OS: Kali Linux 1.0.3 (x86)
Machine: Virtual (VMware)
Make/Model: Linksys WUSB54GC v1 Compact Wireless-G USB Adapter
Chipset: Ralink 2573 USB
Driver: rt73usb
Stack: mac80211
Injection: Yes
Method: Works out of the box. Plug in USB & go!
Reaver: Needs '--ignore-fcs'
Other hardware: ALFA AWUS036H & Edimax EW-7711UAN
Code:
root@kali:~# lsusb
Bus 001 Device 002: ID 13b1:0020 Linksys WUSB54GC v1 802.11g Adapter [Ralink RT73]
Bus 002 Device 002: ID 0e0f:0003 VMware, Inc. Virtual Mouse
Bus 002 Device 003: ID 0e0f:0002 VMware, Inc. Virtual USB Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 002 Device 005: ID 0e0f:0008 VMware, Inc.
root@kali:~# dmesg | grep -i RT73
[ 7241.571232] Registered led device: rt73usb-phy0::radio
[ 7241.571255] Registered led device: rt73usb-phy0::assoc
[ 7241.571270] Registered led device: rt73usb-phy0::quality
[ 7241.573367] usbcore: registered new interface driver rt73usb
[ 7241.675688] rt73usb 1-1:1.0: firmware: agent loaded rt73.bin into memory
root@kali:~#
Code:
root@kali:~# ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:108 errors:0 dropped:0 overruns:0 frame:0
TX packets:108 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:6480 (6.3 KiB) TX bytes:6480 (6.3 KiB)
wlan0 Link encap:Ethernet HWaddr 00:18:f8:a4:9e:ff
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
root@kali:~# iwconfig
wlan0 IEEE 802.11bg ESSID:off/any
Mode:Managed Access Point: Not-Associated Tx-Power=20 dBm
Retry long limit:7 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:on
lo no wireless extensions.
root@kali:~#
Code:
root@kali:~# ls -l /sys/class/net/wlan0/device/driver
lrwxrwxrwx 1 root root 0 Apr 29 16:03 /sys/class/net/wlan0/device/driver -> ../../../../../../../bus/usb/drivers/rt73usb
root@kali:~# lsmod | grep -i rt73usb
rt73usb 22006 0
rt2x00usb 13393 1 rt73usb
rt2x00lib 37542 2 rt73usb,rt2x00usb
crc_itu_t 12332 1 rt73usb
usbcore 109555 6 btusb,uhci_hcd,rt73usb,rt2x00usb,ehci_hcd,usbhid
root@kali:~#
Code:
root@kali:~# airmon-ng
Interface Chipset Driver
wlan0 Ralink 2573 USB rt73usb - [phy0]
root@kali:~# airmon-zc
X[PHY]Interface Driver[Stack]-FirmwareRev Chipset Extended Info
K[phy0]wlan0 rt73usb[mac80211]-unavailable Linksys WUSB54GC v1 802.11g Adapter [Ralink RT73]
root@kali:~#
Code:
root@kali:~# iwlist wlan0 frequency
wlan0 14 channels in total; available frequencies :
Channel 01 : 2.412 GHz
Channel 02 : 2.417 GHz
Channel 03 : 2.422 GHz
Channel 04 : 2.427 GHz
Channel 05 : 2.432 GHz
Channel 06 : 2.437 GHz
Channel 07 : 2.442 GHz
Channel 08 : 2.447 GHz
Channel 09 : 2.452 GHz
Channel 10 : 2.457 GHz
Channel 11 : 2.462 GHz
Channel 12 : 2.467 GHz
Channel 13 : 2.472 GHz
Channel 14 : 2.484 GHz
root@kali:~#
Code:
root@kali:~# airmon-ng start wlan0 6
Found 4 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
-e
PID Name
2663 NetworkManager
2774 dhclient
3813 dhclient
8859 wpa_supplicant
Interface Chipset Driver
wlan0 Ralink 2573 USB rt73usb - [phy0]
(monitor mode enabled on mon0)
root@kali:~#
Code:
root@kali:~# aireplay-ng --test -e NETGEAR mon0
16:05:27 Waiting for beacon frame (ESSID: NETGEAR) on channel 6
Found BSSID "00:24:B2:xx:yy:zz" to given ESSID "NETGEAR".
16:05:27 Trying broadcast probe requests...
16:05:27 Injection is working!
16:05:29 Found 1 AP
16:05:29 Trying directed probe requests...
16:05:29 00:24:B2:xx:yy:zz - channel: 6 - 'NETGEAR'
16:05:29 Ping (min/avg/max): 2.676ms/9.759ms/16.307ms Power: -41.76
16:05:29 29/30: 96%
root@kali:~#
Removed NIC specific values in MAC Address for privacy
Added in another WiFi card
Code:
root@kali:~# aireplay-ng --test -e NETGEAR -i mon1 mon0
...SNIP...
17:03:43 Trying card-to-card injection...
17:03:43 Attack -0: OK
17:03:43 Attack -1 (open): OK
17:03:43 Attack -1 (psk): OK
17:03:43 Attack -2/-3/-4/-6: OK
17:03:43 Attack -5/-7: OK
root@kali:~#
Code:
root@kali:~# airodump-ng mon0
CH 8 ][ Elapsed: 16 s ][ 2015-04-25 11:37
BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
90:EF:68:xx:yy:zz -50 10 2 0 13 54e. WPA2 CCMP PSK ABC
9C:80:DF:xx:yy:zz -77 7 0 0 11 54e WPA2 CCMP PSK ABC
58:98:35:xx:yy:zz -78 9 1 0 1 54e WPA2 CCMP PSK ABC
68:A0:F6:xx:yy:zz -81 5 0 0 10 54e WPA2 CCMP PSK ABC
80:37:73:xx:yy:zz -81 7 1 0 6 54e WPA2 CCMP PSK ABC
BSSID STATION PWR Rate Lost Frames Probe
(not associated) E2:0C:7F:xx:yy:zz -81 0 -11 0 2 ABC
90:EF:68:xx:yy:zz B8:E8:56:xx:yy:zz -15 0 - 1 12 3
root@kali:~#
Removed MAC addresses & SSIDs for privacy
Code:
root@kali:~# wash -i mon0
Wash v1.4 WiFi Protected Setup Scan Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]>
BSSID Channel RSSI WPS Version WPS Locked ESSID
---------------------------------------------------------------------------------------------------------------
[!] Found packet with bad FCS, skipping...
[!] Found packet with bad FCS, skipping...
[!] Found packet with bad FCS, skipping...
^C
root@kali:~# wash -i mon0 --ignore-fcs
Wash v1.4 WiFi Protected Setup Scan Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]>
BSSID Channel RSSI WPS Version WPS Locked ESSID
---------------------------------------------------------------------------------------------------------------
58:98:35:xx:yy:zz 1 -82 1.0 No ABC
80:37:73:xx:yy:zz 6 -84 1.0 Yes ABC
68:A0:F6:xx:yy:zz 10 -86 1.0 Yes ABC
9C:80:DF:xx:yy:zz 11 -82 1.0 Yes ABC
^C
root@kali:~#
Removed MAC addresses & SSIDs for privacy