Results 1 to 4 of 4

Thread: [Working Hardware] Linksys WUSB54GC v1 (Ralink 2573 USB - rt73usb)

  1. #1

    [Working Hardware] Linksys WUSB54GC v1 (Ralink 2573 USB - rt73usb)

    OS: Kali Linux 1.0.3 (x86)
    Machine: Virtual (VMware)
    Make/Model: Linksys WUSB54GC v1 Compact Wireless-G USB Adapter
    Chipset: Ralink 2573 USB
    Driver: rt73usb
    Stack: mac80211
    Injection: Yes
    Method: Works out of the box. Plug in USB & go!
    Reaver: Needs '--ignore-fcs'

    Other hardware: ALFA AWUS036H & Edimax EW-7711UAN

    Code:
    root@kali:~# lsusb
    Bus 001 Device 002: ID 13b1:0020 Linksys WUSB54GC v1 802.11g Adapter [Ralink RT73]
    Bus 002 Device 002: ID 0e0f:0003 VMware, Inc. Virtual Mouse
    Bus 002 Device 003: ID 0e0f:0002 VMware, Inc. Virtual USB Hub
    Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
    Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
    Bus 002 Device 005: ID 0e0f:0008 VMware, Inc. 
    root@kali:~# dmesg | grep -i RT73
    [ 7241.571232] Registered led device: rt73usb-phy0::radio
    [ 7241.571255] Registered led device: rt73usb-phy0::assoc
    [ 7241.571270] Registered led device: rt73usb-phy0::quality
    [ 7241.573367] usbcore: registered new interface driver rt73usb
    [ 7241.675688] rt73usb 1-1:1.0: firmware: agent loaded rt73.bin into memory
    root@kali:~#
    Code:
    root@kali:~# ifconfig
    lo        Link encap:Local Loopback  
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:65536  Metric:1
              RX packets:108 errors:0 dropped:0 overruns:0 frame:0
              TX packets:108 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0 
              RX bytes:6480 (6.3 KiB)  TX bytes:6480 (6.3 KiB)
    
    wlan0     Link encap:Ethernet  HWaddr 00:18:f8:a4:9e:ff  
              UP BROADCAST MULTICAST  MTU:1500  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000 
              RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
    
    root@kali:~# iwconfig
    wlan0     IEEE 802.11bg  ESSID:off/any  
              Mode:Managed  Access Point: Not-Associated   Tx-Power=20 dBm   
              Retry  long limit:7   RTS thr:off   Fragment thr:off
              Encryption key:off
              Power Management:on
              
    lo        no wireless extensions.
    
    root@kali:~#
    Code:
    root@kali:~# ls -l /sys/class/net/wlan0/device/driver
    lrwxrwxrwx 1 root root 0 Apr 29 16:03 /sys/class/net/wlan0/device/driver -> ../../../../../../../bus/usb/drivers/rt73usb
    root@kali:~# lsmod | grep -i rt73usb
    rt73usb                22006  0 
    rt2x00usb              13393  1 rt73usb
    rt2x00lib              37542  2 rt73usb,rt2x00usb
    crc_itu_t              12332  1 rt73usb
    usbcore               109555  6 btusb,uhci_hcd,rt73usb,rt2x00usb,ehci_hcd,usbhid
    root@kali:~#
    Code:
    root@kali:~# airmon-ng
    
    
    Interface Chipset        Driver
    
    wlan0          Ralink 2573 USB     rt73usb - [phy0]
    
    root@kali:~# airmon-zc
    
    
    X[PHY]Interface     Driver[Stack]-FirmwareRev     Chipset                                 Extended Info
    
    K[phy0]wlan0   rt73usb[mac80211]-unavailable Linksys WUSB54GC v1 802.11g Adapter [Ralink RT73] 
    
    root@kali:~#
    Code:
    root@kali:~# iwlist wlan0 frequency
    wlan0     14 channels in total; available frequencies :
              Channel 01 : 2.412 GHz
              Channel 02 : 2.417 GHz
              Channel 03 : 2.422 GHz
              Channel 04 : 2.427 GHz
              Channel 05 : 2.432 GHz
              Channel 06 : 2.437 GHz
              Channel 07 : 2.442 GHz
              Channel 08 : 2.447 GHz
              Channel 09 : 2.452 GHz
              Channel 10 : 2.457 GHz
              Channel 11 : 2.462 GHz
              Channel 12 : 2.467 GHz
              Channel 13 : 2.472 GHz
              Channel 14 : 2.484 GHz
    root@kali:~#
    Code:
    root@kali:~# airmon-ng start wlan0 6 
    
