OS: Kali Linux 1.1.0a (x64) (Aircrack-ng: 1.2 RC1)
Machine: Virtual (VMware)
Make/Model: Edimax EW-7711UAN
Chipset: Ralink RT2870
Driver: rt2800usb
Stack: ieee80211
Injection: Yes
Method: (Mostly) works (from straight of the box. Attack -5/-7 fails). Plug in USB & go!
Reaver: Needs '--ignore-fcs'
Bought from: http://www.amazon.co.uk/Edimax-EW-77.../dp/B001KOTDDU
Other hardware: ALFA AWUS036H & Linksys WUSB54GC
Code:
root@kali:~# lsusb
Bus 002 Device 003: ID 7392:7711 Edimax Technology Co., Ltd EW-7711UTn nLite Wireless Adapter [Ralink RT2870]
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 003: ID 0e0f:0002 VMware, Inc. Virtual USB Hub
Bus 001 Device 002: ID 0e0f:0003 VMware, Inc. Virtual Mouse
Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
root@kali:~# dmesg | grep -i rt2
[ 372.364527] ieee80211 phy0: rt2x00_set_rt: Info - RT chipset 3070, rev 0201 detected
[ 372.648322] ieee80211 phy0: rt2x00_set_rf: Info - RF chipset 0005 detected
[ 372.661069] usbcore: registered new interface driver rt2800usb
[ 372.706765] ieee80211 phy0: rt2x00lib_request_firmware: Info - Loading firmware file 'rt2870.bin'
[ 372.707602] rt2800usb 2-1:1.0: firmware: direct-loading firmware rt2870.bin
[ 372.707609] ieee80211 phy0: rt2x00lib_request_firmware: Info - Firmware detected - version: 0.29
root@kali:~#
Code:
root@kali:~# ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:480 (480.0 B) TX bytes:480 (480.0 B)
wlan0 Link encap:Ethernet HWaddr 80:1f:02:ee:3b:c8
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
root@kali:~# iwconfig
wlan0 IEEE 802.11bgn ESSID:off/any
Mode:Managed Access Point: Not-Associated Tx-Power=20 dBm
Retry short limit:7 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
lo no wireless extensions.
root@kali:~#
Code:
root@kali:~# ls -l /sys/class/net/wlan0/device/driver
lrwxrwxrwx 1 root root 0 Apr 25 10:18 /sys/class/net/wlan0/device/driver -> ../../../../../../../bus/usb/drivers/rt2800usb
root@kali:~# lsmod | grep -i rt2800usb
rt2800usb 26222 0
rt2x00usb 17642 1 rt2800usb
rt2800lib 81543 1 rt2800usb
rt2x00lib 46315 3 rt2x00usb,rt2800lib,rt2800usb
usbcore 199549 6 uhci_hcd,rt2x00usb,rt2800usb,ehci_hcd,ehci_pci,usbhid
root@kali:~#
Code:
root@kali:~# airmon-ng
Interface Chipset Driver
wlan0 Ralink RT2870/3070 rt2800usb - [phy0]
root@kali:~# airmon-zc
PHY Interface Driver Chipset
phy0 wlan0 rt2800usb Edimax Technology Co., Ltd EW-7711UTn nLite [Ralink RT2870]
root@kali:~#
Code:
root@kali:~# iwlist wlan0 frequency
wlan0 14 channels in total; available frequencies :
Channel 01 : 2.412 GHz
Channel 02 : 2.417 GHz
Channel 03 : 2.422 GHz
Channel 04 : 2.427 GHz
Channel 05 : 2.432 GHz
Channel 06 : 2.437 GHz
Channel 07 : 2.442 GHz
Channel 08 : 2.447 GHz
Channel 09 : 2.452 GHz
Channel 10 : 2.457 GHz
Channel 11 : 2.462 GHz
Channel 12 : 2.467 GHz
Channel 13 : 2.472 GHz
Channel 14 : 2.484 GHz
root@kali:~#
Code:
root@kali:~# airmon-ng start wlan0 1
Found 3 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
-e
PID Name
3431 NetworkManager
3582 dhclient
5431 wpa_supplicant
Interface Chipset Driver
wlan0 Ralink RT2870/3070 rt2800usb - [phy0]
(monitor mode enabled on mon0)
root@kali:~# aireplay-ng --test -e NETGEAR mon0
10:22:09 Waiting for beacon frame (ESSID: NETGEAR) on channel 1
Found BSSID "00:24:B2:xx:yy:zz" to given ESSID "NETGEAR".
10:22:11 Trying broadcast probe requests...
10:22:11 Injection is working!
10:22:11 Found 1 AP
10:22:11 Trying directed probe requests...
10:22:11 00:24:B2:xx:yy:zz - channel: 1 - 'NETGEAR'
10:22:13 Ping (min/avg/max): 1.482ms/16.816ms/58.571ms Power: -71.65
10:22:13 23/30: 76%
10:22:13 Injection is working!
root@kali:~#
Removed NIC specific values in MAC address for privacy
Added in another WiFi card
Code:
root@kali:~# aireplay-ng --test -e NETGEAR -i mon1 mon0
...SNIP...
10:23:13 Trying card-to-card injection...
10:23:13 Attack -0: OK
10:23:13 Attack -1 (open): OK
10:23:13 Attack -1 (psk): OK
10:23:13 Attack -2/-3/-4/-6: OK
10:23:18 Attack -5/-7: Failed
root@kali:~#