search

rapid7 / metasploit-framework

Metasploit Framework
https://www.metasploit.com/
Other
34.15k stars 13.98k forks source link

Auxiliary failed: RuntimeError don't have permission to capture on that device #10721

Closed jtlairave closed 6 years ago

jtlairave commented 6 years ago

Hi,

I installed metaspoilt on Fedora Linux 27. I was trying to do a portscan but encountered error.

  1. use non root user and type msfconsole and connected to msf database
  2. msf > use auxiliary/scanner/portscan/syn
  3. msf auxiliary(scanner/portscan/syn) > set RHOSTS 192.168.1.0/24
  4. msf auxiliary(scanner/portscan/syn) > set verbose 1 verbose => true
  5. msf auxiliary(scanner/portscan/syn) > run

SIOCSIFFLAGS: Operation not permitted

[-] Auxiliary failed: RuntimeError enp5s0: You don't have permission to capture on that device (socket: Operation not permitted) [-] Call stack: [-] /opt/metasploit-framework/embedded/framework/lib/msf/core/exploit/capture.rb:124:in open_live' [-] /opt/metasploit-framework/embedded/framework/lib/msf/core/exploit/capture.rb:124:inopen_pcap' [-] /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/portscan/syn.rb:58:in run_batch' [-] /opt/metasploit-framework/embedded/framework/lib/msf/core/auxiliary/scanner.rb:215:inblock in run' [-] /opt/metasploit-framework/embedded/framework/lib/msf/core/thread_manager.rb:100:in `block in spawn' [*] Auxiliary module execution completed

Note: when i run msfconsole with root, or do a sudo msfconsole, I was unable to connect to database, but I am able to do msfconsole as non root user

I have no idea how to resolve this error.

Appreciate any help?

timwr commented 6 years ago

It seems you don't have the permissions for pcap. You could try the solution here: https://askubuntu.com/questions/530920/tcpdump-permissions-problem (but replace tcpdump with msfconsole). If that doesn't work, while not recommended, I think the easiest solution for this particular module is to run msfconsole as root. You'll need to fix the database configuration so it works from root also (which depends on your environment). Is there a reason you need to do a syn portscan? a tcp portscan (use auxiliary/scanner/portscan/tcp) works just fine and works without root. You might also prefer to do the scan externally (with nmap or masscan) and db_import the results.

jtlairave commented 6 years ago

Thank you for your reply. Had already configured tcpdump with pcap group permissions and setcap command. Does not work.

I had tried running msfconsole with root command but always unable to connect to database. I have no idea how to fix the database configuration if running msfconsole from root. Any suggestions?

I

On Tue, Oct 2, 2018 at 12:37 PM Tim notifications@github.com wrote:

It seems you don't have the permissions for pcap. You could try the solution here: https://askubuntu.com/questions/530920/tcpdump-permissions-problem (but replace tcpdump with msfconsole). If that doesn't work, while not recommended, I think the easiest solution for this particular module is to run msfconsole as root. You'll need to fix the database configuration so it works from root also (which depends on your environment). Is there a reason you need to do a syn portscan? a tcp portscan (use auxiliary/scanner/portscan/tcp) works just fine and works without root. You might also prefer to do the scan externally (with nmap or masscan) and db_import the results.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/rapid7/metasploit-framework/issues/10721#issuecomment-426146386, or mute the thread https://github.com/notifications/unsubscribe-auth/ApsjkhSywye_mlxtJ1MmYiOvHJqujtPqks5ugu2NgaJpZM4XA7Wh .

timwr commented 6 years ago

Fixing the database configuration depends on how you installed metasploit. Is there a reason you need to do a syn portscan? a tcp portscan (use auxiliary/scanner/portscan/tcp) works just fine and works without root. If you need to do a syn scan, why not do the scan externally (with nmap or masscan) and db_import the results?

jtlairave commented 6 years ago

If i do not recall wrongly, i use dnf install metaspoilt-framework..... I am using fedora linux 27 I am not sure how to do database configuration on metaspoilt to run as root

I am actually trying to experiment to find a better reliable network scan to detect all pc or devices and their os, services and open ports in the network. I noticed that those pc with commercial firewall may not able to be detected during nmap or db_nmap.

Sorry I am very new to metaspoilt and face a lot of issues, thought it was quite straightforward install and experiment. I was also unable to load those stdapi plugin, not sure why.

