Jump to content

AWUS036NEH Kali Linux 2016.1 HELP


Firstnamegreat

Recommended Posts

Hello everyone. I would like to thank you for checking my post out in advance because I am having some serious issues that I can not figure out on my own or with the Kali Linux forms. I have even resulted in hours of Google searches:blink: I am a recent recipient of an AWUS036NEH wireless network adapter that I purchased specifically for network penetration testing. I have Kali linux 2016.1 installed on a live USB. I, for the life of me, can not figure out what is wrong with Kali Linux or my Network adapter that is sold and recommend by Hak5. 

I have a Macbook Pro 2015 13' with 8gb ram. The first problem I have is setting my internal card to work with monitor mode and packet injection. The guides I am following have not helped and I have literally run out of literature to to assist me in my quest for success.

I have been able to boot into Kali using the USB and successfully put my (External AWUS036NEH) network adapter into monitor mode. The second problem is when using reaver it will not associate with APs  and fails injection tests. (This card is recommended by Hack5 and the majority of Google for its out of the box compatibility in al aspects of pen testing)

The third problem is I tried to <apt-get update & apt-get- dist update> and the update works fine and so does apt-get dist update UNTIL the very end I get a message that my memory is running low and it fails shortly after. I was under the assumption that everything was being loaded to my usb which is 16GB and that should be more than enough to update and upgrade. 

Finally, when I actually get kali booted there is no boot menu to allow me to add persistence and when using the other method of installation that the Kali Linux recommends the boot menu is tiny and frozen at the top left hand corner of the screen. This method of installation to my USB is though the terminal command line with sudo dd. This results in a failed installation.

If anyone has any comments at all to assist me I would be more than grateful to hear them. In addition, ANY recommendations for forums to visit or chat channels to join.

I am a first year Computer Science major and consider myself very competent and I have been trying to figure this out for weeks. 

I can provide any screenshots or maybe a walk thru with someone willing.  Any knowledge will help please comment!

Link to comment
Share on other sites

First problem: What, specifically did you try and how did you tell that it wasn't doing what you expected it to do? What is the internal card in a macbook? Did you google to see if it might simply not support the stuff you want it to do?

Second problem: How are you executing reaver (what are the command line options you provide) and how did you discover it would not associate and/or inject?

Third problem: There's a difference between memory and storage. RAM is memory, USB is storage. Which of the 2 is running out?

Final problem: Maybe someone else can chime in on this, but you'd think that there's some walkthrough guide out there for getting Kali on a MacBook. When I google on the last 5 words of that previous sentence I get this which seems to be exactly what you need.

Link to comment
Share on other sites

Hey Cooper, thanks for the response and sorry I didn't write back sooner. I am now full concentrated on fixing the problem at hand.

Are you experienced at Kail linux? Just wondering?

First problem: I have the Broadcom BCM43602 standard internal wireless card. The  

echo 1 | sudo tee /proc/brcm_monitor0 method  does not work.

My ALPHA is not a knock off. The hologram is legit too.

I only have one ALPHA usb that I can not get to work for the injection test with airplay-ng although I can send deauth commands which proves injections work right?

I am monitoring  the AP with (airodump-ng -c 8 -w SCAN_test --bssid Macaddress wlan0)

..in another terminal I run (airplay-ng -0 0 -a macaddress wlan0) and I successfully send deauth commands

...when I stop sending death commands, No handshake appears in the airodump-ng terminal I first opened 

 

Link to comment
Share on other sites

On August 3, 2016 at 3:02 AM, cooper said:

First problem: What, specifically did you try and how did you tell that it wasn't doing what you expected it to do? What is the internal card in a macbook? Did you google to see if it might simply not support the stuff you want it to do?

Second problem: How are you executing reaver (what are the command line options you provide) and how did you discover it would not associate and/or inject?

Third problem: There's a difference between memory and storage. RAM is memory, USB is storage. Which of the 2 is running out?

Final problem: Maybe someone else can chime in on this, but you'd think that there's some walkthrough guide out there for getting Kali on a MacBook. When I google on the last 5 words of that previous sentence I get this which seems to be exactly what you need.

I can't use my card to crack wps enabled pins through reaver. It won't even capture a 4way handshake

Link to comment
Share on other sites

Could be the adapter.  Do you have access to another computer to try?

 

Don't bother trying anything with the built in adapter, Kali in a VM will only see it as a wired adapter.  Also check the chipset of your USB adapter.  Just because it's a specific model doesn't nessessarily mean it has the chipset you think it should.  They update them from time to time and use the old model number.