    
    Found 4 processes that could cause trouble.
    If airodump-ng, aireplay-ng or airtun-ng stops working after
    a short period of time, you may want to kill (some of) them!
    -e 
    PID  Name
    2663 NetworkManager
    2774 dhclient
    3813 dhclient
    8859 wpa_supplicant
    
    
    Interface Chipset        Driver
    
    wlan0          Ralink 2573 USB     rt73usb - [phy0]
                        (monitor mode enabled on mon0)
    
    root@kali:~#
    Code:
    root@kali:~# aireplay-ng --test -e NETGEAR mon0
    16:05:27  Waiting for beacon frame (ESSID: NETGEAR) on channel 6
    Found BSSID "00:24:B2:xx:yy:zz" to given ESSID "NETGEAR".
    16:05:27  Trying broadcast probe requests...
    16:05:27  Injection is working!
    16:05:29  Found 1 AP 
    
    16:05:29  Trying directed probe requests...
    16:05:29  00:24:B2:xx:yy:zz - channel: 6 - 'NETGEAR'
    16:05:29  Ping (min/avg/max): 2.676ms/9.759ms/16.307ms Power: -41.76
    16:05:29  29/30:  96%
    
    root@kali:~#
    Removed NIC specific values in MAC Address for privacy
    Added in another WiFi card
    Code:
    root@kali:~# aireplay-ng --test -e NETGEAR -i mon1 mon0
    ...SNIP... 
    17:03:43  Trying card-to-card injection...
    17:03:43  Attack -0:           OK
    17:03:43  Attack -1 (open):    OK
    17:03:43  Attack -1 (psk):     OK
    17:03:43  Attack -2/-3/-4/-6:  OK
    17:03:43  Attack -5/-7:        OK
    root@kali:~#
    Code:
    root@kali:~# airodump-ng mon0
     CH  8 ][ Elapsed: 16 s ][ 2015-04-25 11:37
    
     BSSID              PWR  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID
    
     90:EF:68:xx:yy:zz  -50       10        2    0  13  54e. WPA2 CCMP   PSK  ABC
     9C:80:DF:xx:yy:zz  -77        7        0    0  11  54e  WPA2 CCMP   PSK  ABC
     58:98:35:xx:yy:zz  -78        9        1    0   1  54e  WPA2 CCMP   PSK  ABC
     68:A0:F6:xx:yy:zz  -81        5        0    0  10  54e  WPA2 CCMP   PSK  ABC
     80:37:73:xx:yy:zz  -81        7        1    0   6  54e  WPA2 CCMP   PSK  ABC
    
     BSSID              STATION            PWR   Rate    Lost    Frames  Probe
    
     (not associated)   E2:0C:7F:xx:yy:zz  -81    0 -11      0        2  ABC
     90:EF:68:xx:yy:zz  B8:E8:56:xx:yy:zz  -15    0 - 1     12        3
    
    root@kali:~#
    Removed MAC addresses & SSIDs for privacy

    Code:
    root@kali:~# wash -i mon0
    
    Wash v1.4 WiFi Protected Setup Scan Tool
    Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
    
    BSSID                  Channel       RSSI       WPS Version       WPS Locked        ESSID
    ---------------------------------------------------------------------------------------------------------------
    [!] Found packet with bad FCS, skipping...
    [!] Found packet with bad FCS, skipping...
    [!] Found packet with bad FCS, skipping...
    ^C
    root@kali:~# wash -i mon0 --ignore-fcs
    
    Wash v1.4 WiFi Protected Setup Scan Tool
    Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
    
    BSSID                  Channel       RSSI       WPS Version       WPS Locked        ESSID
    ---------------------------------------------------------------------------------------------------------------
    58:98:35:xx:yy:zz       1            -82        1.0               No                ABC
    80:37:73:xx:yy:zz       6            -84        1.0               Yes               ABC
    68:A0:F6:xx:yy:zz      10            -86        1.0               Yes               ABC
    9C:80:DF:xx:yy:zz      11            -82        1.0               Yes               ABC
    ^C
    root@kali:~# 
    Removed MAC addresses & SSIDs for privacy
    Last edited by g0tmi1k; 2015-04-25 at 10:40 AM.

