WEP Detection

I am running Parrot Security Mate 4.10 on Virtualbox 6.1. The host is Windows 10.

When I run the inxi -N command, the output is the following:

Device-1: Intel 82540EM Gigabit Ethernet driver: e1000
Device-2: Intel 82371AB/EB/MB PIIX4 ACPI type: network bridge
driver: piix4_smbus
Device-3: Realtek RTL8812AU 802.11a/b/g/n/ac 2T2R DB WLAN Adapter
type: USB driver: rtl88XXau

When I run ifconfig, I get this information about the USB wifi adapter

wlx00c0caad0xxxx: flags=4099<UP,BROADCAST,MULTICAST> mtu 2312
ether 4a:cf:5b:xx:xx:xx txqueuelen 1000 (Ethernet) (mac edit for user protection)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0:

When I have been running tutorials and reading documentation on using tools like airodump -ng I see networks but none that are WEP even though I have set up a WEP network in my lab and know others exist nearby me.

I first run:
sudo airmon-ng start wlan0

Then I type:

sudo airodump-ng wlan0mon --encrypt WEP

No WEP networks are displayed in the output and it says the wifi card is down even though networks are detected and the output is active.

Seems like I am doing something simple wrong but I can’t figure out what my next debug step is.

Oh, and the wifi USB adapter which is an Alpha Wide Range AC1200 Wireless Adapter AWUS036ACH is not recognized by the host since the drivers are on a DVD and I don’t have a DVD drive.

1. Your Parrot information

• OS version: run cat /etc/*release
  ```
  4.10

   ```
  

• Kernel version: run uname -a
Linux parrot 5.9.0-2parrot1-amd64 #1 SMP Debian 5.9.6-2parrot1 (2020-11-17) x86_64 GNU/Linux

** ISO information **

Version: 4.10
Desktop Environment: Mate
Edition: Home

2. How did you install OS?
   • ISO downloaded and booted from VirtualBox

3. If your hardware doesn’t work: wifi doesn’t show, graphic issue:

Hardware information

00:00.0 Host bridge: Intel Corporation 440FX - 82441FX PMC [Natoma] (rev 02)
00:01.0 ISA bridge: Intel Corporation 82371SB PIIX3 ISA [Natoma/Triton II]
00:01.1 IDE interface: Intel Corporation 82371AB/EB/MB PIIX4 IDE (rev 01)
00:02.0 VGA compatible controller: VMware SVGA II Adapter
00:03.0 Ethernet controller: Intel Corporation 82540EM Gigabit Ethernet Controller (rev 02)
00:04.0 System peripheral: InnoTek Systemberatung GmbH VirtualBox Guest Service
00:05.0 Multimedia audio controller: Intel Corporation 82801AA AC’97 Audio Controller (rev 01)
00:06.0 USB controller: Apple Inc. KeyLargo/Intrepid USB
00:07.0 Bridge: Intel Corporation 82371AB/EB/MB PIIX4 ACPI (rev 08)
00:0d.0 SATA controller: Intel Corporation 82801HM/HEM (ICH8M/ICH8M-E) SATA Controller [AHCI mode] (rev 02)
```

```
- Did you try searching info about this issue on search engine? Please write **No** or any URL to this issue bellow

I have searched the site and Googled for solutions to this problem along with following tutorials and I cannot find solutions to this problem.

4. How did you get this error? Are there any steps to procedure it?

See above.

5. Error log or screenshot

I don’t know how to capture an error log for this.

6. If you have any idea or suggestion about this issue please tell us

** Your information **

Looks like your setup is using the new ‘predictable interface’ format for WiFi devices (using mac address to create device name). Based on the output of ifconfig.

Are you sure you are using the right device name? After enabling monitor mode, do you see wlan0mon as the device in radiotap/promiscuous mode after running ip a? Or is it named something different?

You are correct. I was using the new “predictable interface”. I searched the forum and found out how to have it use wlan0 which it is now using. During that search I also discovered I was using a USB wifi card that had a chip set with known issues. I am returning that device and a new device is arriving today from the supported list of USB wifi devices with supported chip sets.

I never could get the wlan0mon device to show up with the old know problematic device even though the software was telling me it was in monitor mode. Again, I am going to see how the supported USB device works before delving into that further.

Once you get it in monitor mode, list devices with ip a and select the one with radiotap listed under it. My phone for example uses wlan0 for both Managed and Monitor mode.

Likely your device wasn’t supportive of monitor mode. Some devices allow it to be set, but the chip doesn’t always have it ready to use in the firmware.

