New Alfa AWUS036NHA, configuring for Kali, and some scanning

I recently picked up a new Alfa AWUS036NHA to play with for wireless testing, scanning, and general signal boosting.

Hardware

To start, the one I ordered came with a 9dBi antenna, which was awesome.

Alfa AWUS036NHA - Box

Alfa AWUS036NHA - Antenna

Alfa AWUS036NHA - Opened Box

Once I got the device out of the box, I hooked it up to my workstation.

Alfa AWUS036NHA - Connected

Configuration

After I connected the card, VirtualBox detected it for USB pass-thru.

Alfa AWUS036NHA - USB Passthru

First, I wanted to set up a device filter so that it would automatically be connected to my VM.

Alfa AWUS036NHA - Device filter

That said, I ran into some issues with the default filter, so I had to create a blank filter with the proper values.

Alfa AWUS036NHA - Blank filter

Once I created a new blank filter, I just added the appropriate Vendor ID and Product ID and saved it.

Alfa AWUS036NHA - New filter

After I had the device filter setup, I detached the device from my workstation and logged into Kali. As you can see, there are no wireless devices connected to my VM yet.

Alfa AWUS036NHA - No wireless

I then connected my device to my workstation, VirtualBox detected it, and then automatically passed on to the VM.

Alfa AWUS036NHA - VM detection

To verify the connection, I again ran iwconfig and had a wlan0 device this time.

Alfa AWUS036NHA - iwconfig

Scanning

With everything properly connected and configured, it was time to set up monitor mode. To do this, I started airmon-ng on the wlan0 device.

root@kali:~# airmon-ng start wlan0

Found 3 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to run 'airmon-ng check kill'

  PID Name
  407 NetworkManager
  629 dhclient
 1025 wpa_supplicant

PHY    Interface    Driver        Chipset

phy0    wlan0        ath9k_htc    Atheros Communications, Inc. AR9271 802.11n

        (mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon)
        (mac80211 station mode vif disabled for [phy0]wlan0)

I verified the monitor mode device by running ifconfig and viewing the output.

Alfa AWUS036NHA - Monitor mode

Once I put the device properly in monitor mode, then I ran airodump!

root@kali:~# airodump-ng wlan0mon

After letting this run for a while, I had a fair amount of SSIDs and beacons detected! Unfortunately, nothing in my immediate vicinity was running WEP.

Alfa AWUS036NHA - Airodump

Finally, I ran Wash to find out if there were any weak WPS devices that I could use to test out my new card.

root@kali:~# wash -i wlan0mon

Wash v1.5.2 WiFi Protected Setup Scan Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner 
mod by t6_x  & DataHead & Soxrok2212

BSSID                  Channel       RSSI       WPS Version       WPS Locked        ESSID
---------------------------------------------------------------------------------------------------------------
EC:xx:xx:xx:xx:xx       1            00        1.0               Yes               DI...
2C:xx:xx:xx:xx:xx       3            00        1.0               No                NET...
F8:xx:xx:xx:xx:xx       5            00        1.0               No                ATT...
C8:xx:xx:xx:xx:xx       6            00        1.0               No                Hall...
FC:xx:xx:xx:xx:xx       1            00        1.0               No                Cas...
B0:xx:xx:xx:xx:xx       1            00        1.0               No                NET...
38:xx:xx:xx:xx:xx       5            00        1.0               No                ATT...
20:xx:xx:xx:xx:xx       9            00        1.0               No                Blue...
C0:xx:xx:xx:xx:xx       0            00        1.0               No                Link...
DC:xx:xx:xx:xx:xx      11            00        1.0               No                ATT...
44:xx:xx:xx:xx:xx      11            00        1.0               No                wil...
94:xx:xx:xx:xx:xx      11            00        1.0               No                SHOP...
70:xx:xx:xx:xx:xx      11            00        1.0               No                TC8...
34:xx:xx:xx:xx:xx       6            00        1.0               No                WIFI...
F8:xx:xx:xx:xx:xx       9            00        1.0               No                ATT...
48:xx:xx:xx:xx:xx       6            00        1.0               No                WIFI...

Unfortunately, no low hanging fruit there either.

All in all, an easy to set up and use device that I’m looking forward to playing with for some wireless testing.

doyler on Githubdoyler on Twitter
doyler

Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he’s done it all. To show for it, he has obtained an OSCP, eCPPT, eWPT, eWPTX, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!


He currently serves as a Senior Penetration Testing Consultant for SecureWorks. His previous position was a Senior Penetration Tester for a major financial institution.


When he’s not figuring out what cert to get next (OSCE?!) or side project to work on, he enjoys playing video games, traveling, and watching sports.


8 Comments

Filed under Security Not Included

8 Responses to New Alfa AWUS036NHA, configuring for Kali, and some scanning

  1. Darseet Garasia

    Hi,
    I followed the steps you mentioned but not able to get the Alpha adapter detected and work in Kali Linux.

    The Kali is in Virtualbox (latest), hosted on Windows 10.

