Metalhedzor Posted October 27, 2015 Share Posted October 27, 2015 (edited) Sup? So I bought an alfa awus036h last week and after patient anticipation it came in and I was like, totally. fangirling. Here's the beef. I'm running Kali Linux 32bit on a HP5101 as it's main OS. I know, crazy. ifconfig reads out: eth0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 ether d8:d3:85:21:39:50 txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device interrupt 19 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 0 (Local Loopback) RX packets 28 bytes 1600 (1.5 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 28 bytes 1600 (1.5 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 wlx00c0ca82c338: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 <---- this is the alfa ether 00:c0:ca:82:c3:38 txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 Now, clearly it shouldn't say naughty things like this. So I did some research and discovered wireless-compat which I downloaded, unpacked, yada yada and it went smoothly, but did nothing for me. I should also mention the light on the adapter is flickering and definitely not shining as bright as it could, but when i plug it into my desktop it shines with the power of a 1000 suns. This leads me to believe it could be some power issue? Let me also note that wlx00c0ca82c338 will go into monitor mode. It won't do anything but it does, and an aireplay-ng -9 wlx00c0ca82c338mon does show in fact it is NOT injecting. And for those who may not know, the chipset is a Realtek8187. I'm not entirely sure what other information I can post to help you help me, but im more than willing to cough up anything you need short of my debit card number and social. Thanks in advance. Edited October 27, 2015 by Metalhedzor Quote Link to comment Share on other sites More sharing options...
cooper Posted October 28, 2015 Share Posted October 28, 2015 Well, it's interesting to see what dmesg says when you plug it in. If it's a power issue I expect the OS to constantly detect the device then disconnect it and then detect it again. If it's indeed a power issue you can quickly and cheaply test it by buying a powered USB hub, which might not be a bad idea regardless. Alternatively, if you have a few spare USB ports on your HP, you can try one of these (I get the UK version of amazon because it's nearest I suspect). Note that you can use udev rules to provide a sensible name to the device, but I personally rather feel that the os should be providing a proper name from the start anyway. Maybe Kali is weird that way? Quote Link to comment Share on other sites More sharing options...
barry99705 Posted October 28, 2015 Share Posted October 28, 2015 I find it weird that it didn't come with one of those usb adapters. I have a clone of one of this radio and it came with a dual powered usb cable. Quote Link to comment Share on other sites More sharing options...
Metalhedzor Posted October 28, 2015 Author Share Posted October 28, 2015 Hey guys thanks for the reposnses. Cooper, i actually did try dmesg as well. But forgot to post it, I'm at work right now so I'll post dmesg output up later today. One of the sranger things dmesg told me was something about the adapter being "renamed from wlan1", cant remember entirely. Quote Link to comment Share on other sites More sharing options...
cooper Posted October 28, 2015 Share Posted October 28, 2015 That's probably because udev knows about a device that you inserted previously for which it chose wlan1 as a device name and, seeing that this isn't that device, it renamed it to something else. either way, the component that logged that message is udev, and you need to look at it for a solution. Quote Link to comment Share on other sites More sharing options...
Metalhedzor Posted October 28, 2015 Author Share Posted October 28, 2015 So how would i get udev to change the name to something thats not gibberish? Also, and I'm sorry if I'm being a pain but you seem to help a alot on these forums so, I had it plugged into my computer and iwconfig showed it was transmititng off the bat at 30dbm, i was shocked and looked at my wireless networks available and was pleasently surprised at what I saw, with the default 4db antenna I could reach my neighbors across the street at 3/4 power... holy balls. But plugging it into my friends laptop where it came up as wlan1, iwconfig showed 20dbm and it was unable to change. Why would it be able to be 30dbm on mine, but not on his... Quote Link to comment Share on other sites More sharing options...
cooper Posted October 28, 2015 Share Posted October 28, 2015 "it was unable to change" Is your friend running Kali too? Some distros include stuff that somehow detects where you are and ensures your transmission strength stays within those strict bounds. Fixing the interface name via udev. It says "for debian" but the concept should be very similar. Quote Link to comment Share on other sites More sharing options...
fugu Posted October 28, 2015 Share Posted October 28, 2015 you should inspect the plastic case of the adapter with a magnify lens to see if it's been opened before. Quote Link to comment Share on other sites More sharing options...
