Let’s Debug: MetaSploit -“socket: Operation not permitted”
This is a breakdown of an error you might encounter with Metasploit depending on your Linux setup and user permissions.
Our Error
msf5 auxiliary(scanner/ip/ipidseq) > show optionsModule options (auxiliary/scanner/ip/ipidseq): Name Current Setting Required Description
---- --------------- -------- -----------
INTERFACE no The name of the interface
RHOSTS 192.168.1.0/24 yes The target address range or CIDR identifier
RPORT 80 yes The target port
SNAPLEN 65535 yes The number of bytes to capture
THREADS 50 yes The number of concurrent threads
TIMEOUT 500 yes The reply read timeout in millisecondsmsf5 auxiliary(scanner/ip/ipidseq) > run
SIOCSIFFLAGS: Operation not permitted
SIOCSIFFLAGS: Operation not permitted
SIOCSIFFLAGS: Operation not permitted
...[-] Auxiliary failed: RuntimeError wlp3s0: You don't have permission to capture on that device (socket: Operation not permitted)
[-] Call stack:
[-] /opt/metasploit-framework/lib/msf/core/exploit/capture.rb:124:in `open_live'
[-] /opt/metasploit-framework/lib/msf/core/exploit/capture.rb:124:in `open_pcap'
[-] /opt/metasploit-framework/modules/auxiliary/scanner/ip/ipidseq.rb:51:in `run_host'
[-] /opt/metasploit-framework/lib/msf/core/auxiliary/scanner.rb:111:in `block (2 levels) in run'
[-] /opt/metasploit-framework/lib/msf/core/thread_manager.rb:106:in `block in spawn'
[*] Auxiliary module execution completed
Our Investigation
If you aren’t already doing so, you may want to test on your local IP 127.0.1.0 — you should still see the same error if all is as expected.
Relevant Github Issue: https://github.com/rapid7/metasploit-framework/issues/10721
Relevant AskUbuntu Issue: https://askubuntu.com/questions/530920/tcpdump-permissions-problem
This issue stems from either lack of permissions granted to the tcpdumptool, or issues with pcap installation in possible combination with missing setcap permissions.
Questions to Consider
Do you have tcpdump installed? In Linux try:
ls -la /usr/sbin | grep tcpdumpand see if you get some output similar to this.
-rwxr-x--- 1 root pcap 1130096 Mar 31 2018 /usr/sbin/tcpdumpMake sure you’ve given tcpdump the proper permissions it needs.
Also, you probably need to start running MSF as a root user if you aren’t already.
Resolution
Try these commands on Linux:
sudo setcap cap_net_raw,cap_net_bind_service=+eip $(which ruby)
sudo setcap cap_net_raw,cap_net_bind_service=+eip $(which nmap)
sudo setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdumpand run MSF from scratch.
Again, are you a root user? If not, you will either need to run MSF as a root user (probably changing much of your configuration in the process) or you will need to change your user ID and group ID to 0 in your etcpassword file.
Keep in mind, it is extremely easy to lock yourself out of your computer messing around with this in particular, so make sure you really know what you’re doing and don’t edit this file while you’re logged in as the same user you’re editing. You could lose your sudo privileges at a very inopportune time, and find yourself stuck.
Further Information:
https://www.cyberciti.biz/faq/understanding-etcpasswd-file-format/
https://www.poftut.com/change-user-password-passwd-linux-etc-passwd-file/