    Below is the output..
    root@kali:~# ifconfig
    eth0: flags=4163 mtu 1500
    inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255
    inet6 fe80::a00:27ff:fea1:b6e6 prefixlen 64 scopeid 0x20
    ether 08:00:27:a1:b6:e6 txqueuelen 1000 (Ethernet)
    RX packets 6 bytes 1129 (1.1 KiB)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 34 bytes 2662 (2.5 KiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    lo: flags=73 mtu 65536
    inet 127.0.0.1 netmask 255.0.0.0
    inet6 ::1 prefixlen 128 scopeid 0x10
    loop txqueuelen 1 (Local Loopback)
    RX packets 20 bytes 1116 (1.0 KiB)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 20 bytes 1116 (1.0 KiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    root@kali:~#
    root@kali:~# iwconfig
    eth0 no wireless extensions.

    lo no wireless extensions.

    root@kali:~#
    root@kali:~# lsusb
    Bus 001 Device 003: ID 80ee:0021 VirtualBox USB Tablet
    Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
    root@kali:~#
    root@kali:~# lsmod
    Module Size Used by
    nls_utf8 16384 1
    isofs 40960 1
    udf 90112 0
    crc_itu_t 16384 1 udf
    fuse 98304 3
    nfnetlink_queue 24576 0
    nfnetlink_log 20480 0
    nfnetlink 16384 2 nfnetlink_log,nfnetlink_queue
    bluetooth 552960 0
    rfkill 24576 3 bluetooth
    vboxsf 49152 1
    ppdev 20480 0
    joydev 20480 0
    snd_intel8x0 40960 4
    snd_ac97_codec 126976 1 snd_intel8x0
    vboxvideo 53248 3
    ac97_bus 16384 1 snd_ac97_codec
    snd_pcm 110592 2 snd_ac97_codec,snd_intel8x0
    snd_timer 32768 1 snd_pcm
    ttm 98304 1 vboxvideo
    drm_kms_helper 155648 1 vboxvideo
    drm 360448 6 vboxvideo,ttm,drm_kms_helper
    parport_pc 28672 0
    sg 32768 0
    intel_rapl_perf 16384 0
    snd 86016 12 snd_ac97_codec,snd_timer,snd_intel8x0,snd_pcm
    evdev 24576 16
    serio_raw 16384 0
    pcspkr 16384 0
    vboxguest 282624 8 vboxsf,vboxvideo
    parport 49152 2 parport_pc,ppdev
    soundcore 16384 1 snd
    button 16384 0
    battery 20480 0
    video 40960 0
    ac 16384 0
    acpi_cpufreq 20480 0
    binfmt_misc 20480 1
    ip_tables 24576 0
    x_tables 36864 1 ip_tables
    autofs4 40960 2
    ext4 585728 1
    crc16 16384 2 bluetooth,ext4
    jbd2 106496 1 ext4
    crc32c_generic 16384 0
    fscrypto 28672 1 ext4
    ecb 16384 0
    mbcache 16384 2 ext4
    hid_generic 16384 0
    usbhid 53248 0
    hid 122880 2 hid_generic,usbhid
    sr_mod 24576 1
    cdrom 61440 1 sr_mod
    sd_mod 45056 3
    ata_generic 16384 0
    crct10dif_pclmul 16384 0
    crc32_pclmul 16384 0
    crc32c_intel 24576 2
    ghash_clmulni_intel 16384 0
    ata_piix 36864 1
    ahci 36864 2
    libahci 32768 1 ahci
    ohci_pci 16384 0
    ehci_pci 16384 0
    ohci_hcd 53248 1 ohci_pci
    ehci_hcd 81920 1 ehci_pci
    aesni_intel 167936 0
    psmouse 135168 0
    libata 249856 4 ahci,ata_piix,libahci,ata_generic
    scsi_mod 225280 4 sd_mod,libata,sr_mod,sg
    aes_x86_64 20480 1 aesni_intel
    lrw 16384 1 aesni_intel
    gf128mul 16384 1 lrw
    glue_helper 16384 1 aesni_intel
    ablk_helper 16384 1 aesni_intel
    cryptd 24576 3 ablk_helper,ghash_clmulni_intel,aesni_intel
    e1000 143360 0
    i2c_piix4 24576 0
    usbcore 249856 5 usbhid,ehci_hcd,ohci_pci,ohci_hcd,ehci_pci
    usb_common 16384 1 usbcore

    I installed, removed and reinstalled the drivers but still no success.
    Surprisingly, it was working last week and when i set it up that time, it was nothing extra i needed to do. It came up by itself.

    Please help out troubleshoot the issue.

    • It sounds like your USB device is not being passed through to Kali.

      Can you verify for me what your USB connections are by going to Devices -> USB in the VirtualBox menu?

  2. hi

    Kali detects the adapter and seems to enable monitor mode but when I run ifconfig I get the following:
    wlan0mon Link encap:Ethernet HWaddr 00:c0:ca:92:31:d8
    UP BROADCAST MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

    root@kali:~# airodump-ng wlan0mon
    ioctl(SIOCSIWMODE) failed: Device or resource busy

    ARP linktype is set to 1 (Ethernet) – expected ARPHRD_IEEE80211,
    ARPHRD_IEEE80211_FULL or ARPHRD_IEEE80211_PRISM instead. Make
    sure RFMON is enabled: run ‘airmon-ng start wlan0mon ‘
    Sysfs injection support was not found either.

    • Hmm, it seems like it is not actually properly entering monitor mode.

      First, try this:

      ifconfig wlan0 down
      iwconfig wlan0 mode monitor
      ifconfig wlan0 up
      iwconfig wlan0
      

      If it shows Mode: Monitor, then you should be good to go!

  3. Greg

    Great work, the pass-through worked flawlessly and I was up and running very quickly. The MAC funny enough would not recognize the device, the latest upgrade seemed to break may USB, Serial device as well as my fusion. Virtual-box is a great tool. Love that your lady puts stuff up to, great blog!

    • Great, I’m glad that you got it working quickly. That is definitely one of my favorite things about a lot of the Alfa cards. Definitely, and thanks for the comment!

      • James Gardiner

        Hi Doyler,

        I’m new to penetration testing and have recently been taking online course, however I installed Kali Linux on windows 10 recently which all went fine. The issue i have is when I try using the the alpha AWUS036NHA wireless adapter . I works fine on the host machine however it isn’t passing through to kali linux. Alot of the times the adapter just cuts off when I start Kali and when I boot up Kali and then connect the adapter it dosent switch on as it should. I’ve tried your steps above however with no success. Also I’ve noticed that the usb icon at the bottom right of the screen is showing no activity i.e red or green blinking dots and it states ‘No USB Devices Attached’. I’ve tried the method above several times on different ports also with no success. I’ve ran the following commands on the Kali terminal

        root@kali:~# ifconfig
        eth0: flags=4163 mtu 1500
        inet 10.0.2.4 netmask 255.255.255.0 broadcast 10.0.2.255
        inet6 fe80::a00:27ff:fe81:b1df prefixlen 64 scopeid 0x20
        ether 08:00:27:81:b1:df txqueuelen 1000 (Ethernet)
        RX packets 24 bytes 3721 (3.6 KiB)
        RX errors 0 dropped 0 overruns 0 frame 0
        TX packets 42 bytes 3860 (3.7 KiB)
        TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

        lo: flags=73 mtu 65536
        inet 127.0.0.1 netmask 255.0.0.0
        inet6 ::1 prefixlen 128 scopeid 0x10
        loop txqueuelen 1000 (Local Loopback)
        RX packets 20 bytes 1116 (1.0 KiB)
        RX errors 0 dropped 0 overruns 0 frame 0
        TX packets 20 bytes 1116 (1.0 KiB)
        TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

        and

        root@kali:~# iwconfig
        eth0 no wireless extensions.

        lo no wireless extensions.

        and

        root@kali:~# lsusb
        Bus 001 Device 002: ID 80ee:0021 VirtualBox USB Tablet
        Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub

        and

        root@kali:~# dmesg|tail
        [ 19.454999] ppdev: user-space parallel port driver
        [ 20.110861] snd_intel8x0 0000:00:05.0: white list rate for 1028:0177 is 48000
        [ 21.771797] Adding 2095100k swap on /dev/sda5. Priority:-1 extents:1 across:2095100k FS
        [ 21.840794] floppy0: no floppy controllers found
        [ 21.840906] work still pending
        [ 31.721980] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
        [ 31.727857] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
        [ 31.732518] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX
        [ 31.733166] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
        [ 182.628429] fuse init (API version 7.26)

        I also ran

        root@kali:~# airmon-ng start wlan0
        ls: cannot access ‘/sys/class/ieee80211/’: No such file or directory

        Found 2 processes that could cause trouble.
        If airodump-ng, aireplay-ng or airtun-ng stops working after
        a short period of time, you may want to run ‘airmon-ng check kill’

        PID Name
        473 NetworkManager
        503 dhclient

        PHY Interface Driver Chipset

        When I go into settings on the Vbox it does pick up the Atheros chipset from the Alpha adapter and I’m able to select it. However when I boot up Kali and go and select Atheros from the USB devices menu I get a ‘Failed to attach usb device to the virtual machine’ message stating that the usb device is busy with a previous request.

        I’ve tried various fixes on forum and youtube when I discovered this blog.

        Any help would be appriciated.

        Regards

        James

        • Hi James,

          It looks like you aren’t passing the USB device to Kali at all.

          First, are you attempting to pass the device to Kali automatically or manually each time?

          I’ve had the same issue with the busy devices, but usually disconnecting and reconnecting will fix that.

          First, try to connect the device manually.

          1. Plus the wireless card into your machine
          2. Go to Devices -> USB
          3. Select your USB adapter (the Atheros option)
          4. See if it shows up in Kali at all

          If that works, let me know, and we can try the automatic connections!

Leave a Reply

Your email address will not be published. Required fields are marked *

*