Edited by barry99705
Link to comment
Share on other sites

On 8/5/2016 at 6:23 PM, Firstnamegreat said:

...when I stop sending death commands, No handshake appears in the airodump-ng terminal I first opened 

 

But if you're doing something legal (which is rather a requirement here) you should also have access to the device you intended to de-auth. Did you actually notice this device getting de-authenticated? It wouldn't surprise me at all that you didn't see the handshake because the deauth didn't produce the result you were expecting it to.

Link to comment
Share on other sites

As per the below image, keep an eye on the ACKs (Acknowledgements) on the end of each line.

If the left hand number is much lower than the right hand number, you are either too far away from the access point or your signal is not strong enough. If the ACKs are closer to each other, such as the [61|64 ACKs] shown below, there is a much better chance of the deauth actually doing it's job. If it says something like [ 7|64 ACKs], then your deauths are not reaching their destination. Get a better antenna, increase the power (legally) or move closer.

Sometimes, like the below image, you can get lucky and find that one or two of them make it through, so occasionally running the deauth 100 times instead of a couple of times will get you success, but it's much noisier.

quackafella_wpapsk_5.png

Edited by haze1434
Link to comment
Share on other sites

10 hours ago, cooper said:

But if you're doing something legal (which is rather a requirement here) you should also have access to the device you intended to de-auth. Did you actually notice this device getting de-authenticated? It wouldn't surprise me at all that you didn't see the handshake because the deauth didn't produce the result you were expecting it to.

Actually had my phone connected to it so yes all my actions were permitted being the router is mine.

Link to comment
Share on other sites

6 hours ago, haze1434 said:

As per the below image, keep an eye on the ACKs (Acknowledgements) on the end of each line.

If the left hand number is much lower than the right hand number, you are either too far away from the access point or your signal is not strong enough. If the ACKs are closer to each other, such as the [61|64 ACKs] shown below, there is a much better chance of the deauth actually doing it's job. If it says something like [ 7|64 ACKs], then your deauths are not reaching their destination. Get a better antenna, increase the power (legally) or move closer.

Sometimes, like the below image, you can get lucky and find that one or two of them make it through, so occasionally running the deauth 100 times instead of a couple of times will get you success, but it's much noisier.

quackafella_wpapsk_5.png

Thank you for the knowledgeable response! I have never paid attention to those numbers, but I am pretty sure my commands are making it because I watch my phone that is connected to the AP and it loses wifi. Still no handshake in airdump-ng top right hand corner after I cease Deauth commands.

Link to comment
Share on other sites

1 minute ago, Firstnamegreat said:

Thank you for the knowledgeable response! I have never paid attention to those numbers, but I am pretty sure my commands are making it because I watch my phone that is connected to the AP and it loses wifi. Still no handshake in airdump-ng top right hand corner after I cease Deauth commands.

I am also having major trouble with the injection test. I have the AWUS036NEH sold on these fourms and it fails for some reason. I have kail updated and upgradaded.

Link to comment
Share on other sites

10 hours ago, haze1434 said:

As per the below image, keep an eye on the ACKs (Acknowledgements) on the end of each line.

If the left hand number is much lower than the right hand number, you are either too far away from the access point or your signal is not strong enough. If the ACKs are closer to each other, such as the [61|64 ACKs] shown below, there is a much better chance of the deauth actually doing it's job. If it says something like [ 7|64 ACKs], then your deauths are not reaching their destination. Get a better antenna, increase the power (legally) or move closer.

Sometimes, like the below image, you can get lucky and find that one or two of them make it through, so occasionally running the deauth 100 times instead of a couple of times will get you success, but it's much noisier.

quackafella_wpapsk_5.png

Might I also ask why you deauth command contains to MAC addresses?

 

Link to comment
Share on other sites

11 hours ago, Firstnamegreat said:

Might I also ask why your deauth command contains two MAC addresses?

This may be one of the reasons you're failing to get a handshake.

If you don't point your deauths at a specific MAC, it will just try to deauth all of the devices connected to your router, but this non-targeted attack is not very good at getting a handshake.

Think of it as a room full of people all shouting a poem at you. It just sounds like noise, and it's very difficult to make out what the poem's words are. It would be much better to focus in on one person and just listen to them. Then the poem's words are easy for your ears to capture.