Metalhedzor Posted October 28, 2015 Author Share Posted October 28, 2015 Yeah cooper he is running Kali, and fugu, I don't see the relevance. Maybe you can elaborate why? Also I found this in case anyone might happen to stumble upon this post wondering about changing tx power. Apparently there's a bug someone found that causes crda to output an error and overlook the preset world code when the adapter gets plugged in. https://forums.kali.org/showthread.php?25840-For-those-having-trouble-setting-tx-power-and-or-country-for-crda Here's a step by step walk through of the process as well as the bash code. Quote Link to comment Share on other sites More sharing options...
cooper Posted October 29, 2015 Share Posted October 29, 2015 (edited) Yeah cooper he is running Kali, and fugu, I don't see the relevance. Maybe you can elaborate why? The maximum transmission power of your wifi device is location-dependant. However how is a card to know where it is? Typically you just tell it. You're in "BO" (Bolivia? Bonaire? Whatever. Some shit stain on the earth with little regulations on wifi strength) and you can crank that puppy up to 11. What some OSes, like that one from Redmond do is look at things like the configured timezone or a geolocation result of your public ip address to figure out where you are and tell the card, on your behalf, what the regional settings for transmission power should be. Oh, and by doing this they disable your ability to change this on the card. I'm fairly certain some of the big consumer-level Linux distros use tools with a similar goal - odhere to the standard. Kali of course won't do that because it's counter to the point of that distro, which is why I asked. Edited October 29, 2015 by cooper Quote Link to comment Share on other sites More sharing options...
vailixi Posted October 31, 2015 Share Posted October 31, 2015 Some installs you just have to plug the thing in. With older versions of Kali I had to preup the wireless card with a spoofed MAC address because once I downed it, it would not come back up. So I could only change the MAC address once and I could not change it on the fly with macchanger. I mentioned this in the Kali forum and one of the devs must have read the post. When I installed the newer Kali version the issue was fixed and my wireless dongle works perfectly. So I do recommend mentioning the bug on Kali.org. There are a lot of people who pentest wireless with ALFAs. Quote Link to comment Share on other sites More sharing options...
fugu Posted November 9, 2015 Share Posted November 9, 2015 I don't see the relevance. Maybe you can elaborate why? I have an alfa networks wifi adapter thats been "tampered" with. After lending it to a "friend" who kept it for a week, I got suspicious and set up a fresh computer to try it out on, with minimal and unique fake information on. That minimal and unique data was leaked and I discovered that although at first glance it looked identical to when I gave it to him, I did notice something strange. All of the surface mount components had slid just a little bit, all in the same direction, as though the card had be placed in a desoldering over, and the surface was not completely level. I have yet to have the card tested by a professional. Quote Link to comment Share on other sites More sharing options...
cooper Posted November 9, 2015 Share Posted November 9, 2015 Define "leaked"? Quote Link to comment Share on other sites More sharing options...
fugu Posted November 9, 2015 Share Posted November 9, 2015 Something was going on at the store I was working at, (retail sales). Different people, strangers even kept coming into the store and in casual conversations started mentioning details of various things I had google searched for on the internet, youtube videos, websites I'd had visited. Two of these strangers described in detail the firewall configuration of this particular computer. How ballzy would someone have to be to talk to me after intentionally breaking into my computer? Quote Link to comment Share on other sites More sharing options...
cooper Posted November 10, 2015 Share Posted November 10, 2015 I have a bit of a difficult time believing some random fuckwad would put in the effort of doing a hardware mod of sorts on a wifi adapter and in doing so allow the device to hack the machine even though it's still being accessed by the computer as a fully working wifi adapter. Shifting the surface-mounted components all in the same direction might have been caused by him leaving the adapter on the dash of his parked car during a sunny day. Paranoia is good, but I think you're overdoing it here. Someone might've hacked one or more boxes in the store and is using that as a pivot point. Quote Link to comment Share on other sites More sharing options...
fugu Posted November 10, 2015 Share Posted November 10, 2015 Someone might've hacked one or more boxes in the store and is using that as a pivot point. Im not sure what you mean here. The computer I tested it on never left my house and had a fresh install on it. I had a test wifi access point setup with a very secure password. The only component that left the house was the wifi adapter. I generated random traffic over the network. And after the attack, I discovered a persistent backdoor hidden in /sbin/dhclient that could have only gotten there one way (dhclient was the only server service I left running). The computer was never on the internet. Quote Link to comment Share on other sites More sharing options...
cooper Posted November 10, 2015 Share Posted November 10, 2015 So you installed from a potentially compromised medium or another machine on the network has been hacked and the hacker used this machine as a pivot point (beach-head, jumping-off point, place within your network from where to continue to dig deeper and/or sideways within your network) to attack the machine which you consider otherwise secure. That backdoor got in there somehow, and I think you're jumping the gun by assuming it MUST be the wifi adapter, specifically because this is more a 3-letter agency hack than Mr. Jack Hoff trying to impress you. Quote Link to comment Share on other sites More sharing options...
fugu Posted November 11, 2015 Share Posted November 11, 2015 Shifting the surface-mounted components all in the same direction might have been caused by him leaving the adapter on the dash of his parked car during a sunny day.It was the middle of winter. Even on the sunniest of days it was still below freezing in the car. Quote Link to comment Share on other sites More sharing options...
barry99705 Posted November 11, 2015 Share Posted November 11, 2015 Shifting the surface-mounted components all in the same direction might have been caused by him leaving the adapter on the dash of his parked car during a sunny day. If it got that hot, the car should have been on fire. Just because the components aren't centered doesn't mean anybody messed with the board. Just means the board wasn't centered in the fixture when the robot placed them. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.