any other utility in Kali or Backtrack please make sure to read the help and MAN pages for a complete description of the program options and switches. This demo is for wireless pentesting educational purposes and to emphasize the insecurities of using a weak or common dictionary word for wireless network authentication and encryption security key or passphrase.

Fern Wi-fi Cracker can crack WEP, WPA, and WPA2 secured wireless networks. Fern basically takes the command line utilities to crack these networks and puts them in a GUI. Very simple to use… scary easy! Fern also provides some extra functionality for hijacking sessions and locating a computers geolocation via its Mac address, but I have not tested with these features.

For this demo I will be using Backtrack 5 r3 running in VMware Workstation on a Win 7 host.

Originally I was using Fern in Kali and ran into some issues with my wireless adapter and with the program freezing or not opening after updating it. I have the fixes I discovered in another blog post for anyone else that may have these same problems.

Router Setup

I’m using an old Cisco/Linksys 802.11g wireless router for this demo and all the settings are defaulted except the security settings, which I set to WPA Personal with a Shared Key passphrase of “password”. The word password should never be used for a real password or passphrase and I’m using it here since I know the Fern program will quickly crack it. In real world situations a WPA/WPA2 passphrase should be completely random and not a common dictionary word. For help on creating a secure WPA/WPA2 passphrase please read my earlier blog post.

wpakey

Setup the Wireless Adapter

Plug in the USB wireless adapter (I’m using the Alfa AWUS036H 802.11b/g USB wireless adapter) and open the Terminal and run iwconfig to verify the USB adapter interface.

iwconfig

On occasions I have had to bring the wireless adapter interface up using the following command.

#ifconfig wlan0 up

Starting the Fern Program

To start Fern from the Terminal type in the following commands

#cd /pentest/wireless/fern-wifi-cracker
#python execute.py

or start Fern via the GUI using the Backtrack menu

Applications/Backtrack/Exploitation Tools/Wireless Exploitation Tools/WLAN Exploitation/fern-wifi-cracker

Using the Fern Program

Select the Interface and Fern enables monitor mode. If your wireless interface does not show in the list hit the Refresh button and try again.

interface

Before starting the scan double-click on any blank area of the Fern home screen to bring up the Access Point Scan Preferences screen. You can set the channel option to scan a single channel or leave it at the default All Channels. One nice feature is to check the Enable XTerms option which will have Fern open up the Terminal windows during its usage to see what the program is doing in the background. Click OK when done.

xterms

Back on the Fern home screen click the Scan for Access points button.

scanaps

Two Terminal windows will open; one showing the WEP enabled networks (no screen shot), and another showing the WPA enabled networks. The top part of the WPA Scan Terminal window shows the networks being found, and the lower part shows any connected client devices. For a WPA attack to work it requires a connected client. The most important part of the attack will kick the client off the wireless network and capture the 4-way handshake when the client device re-authenticates to the network. If the network you want to pentest has no connected client your out of luck!

wpanetworks

On Ferns home screen the networks being detected will start populating next to the WiFi WEP or WiFi WPA buttons. (I have been seeing less and less WEP enabled networks, so that is a good thing!)

networks

Clicking on the WiFi WEP or WiFi WPA button will bring up the Attack screen and the top pane will list the networks found. Select the AP to crack, but before clicking the Attack button to the right let’s go over a couple of settings.

networkwpa

I will use the Regular Attack option, but there is a WPS Attack option and I believe Fern uses the Reaver utility to launch the WPS attack. You can read more about Reaver by clicking here.

Common.txt is the wordlist that comes with the Fern program, but any wordlist you download or have created on your own can be used by hitting the Browse button and pointing Fern to the alternative wordlist file.

wordlist

With the Regular Attack and the wordlist selected hit the Attack button.

attackbutton

Fern will start the attack and on the left side of the screen the attack steps will turn yellow as Fern works through the various steps. The most important step is capturing the 4-way handshake and Fern will open an aireplay-ng Terminal window showing the progress of deauthentication (if XTerms is checked in the preferences) of the connected client.

settings

It may take several attempts to deauth a client and capture the 4-way handshake.

deauth

Once Fern has captured the handshake it will start the bruteforce attack. Viola! If the WPA key is in the wordlist being used it will display the found key in Red.

wpakeyfound

As I mentioned I setup a passphrase I knew would be found quickly, and from start to finish this attack took under 4 minutes!

Back on the Fern main screen is a Key Database button and it now shows one entry.

database

Clicking the Key Database button will display the found keys.

database2

Conclusion

Using a common dictionary word for a WPA or WPA2 passphrase makes it easier to hack with utilities like Fern. The Fern utility is free to download and simple to use, and not everyone is going to use it for legit wireless pentesting purposes.

With possession of the WPA key a person can associate to network and have a gateway to the internet, or they could launch other attacks. For example, with possession of the WPA key the attack could be expanded to include decryption of the data traffic of the legitimate clients on the wireless network.

Thanks for reading and stay wireless secure!

Fern WiFi Cracker Maintenance and Support

Some support issues and other odd things I have researched while using the Fern WiFi Cracker program on Kali Linux and/or Backtrack 5.

Installing Fern

I’m not sure what version of Backtrack started including Fern, but to install the program use the following command.

# apt-get install fern-wifi-cracker

Issue #1: When I started using Fern the program locked up or froze, and updating the program seemed to fix the issue. There are times when the program seems to not respond after clicking on buttons, but after a few seconds it starts working.

After starting Fern look in the lower left corner to see if any updates are available. An internet connection is required to check for and download any updates. Click the update button to download and install the update.

fernupdate

Fern will show the progress.

fernupdate1

Restart of the Fern program.

fernrestart

The Fern program will report no more available updates.

noupdate

Issue #2: After updating Fern the program would not open and running this command fixed the issue. (I only experienced this with Kali and not in any of the Backtrack 5 distros)

#chmod +x /usr/share/fern-wifi-cracker/execute.py

I found the above fix in this discussion thread with a Google search.

Wireless Adapter Issues in Kali

If you’re getting the SIOCSIFFLAGS (see screen shot below) error message when bringing up your wireless adapter run the following commands.

#rmmod rtl8187
#rfkill block all
#rfkill unblock all
#modprobe rtl8187
#rfkill unblock all
#ifconfig wlan0 up

siocsifflags

I discovered that if I shutdown or restart Kali the error does show up again with the next login. You can read more on this post about the error and creating a batch file to run all the commands at the same time.

General Wireless Troubleshooting Help on the Kali Support Site

If you’re having issues with your wireless adapter check the Kali support documentation or do some Google searches. I found a lot of good information on the internet. Good luck and happy pentesting!

Use Reaver to Crack WPA/WPA2 Passwords

Premium Accounts 2014

Let’s use Reaver to crack WPA/WPA2 passwords! Through all this journey of cracking passwords (with permission), I learned you need two things: Time and Luck. There is no easy way to get a networks password, unless you actually go and ask for it nicely… but that’s not an option sometimes.

(Note: Consider this post educational, or a proof-of-concept intellectual exercise. The more you know, the better you can protect yourself. Breaking through someone’s Wireless Network is ilegall, use it at your own risk)

There are 2 methods to hack WPA/WPA2:

  1. With Dictionaries: Usually takes plenty of time and if the password is not on the dictionary, you won’t find it.
  2. With Reaver: Uses a vulnerability called Wi-Fi Protected Setup, or WPS. It exists on many routers and can take between 5 and 10 hours to crack.

When we tried using dictionaries and had no luck, we can move on to…

View original post 311 more words