You should be targeting your deauths at a specific MAC on the network, using the following (as an example);

aireplay-ng --deauth 100 -a [MAC of Router] -c [MAC of a device on network] wlan0

You should already be able to see some of the MACs on the network from the command to capture said handshake;

airodump-ng -c 1 --bssid [MAC of Router] wlan0

 

Also, are you running both at the same time? You'll need to deauth and capture at the same time to get the handshake, not run a deauth and then run a capture. Either use two terminals (Terminator is good for this), or I've also had success with one terminal with an ampersand (&) in between each command.

Edited by haze1434
Link to comment
Share on other sites

9 hours ago, haze1434 said:

This may be one of the reasons you're failing to get a handshake.

If you don't point your deauths at a specific MAC, it will just try to deauth all of the devices connected to your router, but this non-targeted attack is not very good at getting a handshake.

Think of it as a room full of people all shouting a poem at you. It just sounds like noise, and it's very difficult to make out what the poem's words are. It would be much better to focus in on one person and just listen to them. Then the poem's words are easy for your ears to capture.

You should be targeting your deauths at a specific MAC on the network, using the following (as an example);


aireplay-ng --deauth 100 -a [MAC of Router] -c [MAC of a device on network] wlan0

You should already be able to see some of the MACs on the network from the command to capture said handshake;


airodump-ng -c 1 --bssid [MAC of Router] wlan0

 

Also, are you running both at the same time? You'll need to deauth and capture at the same time to get the handshake, not run a deauth and then run a capture. Either use two terminals (Terminator is good for this), or I've also had success with one terminal with an ampersand (&) in between each command.

Thank you very much for the detailed response. Everything is work great now! Another question though...how do I get reaver to work or another option to crack my WPS pin and then possibly pass it to another Kali Linux program to hash the pass phrase?

Link to comment
Share on other sites

I would recommend using HashCat, as it utilizes your GPU, which is often much faster than the CPU.

Once you've captured the handshake with aireplay-ng, as above, a .cap file will be generated. Convert this to a .hccap file using this, or;

aircrack-ng [foo.cap] -J [bar.hccap]

Then use Hashcat (or oclHashCat on a Windows machine) to crack it. Full details are included in the Wiki on those links, as well as the downloads.

Link to comment
Share on other sites

On August 10, 2016 at 2:41 AM, haze1434 said:

I would recommend using HashCat, as it utilizes your GPU, which is often much faster than the CPU.

Once you've captured the handshake with aireplay-ng, as above, a .cap file will be generated. Convert this to a .hccap file using this, or;


aircrack-ng [foo.cap] -J [bar.hccap]

Then use Hashcat (or oclHashCat on a Windows machine) to crack it. Full details are included in the Wiki on those links, as well as the downloads.

I have the basic ALFA AWUS036NEH with a stock 5dbi antenna. If I was to upgrade to a 9dbi omni directional, would that help with packet injection. I have researched and it seems that 5dbi is really for receiving power and not transmission. Do you have an opinion about the ALPA NHA?

Link to comment
Share on other sites

if you are going to run Kali on your macbook you need to install it first and then disable SIP through recovery partition and then download and install rEFInd through the command terminal. That is what I do and the only problem I have is that you cant put the macbook wifi into monitor mode, so you need to use a USB wifi card for things of that nature.

Link to comment
Share on other sites

2 hours ago, b0N3z said:

if you are going to run Kali on your macbook you need to install it first and then disable SIP through recovery partition and then download and install rEFInd through the command terminal. That is what I do and the only problem I have is that you cant put the macbook wifi into monitor mode, so you need to use a USB wifi card for things of that nature.

I have it running in virtual box now. But at the time I couldn't even access the gui boot menu in the live USB. It just bypassed everything

Link to comment
Share on other sites

32 minutes ago, Firstnamegreat said:

I have it running in virtual box now. But at the time I couldn't even access the gui boot menu in the live USB. It just bypassed everything

it took me a while to get the usb to boot successfully and get through the install.  The macbook does not like to boot that for some reason but never once had a problem with ubuntu or mint.  i think i tryed to boot and install, shut down try the other usb port, probably like 50 times before it actually got through the install. After it was installed there were many options on how to install rEFInd but I just held down the option key and booted to mac to install it.  Its a little tricky but once its done it works great.  I dont know how well it will work with the new file system that apple is implementing in the next macOS update to 10.12 this sept.  They like to make things difficult. 

 

Also you could try to install the drivers for the Alfa to run in mac and check to see if Homebrew or Macports has any of the programs that you want to use. I had to disable SIP to get the drivers for the Alfa to work and it was a pain in the ass.

Edited by b0N3z
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...