At least you have a supported device on the way.

I got what I thought was a compatible and supported USB wifi device but now I am not picking up any signals using airgeddon or airmon-ng.

The device is a Panda Wireless PAU09.

Output of the ixni -N command is:

inxi -N
Network:
Device-1: Intel 82540EM Gigabit Ethernet driver: e1000
Device-2: Intel 82371AB/EB/MB PIIX4 ACPI type: network bridge
driver: piix4_smbus
Device-3: Ralink RT5572 Wireless Adapter type: USB driver: rt2800usb

Any guidance on a USB device that has a chipset that is supported that supports both the 2.4 and 5 GHz bands would be greatly appreciated.

I should also mention I am trying to get this device to work with airgeddon. When I run airgeddon with this device, it sees no traffic when I am scanning for WPA/WPA2 targets even though it says it has successfully put the wifi device in monitor mode.

I found a page that says the device is supported but maybe the chip set has changed even though the wiki page was update in January of this year.

Maybe something went wrong.

Try putting it into monitor mode manually:

sudo ip link set wlan0 down && sudo iw wlan0 set monitor control && sudo ip link set wlan0 up

Do you see any feedback?

How about after listing the devices with ip a ?

What mode does it show?

No feedback on the command string.

ip a results in this:

$ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether xxxxxxxx brd ff:ff:ff:ff:ff:ff
inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic noprefixroute eth0
valid_lft 83086sec preferred_lft 83086sec
inet6 [deleted for pri]/64 scope link noprefixroute
valid_lft forever preferred_lft forever
4: wlan0: <NO-CARRIER,BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state DORMANT group default qlen 1000
link/ieee802.11/radiotap 0a:de:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff permaddr 9c:ef:xx:xx:xx:xx
[edited mac for user protection]

Of note, I updated Parrot as I do most times I restart the virtual machine after which the card was able to capture a handshake of my own wifi with airgeddon. It does not seem to reliably work as sometimes while it says the wlan0 is in monitor mode, wlan0 has not changed to wlan0mon and no beacons or other traffic shows up when running airgeddon.

It says ‘state DORMANT’ which isn’t what it should say.

You should try turning off powersaving mode by setting it to ‘2’ in Network Manager conf.

Can’t say if this will make it magically work, but worth a try (powersaving mode can cause issues with some models and DORMANT relates to powersaving mode).

Let us know what happens after you disable powersaving mode and try monitor again.

I hate to admit it, but I don’t know the format of the NetworkManager.conf file and could not figure out the power saving mode attribute to include in this file even after read through the man page.

My NetworkManager.conf file looks like this:
[main]
plugins=ifupdown,keyfile

[ifupdown]
managed=false

[device]
wifi.scan-ran-mac-address=0

If you haven’t found out yet try this:

iwconfig wlan0 power off

Then try the card again. See if it helps prevent DORMANT mode.

If it does work with powersave off, you can make it “stick” by following/editing/adding:

[connection]
wifi.powersave = 2

To this file:

/etc/NetworkManager/conf.d/default-wifi-powersave-on.conf

Then issue:

sudo systemctl restart NetworkManager

Let us know if this works. I would like to know if this helps with your problem.

Thanks for the detailed instructions @RightToPrivacy !

I was out of town, hence the delayed reply.

I physically removed the card and then reinserted it without doing the iwconfig command and did a quick check that the USB device was being recognized with an ip a command (again).

I got this:

ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:98:b9:fe brd ff:ff:ff:ff:ff:ff
inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic noprefixroute eth0
valid_lft 84280sec preferred_lft 84280sec
inet6 fe80::4ad:5c17:4f3e:6e9d/64 scope link noprefixroute
valid_lft forever preferred_lft forever
6: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether 9c:ef:d5:fa:94:b3 brd ff:ff:ff:ff:ff:ff

This time no DORMANT mode. I still did the iwconfig wlan0 power off command and the results are the same – not recognizing known wireless networks nearby me including my own.

This might be of help and I should have included it in my previous post.

iwconfig wlan0
wlan0 IEEE 802.11 ESSID:off/any
Mode:Managed Access Point: Not-Associated Tx-Power=20 dBm
Retry short long limit:2 RTS thr:off Fragment thr:off
Power Management:off

It shows state as DOWN. You need to bring the device UP.

Try either:

sudo ifconfig wlan0 up

If ifconfig doesn’t exist, try:

sudo ip link set wlan0 up

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.