Results 1 to 5 of 5

Thread: [Working Hardware] ALFA AWUS036H 500mW (Realtek RTL8187L - rtl8187)

  1. #1

    [Working Hardware] ALFA AWUS036H 500mW (Realtek RTL8187L - rtl8187)

    OS: Kali Linux 1.0.3 (x86)
    Machine: Virtual (VMware)
    Make/Model: ALFA Network AWUS036H (500mW)
    Chipset: Realtek RTL8187L
    Driver: rtl8187
    Stack: mac80211
    Injection: Yes
    Method: Works out of the box. Plug in USB & go!
    Reaver: No issues

    Other hardware: Linksys WUSB54GC & Edimax EW-7711UAN

    Code:
    root@kali:~# lsusb
    Bus 001 Device 002: ID 0bda:8187 Realtek Semiconductor Corp. RTL8187 Wireless Adapter
    Bus 002 Device 002: ID 0e0f:0003 VMware, Inc. Virtual Mouse
    Bus 002 Device 003: ID 0e0f:0002 VMware, Inc. Virtual USB Hub
    Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
    Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
    Bus 002 Device 004: ID 0e0f:0008 VMware, Inc. 
    root@kali:~# dmesg | grep 8187
    [    1.833207] usb 1-1: New USB device found, idVendor=0bda, idProduct=8187
    [    1.833214] usb 1-1: Product: RTL8187_Wireless_LAN_Adapter
    [    1.833216] usb 1-1: Manufacturer: Manufacturer_Realtek_RTL8187_
    [    4.377289] ieee80211 phy0: hwaddr 00:c0:ca:1e:60:92, RTL8187vB (default) V1 + rtl8225z2, rfkill mask 2
    [    4.404648] rtl8187: Customer ID is 0xFF
    [    4.404730] Registered led device: rtl8187-phy0::radio
    [    4.404753] Registered led device: rtl8187-phy0::tx
    [    4.404773] Registered led device: rtl8187-phy0::rx
    [    4.406489] rtl8187: wireless switch is on
    [    4.406555] usbcore: registered new interface driver rtl8187
    root@kali:~#
    Code:
    root@kali:~# ifconfig
    lo        Link encap:Local Loopback  
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:65536  Metric:1
              RX packets:12 errors:0 dropped:0 overruns:0 frame:0
              TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0 
              RX bytes:720 (720.0 B)  TX bytes:720 (720.0 B)
    
    wlan0     Link encap:Ethernet  HWaddr 00:c0:ca:1e:60:92  
              UP BROADCAST MULTICAST  MTU:1500  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000 
              RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
    
    root@kali:~# iwconfig
    wlan0     IEEE 802.11bg  ESSID:off/any  
              Mode:Managed  Access Point: Not-Associated   Tx-Power=20 dBm   
              Retry  long limit:7   RTS thr:off   Fragment thr:off
              Encryption key:off
              Power Management:off
              
    lo        no wireless extensions.
    
    root@kali:~#
    Code:
    root@kali:~# ls -l /sys/class/net/wlan0/device/driver
    lrwxrwxrwx 1 root root 0 Apr 29 15:36 /sys/class/net/wlan0/device/driver -> ../../../../../../../bus/usb/drivers/rtl8187
    root@kali:~# lsmod | grep -i rtl8187
    rtl8187                31077  0 
    mac80211              287461  1 rtl8187
    cfg80211              123887  2 mac80211,rtl8187
    eeprom_93cx6           12641  1 rtl8187
    usbcore               109555  5 btusb,uhci_hcd,rtl8187,ehci_hcd,usbhid
    root@kali:~#
    Code:
    root@kali:~# airmon-ng
    
    
    Interface Chipset        Driver
    
    wlan0          Realtek RTL8187L    rtl8187 - [phy0]
    
    root@kali:~# airmon-zc
    
    
    X[PHY]Interface     Driver[Stack]-FirmwareRev     Chipset                                 Extended Info
    