  2. #2
    Junior Member
    Join Date
    Sep 2013
    Posts
    16
    Hi g0tmi1k,

    I have a Edimax EW-7318USg (rt2573 chipset) on a fully updated and installed kali-linux-all vm:
    Linux Kali 3.12-kali1-686-pae #1 SMP Debian 3.12.6-2kali1 (2014-01-06) i686 GNU/Linux

    Everything looks the same except that aireplay-ng --test fails the whole time on multiple APs. and injection does not work.

    Any ideas on getting this working?

    Regards
    Last edited by Kleinblaar; 2014-03-27 at 09:45 AM.

  3. #3
    Junior Member
    Join Date
    Sep 2013
    Posts
    16
    I got it working after the latest dist-upgrade. Thanks

  4. #4
    Junior Member
    Join Date
    Apr 2014
    Posts
    2
    What does this do? And i have a problem anyone help me. I have linksys wusb54gc v1 adapter and i attack the tp link 842 nd router but

    ent
    Reported by umih...@gmail.com , Jun 4, 2013
    A few things to consider before submitting
    an issue:
    0. We write documentation for a reason, if
    you have not read it and are
    having problems with Reaver these pages are
    required reading before
    submitting an issue:
    http://code.google.com/p/reaver-wps/wiki/
    HintsAndTips
    http://code.google.com/p/reaver-wps/wiki/
    README
    http://code.google.com/p/reaver-wps/wiki/FAQ
    http://code.google.com/p/reaver-wps/wiki/
    SupportedWirelessDrivers
    1. Reaver will only work if your card is in
    monitor mode. If you do not
    know what monitor mode is then you should
    learn more about 802.11 hacking
    in linux before using Reaver.
    2. Using Reaver against access points you do
    not own or have permission to
    attack is illegal. If you cannot answer
    basic questions (i.e. model
    number, distance away, etc) about the
    device you are attacking then do not
    post your issue here. We will not help you
    break the law.
    3. Please look through issues that have
    already been posted and make sure
    your question has not already been asked
    here: http://code.google.com/p
    /reaver-wps/issues/list
    4. Often times we need packet captures of
    mon0 while Reaver is running to
    troubleshoot the issue (tcpdump -i mon0 -s0
    -w broken_reaver.pcap). Issue
    reports with pcap files attached will
    receive more serious consideration.
    Answer the following questions for every
    issue submitted:
    0. What version of Reaver are you using?
    (Only defects against the latest
    version will be considered.)
    reaver 1.4
    1. What operating system are you using
    (Linux is the only supported OS)?
    Linux kali 3.7-trunk-686-pae #1 SMP Debian
    3.7.2-0+kali6 i686 GNU/Linux
    2. Is your wireless card in monitor mode
    (yes/no)?
    yes. Atheros chipset.
    3. What is the signal strength of the Access
    Point you are trying to crack?
    -59
    4. What is the manufacturer and model # of
    the device you are trying to
    crack?
    TP-Link
    5. What is the entire command line string
    you are supplying to reaver?
    reaver -i mon0 -b F8:1A:679:C8:B6 -c 1 -
    vv --pin 42726944 -d 15
    6. Please describe what you think the issue
    is.
    I know this AP's WPS Pin code so i tried to
    get the passphare quickly cause TP-Link's AP
    has a protection function as it designed to
    lock out (disable) WPS connection after
    several failed WPS. It will turn on WPS
    after over 12 hours.
    7. Paste the output from Reaver below.
    [+] Switching mon0 to channel 1
    [+] Waiting for beacon from
    F8:1A:679:C8:B6
    [+] Associated with xxxxxxxxxx
    (ESSID:xxx)
    [+] Trying pin 42726944
    [+] Sending EAPOL START request
    [+] Received identity request
    [+] Sending identity response
    [+] Received M1 message
    [+] Sending M2 message
    [+] Received M1 message
    [+] Sending WSC NACK
    [+] Sending WSC NACK
    [!] WPS transaction failed (code: 0x03), re-
    trying last pin





    And router closing wps any one help me
    Note : wash - i mon - C not founding modem i found airodump-ng

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •