I recently picked up a new Alfa AWUS036NHA to play with for wireless testing, scanning, and general signal boosting.
Alfa AWUS036NHA – Hardware
To start, the Alfa AWUS036NHA I ordered came with a 9dBi antenna, which was awesome.
Once I got the device out of the box, I hooked it up to my workstation.
After I connected the card, VirtualBox detected it for USB pass-thru.
First, I wanted to set up a device filter so that it would automatically be connected to my VM.
That said, I ran into some issues with the default filter, so I had to create a blank filter with the proper values.
Once I created a new blank filter, I just added the appropriate Vendor ID and Product ID and saved it.
After I had the device filter setup, I detached the device from my workstation and logged into Kali. As you can see, there are no wireless devices connected to my VM yet.
I then connected my device to my workstation, VirtualBox detected it, and then automatically passed on to the VM.
To verify the connection, I again ran iwconfig and had a wlan0 device this time.
With everything properly connected and configured, it was time to set up monitor mode. To do this, I started airmon-ng on the wlan0 device.
[email protected]:~# airmon-ng start wlan0 Found 3 processes that could cause trouble. If airodump-ng, aireplay-ng or airtun-ng stops working after a short period of time, you may want to run 'airmon-ng check kill' PID Name 407 NetworkManager 629 dhclient 1025 wpa_supplicant PHY Interface Driver Chipset phy0 wlan0 ath9k_htc Atheros Communications, Inc. AR9271 802.11n (mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon) (mac80211 station mode vif disabled for [phy0]wlan0)
I verified the monitor mode device by running ifconfig and viewing the output.
Once I put the device properly in monitor mode, then I ran airodump!
[email protected]:~# airodump-ng wlan0mon
After letting this run for a while, I had a fair amount of SSIDs and beacons detected! Unfortunately, nothing in my immediate vicinity was running WEP.
Finally, I ran Wash to find out if there were any weak WPS devices that I could use to test out my new card.
[email protected]:~# wash -i wlan0mon Wash v1.5.2 WiFi Protected Setup Scan Tool Copyright (c) 2011, Tactical Network Solutions, Craig Heffner
mod by t6_x & DataHead & Soxrok2212 BSSID Channel RSSI WPS Version WPS Locked ESSID --------------------------------------------------------------------------------------------------------------- EC:xx:xx:xx:xx:xx 1 00 1.0 Yes DI... 2C:xx:xx:xx:xx:xx 3 00 1.0 No NET... F8:xx:xx:xx:xx:xx 5 00 1.0 No ATT... C8:xx:xx:xx:xx:xx 6 00 1.0 No Hall... FC:xx:xx:xx:xx:xx 1 00 1.0 No Cas... B0:xx:xx:xx:xx:xx 1 00 1.0 No NET... 38:xx:xx:xx:xx:xx 5 00 1.0 No ATT... 20:xx:xx:xx:xx:xx 9 00 1.0 No Blue... C0:xx:xx:xx:xx:xx 0 00 1.0 No Link... DC:xx:xx:xx:xx:xx 11 00 1.0 No ATT... 44:xx:xx:xx:xx:xx 11 00 1.0 No wil... 94:xx:xx:xx:xx:xx 11 00 1.0 No SHOP... 70:xx:xx:xx:xx:xx 11 00 1.0 No TC8... 34:xx:xx:xx:xx:xx 6 00 1.0 No WIFI... F8:xx:xx:xx:xx:xx 9 00 1.0 No ATT... 48:xx:xx:xx:xx:xx 6 00 1.0 No WIFI...
Unfortunately, no low hanging fruit there either.
All in all, an easy to set up and use device that I’m looking forward to playing with for some wireless testing.
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he’s done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!
He currently serves as a Senior Staff Adversarial Engineer for Avalara, and his previous position was a Principal Penetration Testing Consultant for Secureworks.
This page contains links to products that I may receive compensation from at no additional cost to you. View my Affiliate Disclosure page here. As an Amazon Associate, I earn from qualifying purchases.