Still going through tough learning curve

On Tue, 2 Oct 2018, 18:54 Tim, notifications@github.com wrote:

Fixing the database configuration depends on how you installed metasploit. Is there a reason you need to do a syn portscan? a tcp portscan (use auxiliary/scanner/portscan/tcp) works just fine and works without root. If you need to do a syn scan, why not do the scan externally (with nmap or masscan) and db_import the results?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/rapid7/metasploit-framework/issues/10721#issuecomment-426230889, or mute the thread https://github.com/notifications/unsubscribe-auth/ApsjktynK9DdvrLkGlwn5NV8B6uKpOCnks5ug0XigaJpZM4XA7Wh .

bcook-r7 commented 6 years ago

Adding capabilities to tcpdump will not help because Metasploit does not use tcpdump. Instead, give the Ruby interpreter capabilites. Assuming you are on some sort of Linux, these commands should do the trick (from our Dockerfile)

/usr/sbin/setcap cap_net_raw,cap_net_bind_service=+eip $(which ruby)
/usr/sbin/setcap cap_net_raw,cap_net_bind_service=+eip $(which nmap)
mrooppss542 commented 4 years ago

Hi,

I installed metaspoilt on Fedora Linux 27. I was trying to do a portscan but encountered error.

1. use non root user and type msfconsole and connected to msf database

2. msf > use auxiliary/scanner/portscan/syn

3. msf auxiliary(scanner/portscan/syn) > set RHOSTS 192.168.1.0/24

4. msf auxiliary(scanner/portscan/syn) > set verbose 1
   verbose => true

5. msf auxiliary(scanner/portscan/syn) > run

SIOCSIFFLAGS: Operation not permitted

[-] Auxiliary failed: RuntimeError enp5s0: You don't have permission to capture on that device (socket: Operation not permitted) [-] Call stack: [-] /opt/metasploit-framework/embedded/framework/lib/msf/core/exploit/capture.rb:124:in open_live' [-] /opt/metasploit-framework/embedded/framework/lib/msf/core/exploit/capture.rb:124:inopen_pcap' [-] /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/portscan/syn.rb:58:in run_batch' [-] /opt/metasploit-framework/embedded/framework/lib/msf/core/auxiliary/scanner.rb:215:inblock in run' [-] /opt/metasploit-framework/embedded/framework/lib/msf/core/thread_manager.rb💯in `block in spawn' [*] Auxiliary module execution completed

Note: when i run msfconsole with root, or do a sudo msfconsole, I was unable to connect to database, but I am able to do msfconsole as non root user

I have no idea how to resolve this error. Before entering into msf type sudo msfconsole to be a root user than you can run all commands sucessfully.

mrooppss542 commented 4 years ago

Before entering into msf type sudo msfconsole to be a root user than you can run all commands sucessfully.

ghost commented 4 years ago

sudo -i msfconsole use auxiliary/scanner/portscan/syn set RHOSTS set PORTS 1-65535 run

venkatesh11315 commented 4 years ago

Auxiliary failed: RuntimeError usb0: You don't have permission to capture on that device (socket: Operation not permitted) [-] Call stack: [-] /usr/share/metasploit-framework/lib/msf/core/exploit/capture.rb:124:in open_live' [-] /usr/share/metasploit-framework/lib/msf/core/exploit/capture.rb:124:inopen_pcap' [-] /usr/share/metasploit-framework/modules/auxiliary/scanner/ip/ipidseq.rb:51:in run_host' [-] /usr/share/metasploit-framework/lib/msf/core/auxiliary/scanner.rb:118:inblock (2 levels) in run' [-] /usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:106:in `block in spawn how to solve this problem

bcoles commented 4 years ago

Auxiliary failed: RuntimeError usb0: You don't have permission to capture on that device (socket: Operation not permitted) [-] Call stack: [-] /usr/share/metasploit-framework/lib/msf/core/exploit/capture.rb:124:in open_live' [-] /usr/share/metasploit-framework/lib/msf/core/exploit/capture.rb:124:inopen_pcap' [-] /usr/share/metasploit-framework/modules/auxiliary/scanner/ip/ipidseq.rb:51:in run_host' [-] /usr/share/metasploit-framework/lib/msf/core/auxiliary/scanner.rb:118:inblock (2 levels) in run' [-] /usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:106:in `block in spawn how to solve this problem

You do not have permission to sniff packets. You need root privileges or cap_net_admin capabilities. Try sudo msfconsole to run as root.

MiloLug commented 2 years ago

DONT. START. AS ROOT.

there is a fix for msf6, installed together with embedded stuff

for b in $(ls /opt/metasploit-framework/embedded/bin); do sudo /usr/sbin/setcap cap_net_raw,cap_net_bind_service=+eip "/opt/metasploit-framework/embedded/bin/$b"; done for b in $(ls /opt/metasploit-framework/bin); do sudo /usr/sbin/setcap cap_net_raw,cap_net_bind_service=+eip "/opt/metasploit-framework/bin/$b"; done