I recently picked up a 5GHz/AC Alfa card for engagements, so I wanted to cover AWUS036ACH setup in Kali.
AWUS036ACH Setup – Introduction
Verifying Kernel and Installing the Drivers
First, I made sure that my kernel was up-to-date.
[email protected]:~# uname -a Linux kali 4.13.0-kali1-686-pae #1 SMP Debian 4.13.10-1kali1 (2017-11-03) i686 GNU/Linux
Next, I made sure to remove and purge the existing drivers from my system. NOTE: do not think that you can skip this step, or you will probably run into issues later on.
[email protected]:~# apt-get remove realtek-rtl88xxau-dkms [email protected]:~# apt-get purge realtek-rtl88xxau-dkms
Finally, I (re)installed the proper Realtek drivers.
[email protected]:~# apt-get install -y realtek-rtl88xxau-dkms
With the drivers installed, I reconnected the device and verified that it showed up in iwconfig.
[email protected]:~# iwconfig eth0 no wireless extensions. wlan0 IEEE 802.11 ESSID:off/any Mode:Managed Access Point: Not-Associated Tx-Power=12 dBm Retry short limit:7 RTS thr:off Fragment thr:off Encryption key:off Power Management:off lo no wireless extensions.
Next, I manually put the card in monitor mode to make sure that it could properly switch.
[email protected]:~# ifconfig wlan0 down [email protected]:~# iwconfig wlan0 mode monitor [email protected]:~# ifconfig wlan0 up [email protected]:~# iwconfig eth0 no wireless extensions. wlan0 IEEE 802.11 Mode:Monitor Frequency:2.412 GHz Tx-Power=12 dBm Retry short limit:7 RTS thr:off Fragment thr:off Power Management:off lo no wireless extensions.
Finally, I used airmon-ng to verify that I could also enter monitor mode using it.
[email protected]:~# airmon-ng stop wlan0 PHY Interface Driver Chipset phy7 wlan0 8812au Realtek Semiconductor Corp. RTL8812AU 802.11a/b/g/n/ac WLAN Adapter You already have a wlan0 device but it is NOT in station mode. Whatever you did, don't do it again. Please run "iw wlan0 del" before attempting to continue [email protected]:~# airmon-ng start wlan0 6 Found 2 processes that could cause trouble. If airodump-ng, aireplay-ng or airtun-ng stops working after a short period of time, you may want to run 'airmon-ng check kill' PID Name 4641 dhclient 4669 dhclient PHY Interface Driver Chipset phy7 wlan0 8812au Realtek Semiconductor Corp. RTL8812AU 802.11a/b/g/n/ac WLAN Adapter (mac80211 monitor mode already enabled for [phy7]wlan0 on [phy7]6)
With monitor mode working, the last test for the card was packet injection. I used aireplay-ng and any APs that I could find. While it worked, injection was a bit on the low side.
[email protected]:~# aireplay-ng -9 wlan0 21:47:29 Trying broadcast probe requests... 21:47:31 Injection is working! 21:47:31 Found 7 APs 21:47:31 Trying directed probe requests... 21:47:31 8A:xx:xx:xx:xx:xx - channel: 6 - 'CRG' 21:47:35 Ping (min/avg/max): 3.083ms/36.303ms/135.699ms Power: -52.09 21:47:35 11/30: 36% 21:47:35 50:xx:xx:xx:xx:xx - channel: 6 - 'Car-Test-C' 21:47:40 Ping (min/avg/max): 2.724ms/16.048ms/56.770ms Power: -40.50 21:47:40 8/30: 26% 21:47:40 9C:xx:xx:xx:xx:xx - channel: 6 - 'Car-Test-A' 21:47:43 Ping (min/avg/max): 2.529ms/49.418ms/199.492ms Power: -47.21 21:47:43 19/30: 63% 21:47:43 8A:xx:xx:xx:xx:xx - channel: 6 - 'CRG Guest' 21:47:48 Ping (min/avg/max): 4.356ms/80.951ms/200.017ms Power: -52.50 21:47:48 8/30: 26% 21:47:48 34:xx:xx:xx:xx:xx - channel: 6 - 'Internet-ASDF' 21:47:52 Ping (min/avg/max): 2.610ms/48.672ms/196.792ms Power: -70.31 21:47:52 13/30: 43% 21:47:52 00:xx:xx:xx:xx:xx - channel: 6 - 'linksys' 21:47:58 Ping (min/avg/max): 5.073ms/22.112ms/44.140ms Power: -73.00 21:47:58 3/30: 10% 21:47:58 34:xx:xx:xx:xx:xx - channel: 6 - 'WLAN-ASDF' 21:48:02 Ping (min/avg/max): 2.433ms/80.589ms/197.705ms Power: -66.25 21:48:02 12/30: 40%
AWUS036ACH Setup – Conclusion
It was great to have a 5GHz/AC card working, and it was quite easy to set up.
While the injection numbers did disappoint me, I’m hoping those improve with some newer drivers.
That said, I did recently pick up a couple of AWUS051NH cards, and those should do 5GHz in Kali out of the box as well!
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he’s done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!
He currently serves as a Senior Staff Adversarial Engineer for Avalara, and his previous position was a Principal Penetration Testing Consultant for Secureworks.
This page contains links to products that I may receive compensation from at no additional cost to you. View my Affiliate Disclosure page here. As an Amazon Associate, I earn from qualifying purchases.