Silica Wifi Pentesting tool VM image free to download

[shutin]

Hey all,

I remember seeing a Hak5 episode about this wifi pentesting tool called Silica that I wanted to check out. I went to their site and tried to figure out how to see a price or anything about it and came across this download page:

http://www.immunityinc.com/downloads.shtml

which has a link to the VM

http://downloads.immunityinc.com/SILICA_VM.zip

So I downloaded it and it boots up but it doesn't recognize a simple Alfa. It throws a bunch of weird errors like this:

[ 43.954420] rtl8187: disagrees about version of symbol ieee80211_rts_duration
[ 43.954421] rtl8187: Unknown symbol ieee80211_rts_duration (err -22)

Anyone know what is up with this image? Is it a trial or something you have to pay to activate or what? I'd like to see what they were talking about in the episode, since they kept the damn screen hidden the whole time.

Anyone get this to work?

Thanks

[barry99705]

The activation is based of the wireless card you get when you buy silica. Unless you activate it with that wireless card, it's not going to work. From the poking around I did, it's missing a few directories, which probably get installed when you activate.

[shutin]

Thanks for clarifying this. I believe Silica ships with a Ubiquity adapter (SR-71 maybe?). There shouldn't be anything too magical about "Activating" it. Perhaps you just need to spoof the MAC to match a Ubiquity dongle?

I donno, I imagine software piracy is frowned upon here so I won't persue the topic any further but dang it, I really want to just demo the software.

[barry99705]

Pretty sure they track the mac address from their end and when you activate, it does a "software update" that adds the correct repository so the correct files get installed. Just a guess, but that's what I'm seeing from the activation scripts.

[shutin]

I emailed the company and they told me the VM image is there strictly for the convenience of their paying customers to download it whenever they need it. I think they should add maybe a sentence or two to #@%$@#% illustrate that but eh. Anyone actually played with this thing and have any comments on it?

The whole package seems geared toward noob LEOs or something. I don't know that I like the idea of someone who has no idea what they are doing pointing and clicking on wifi networks to exploit. They might develop a taste for it.. With the advent of wifite.py wifi cracking can't get any easier. Silica just employs a easy-breezy exploit functionality like serving up rotten java applets during the MITM portion, from what I understand of it.

[GRMrGecko]

Thanks for clarifying this. I believe Silica ships with a Ubiquity adapter (SR-71 maybe?). There shouldn't be anything too magical about "Activating" it. Perhaps you just need to spoof the MAC to match a Ubiquity dongle?

I donno, I imagine software piracy is frowned upon here so I won't persue the topic any further but dang it, I really want to just demo the software.

It does infact seem to activate based on MAC Address.

Looking up interface

Trying to find interface index for iface: wlan0

Found MAC address: 00:c0:ca:69:3a:a4 for: wlan0

Found interface: wlan0

Verifying USB ID for interface wlan0

Failed matching USB ID of wireless card

So... If we can spoof the MAC address to that of what it's wanting... We can get the software to download and use it with our devices.

[GRMrGecko]

Got as far as getting it to work with my device, however now I need a username/password.

https://auth.immunityinc.com/silica/verify_user is called. I am guessing they won't make it easy to spoof that as they likely have the downloads locked to username/password.

Anyone know how much it is to purchase it?

[Lockon]

I think it's about $2000 ~ $2500.