    K[phy0]wlan0   rtl8187[mac80211]-unavailable Realtek Semiconductor Corp. RTL8187     
    
    root@kali:~#

    Code:
    root@kali:~# iwlist wlan0 frequency
    wlan0     14 channels in total; available frequencies :
              Channel 01 : 2.412 GHz
              Channel 02 : 2.417 GHz
              Channel 03 : 2.422 GHz
              Channel 04 : 2.427 GHz
              Channel 05 : 2.432 GHz
              Channel 06 : 2.437 GHz
              Channel 07 : 2.442 GHz
              Channel 08 : 2.447 GHz
              Channel 09 : 2.452 GHz
              Channel 10 : 2.457 GHz
              Channel 11 : 2.462 GHz
              Channel 12 : 2.467 GHz
              Channel 13 : 2.472 GHz
              Channel 14 : 2.484 GHz
    root@kali:~#
    Code:
    root@kali:~# airmon-ng start wlan0 6 
    
    
    Found 4 processes that could cause trouble.
    If airodump-ng, aireplay-ng or airtun-ng stops working after
    a short period of time, you may want to kill (some of) them!
    -e 
    PID  Name
    2751 NetworkManager
    2883 wpa_supplicant
    2885 dhclient
    2887 dhclient
    
    
    Interface Chipset        Driver
    
    wlan0          Realtek RTL8187L    rtl8187 - [phy0]
                        (monitor mode enabled on mon0)
    
    root@kali:~#
    Code:
    root@kali:~# aireplay-ng --test -e NETGEAR mon0
    15:37:41  Waiting for beacon frame (ESSID: NETGEAR) on channel 6
    Found BSSID "00:24:B2:xx:yy:zz" to given ESSID "NETGEAR".
    15:37:41  Trying broadcast probe requests...
    15:37:41  Injection is working!
    15:37:43  Found 1 AP 
    
    15:37:43  Trying directed probe requests...
    15:37:43  00:24:B2:xx:yy:zz - channel: 6 - 'NETGEAR'
    15:37:44  Ping (min/avg/max): 2.985ms/24.783ms/47.072ms Power: -29.03
    15:37:44  30/30: 100%
    
    root@kali:~# 
    Removed NIC specific values in MAC Address for privacy
    Added in another WiFi card
    Code:
    root@kali:~# aireplay-ng --test -e NETGEAR -i mon1 mon0
    ...SNIP...
    17:00:27  Trying card-to-card injection...
    17:00:27  Attack -0:           OK
    17:00:27  Attack -1 (open):    OK
    17:00:27  Attack -1 (psk):     OK
    17:00:27  Attack -2/-3/-4/-6:  OK
    17:00:27  Attack -5/-7:        OK
    root@kali:~#
    Last edited by g0tmi1k; 2015-04-25 at 10:22 AM.

  2. #2
    Code:
    root@kali:~# airodump-ng mon0
     CH 12 ][ Elapsed: 16 s ][ 2015-04-25 11:11
    
     BSSID              PWR  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID
    
     90:EF:68:xx:yy:zz  -39       17        3    0  13  54e. WPA2 CCMP   PSK  ABC
     9C:80:DF:xx:yy:zz  -59       15        0    0  11  54e  WPA2 CCMP   PSK  ABC
     80:37:73:xx:yy:zz  -62       18        0    0   6  54e  WPA2 CCMP   PSK  ABC
     00:24:B2:xx:yy:zz  -63        7        0    0   1  54e. WPA2 CCMP   PSK  NETGEAR
     12:8A:AE:xx:yy:zz  -63       14        0    0   1  54e. OPN              ABC
     68:A0:F6:xx:yy:zz  -64       16        0    0  10  54e  WPA2 CCMP   PSK  ABC
     02:8A:AE:xx:yy:zz  -64        9        0    0   1  54e. OPN              ABC
     E4:F4:C6:xx:yy:zz  -64        8        1    0   6  54e  WPA2 CCMP   PSK  ABC
     18:83:BF:xx:yy:zz  -66        4        0    0   1  54e  WPA2 CCMP   PSK  ABC
     58:98:35:xx:yy:zz  -69        3        0    0   1  54e  WPA2 CCMP   PSK  ABC
     62:83:BF:xx:yy:zz  -72        9        0    0   6  54e  WPA2 CCMP   MGT  ABC
     C4:04:15:xx:yy:zz  -69       13        0    0  11  22e  WEP  WEP         ABC
     9C:D6:43:xx:yy:zz  -70        9        2    0  11  54e  WPA2 CCMP   PSK  ABC
     18:83:BF:xx:yy:zz  -72        9        0    0   6  54e  WPA2 CCMP   PSK  ABC
     62:83:BF:xx:yy:zz  -71        8        0    0   6  54e  OPN              ABC
     A0:21:B7:xx:yy:zz  -73        3        0    0   9  54e  WPA2 CCMP   PSK  ABC
     28:28:5D:xx:yy:zz  -74        3        0    0  11  54e  WPA2 CCMP   PSK  ABC
     C0:A0:BB:xx:yy:zz  -73        4        0    0  11  54e  WPA2 CCMP   PSK  ABC
     D0:84:B0:xx:yy:zz  -75        2        0    0  11  54e. WPA2 CCMP   PSK  ABC
    
     BSSID              STATION            PWR   Rate    Lost    Frames  Probe
    
     (not associated)   5C:F5:DA:25:BD:D8  -71    0 - 1      0        1  ABC
     (not associated)   BC:30:7D:12:56:48  -72    0 - 1     43       12  ABC
     90:EF:68:xx:yy:zz  B8:E8:56:xx:yy:zz  -44    0 - 1      0        3
     80:37:73:xx:yy:zz  C4:54:44:xx:yy:zz  -73    0 - 1      0        1
     E4:F4:C6:xx:yy:zz  90:18:7C:xx:yy:zz  -73    0 - 1      0        1
     E4:F4:C6:xx:yy:zz  34:AA:8B:xx:yy:zz  -74    0 - 1     13        2
    
    root@kali:~#
    Code:
    root@kali:~# wash -i mon0
    
    Wash v1.4 WiFi Protected Setup Scan Tool
    Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
    
    BSSID                  Channel       RSSI       WPS Version       WPS Locked        ESSID
    ---------------------------------------------------------------------------------------------------------------
    00:24:B2:xx:yy:zz       1            -68        1.0               No                NETGEAR
    E4:F4:C6:xx:yy:zz       1            -74        1.0               Yes               ABC
    00:8A:AE:xx:yy:zz       1            -66        1.0               No                ABC
    ^C
    root@kali:~# 
    Removed MAC addresses & SSIDs for privacy



    Images


    Last edited by g0tmi1k; 2015-04-25 at 10:22 AM.
    This is a Kali-Linux support forum - not general IT/infosec help.

    Useful Commands: OS, Networking, Hardware, Wi-Fi
    Troubleshooting: Kali-Linux Installation, Repository, Wi-Fi Cards (Official Docs)
    Hardware: Recommended 802.11 Wireless Cards

    Search: https://www.kali.org/search/
    Documentation: http://docs.kali.org/ (Offline PDF version)
    Bugs Reporting & Tool Requests: https://bugs.kali.org/
    Kali Tool List, Versions & Man Pages: http://tools.kali.org/

  3. #3
    Member
    Join Date
    May 2014
    Posts
    31
    Yes, It does work, but slow as hell. Just got it 2 days ago. No VM. I see more Aps that in win7, but slower that win7.

  4. #4
    Junior Member
    Join Date
    Mar 2013
    Location
    Indonesia
    Posts
    19
    ALFA AWUS036H is one of the device that recommended to be used for WiFu Course

    thanks for sharing
    OSCP | OSWP | Offsec is the best :)

  5. #5
    Member
    Join Date
    Aug 2015
    Location
    The Pits
    Posts
    86
    Uh... I thought it might be wise to mention that if a target AP and station are using wireless N you will not be able to capture a handshake with the 036H. Just saying.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •