43,19 €
Mehr erfahren.
- Herausgeber: Packt Publishing
- Kategorie: Wissenschaft und neue Technologien
- Sprache: Englisch
Test your wireless network's security and master advanced wireless penetration techniques using Kali Linux
About This Book
- Develop your skills using attacks such as wireless cracking, Man-in-the-Middle, and Denial of Service (DOS), as well as extracting sensitive information from wireless networks
- Perform advanced wireless assessment and penetration tests
- Use Embedded Platforms, Raspberry PI, and Android in wireless penetration testing with Kali Linux
Who This Book Is For
If you are an intermediate-level wireless security consultant in Kali Linux and want to be the go-to person for Kali Linux wireless security in your organisation, then this is the book for you. Basic understanding of the core Kali Linux concepts is expected.
What You Will Learn
- Fingerprint wireless networks with the various tools available in Kali Linux
- Learn various techniques to exploit wireless access points using CSRF
- Crack WPA/WPA2/WPS and crack wireless encryption using Rainbow tables more quickly
- Perform man-in-the-middle attack on wireless clients
- Understand client-side attacks, browser exploits, Java vulnerabilities, and social engineering
- Develop advanced sniffing and PCAP analysis skills to extract sensitive information such as DOC, XLS, and PDF documents from wireless networks
- Use Raspberry PI and OpenWrt to perform advanced wireless attacks
- Perform a DOS test using various techniques and tools
In Detail
Kali Linux is a Debian-based Linux distribution designed for digital forensics and penetration testing. It gives access to a large collection of security-related tools for professional security testing - some of the major ones being Nmap, Aircrack-ng, Wireshark, and Metasploit.
This book will take you on a journey where you will learn to master advanced tools and techniques to conduct wireless penetration testing with Kali Linux.
You will begin by gaining an understanding of setting up and optimizing your penetration testing environment for wireless assessments. Then, the book will take you through a typical assessment from reconnaissance, information gathering, and scanning the network through exploitation and data extraction from your target. You will get to know various ways to compromise the wireless network using browser exploits, vulnerabilities in firmware, web-based attacks, client-side exploits, and many other hacking methods. You will also discover how to crack wireless networks with speed, perform man-in-the-middle and DOS attacks, and use Raspberry Pi and Android to expand your assessment methodology.
By the end of this book, you will have mastered using Kali Linux for wireless security assessments and become a more effective penetration tester and consultant.
Style and approach
This book uses a step-by-step approach using real-world attack scenarios to help you master the wireless penetration testing techniques.
Sie lesen das E-Book in den Legimi-Apps auf:
Seitenzahl: 299
Veröffentlichungsjahr: 2016
Ähnliche
Table of Contents
Mastering Kali Linux Wireless Pentesting
Mastering Kali Linux Wireless Pentesting
Copyright © 2016 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: February 2016
Production reference: 1180216
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-78528-556-1
www.packtpub.com
Credits
Authors
Brian Sak
Jilumudi Raghu Ram
Reviewers
Deepanshu Khanna
Rajshekhar Murthy
Commissioning Editor
Veena Pagare
Acquisition Editor
Meeta Rajani
Content Development Editor
Amey Varangaonkar
Technical Editor
Mohit Hassija
Copy Editor
Stuti Srivastava
Project Coordinator
Suzanne Coutinho
Proofreader
Safis Editing
Indexer
Hemangini Bari
Graphics
Kirk D'Penha
Production Coordinator
Shantanu N. Zagade
Cover Work
Shantanu N. Zagade
About the Authors
Brian Sak, CCIE #14441 (Security), is a 20-year information security veteran who currently works as a technical solutions architect for Cisco Systems. At Cisco Systems, he is engaged in solution development, and he consults with Cisco partners to help them build and improve their processes and services in the areas of big data analytics and digitization. Prior to joining Cisco Systems, Brian performed security consulting, penetration testing, and security assessment services for large financial institutions, US government agencies, and enterprises in the Fortune 500. In addition to numerous security and industry certifications, he has a bachelor's of science degree in information technology, with an emphasis on information security, and a master's of science degree in information security and assurance. He is also a contributor to The Center for Internet Security and other publications by Packt and Cisco Press.
I would like to thank my amazing wife, Cindy, and children, Caden and Maya, for all the love and support that enabled me to take the time to make this book a reality. Thank you for allowing me to pursue yet another "special project" that eats into our already limited family time. I would also like to thank the fine folks at Packt Publishing for taking the chance and allowing your technical reviewer to step up and author the remaining content of this book. I know it was a risk to ask your pit crew, "Is there anyone out there who wants to go fast?" and for that, I am extremely grateful.
Jilumudi Raghu Ram is a security analyst with over 5 years of experience in the information security domain, with a strong knowledge of incident response, digital forensics, network security, infrastructure penetration testing, and Secure configuration audits. He has conducted security audits for more than 70 networks, both internal and external, re-audits, secure configuration reviews, and server audits (Linux and Windows) for various organizations. One of his major clients has been the Government of India, where his team was responsible for conducting penetration testing assignments for various government bodies, as well as preparing vulnerability assessment and penetration testing reports, and supporting the clients to fix those vulnerabilities.
Raghu Ram's areas of expertise include incident response, digital forensics, threat research, penetration testing, vulnerability assessment, dynamic malware analysis, intrusion detection systems, and security operations monitoring.
Raghu Ram has written various articles related to information security in the Hindu Group magazine Frontline. He also maintains his own website dedicated to Penetration Testing - www.wirelesspentest.com
I am greatly indebted to my mother, Bhuvaneswari, and brother, Yuva Kishore Reddy, for bringing me up and giving me the freedom to follow my passions. I would also like to thank UshaSree and my uncles Karunananda Reddy, Ganapathi Reddy, and Pratap Kumar Reddy for helping me to continue my studies.
About the Reviewer
Deepanshu Khanna is an Appin Certified Information Security Expert (ACISE) with 2 years of experience in designing, implementing, and troubleshooting network, web, and operating system infrastructures and implementing mechanisms for the security of web, network, and OS technologies. His core competencies include wireless security, cryptanalysis, vulnerability evaluation, and firewall configuration, among other skills.
He has a proven record of evaluating system vulnerabilities in order to recommend security improvements as well as improve efficiency while aligning business processes with network design and infrastructure. He has the ability to solve complex problems involving a wide variety of information systems, work independently on large-scale projects, and thrive under pressure in fast-paced environments while directing multiple projects from the concept to the implementation.
Deepanshu has conducted various workshops and seminars on antivirus, vulnerability assessment, penetration testing, cyber crime investigation, and forensics at various institutions all across India. He is a frequent guest at various engineering colleges, where he delivers sessions on intrusion detection systems.
You can reach out to Deepanshu on his Linkedin profile at https://in.linkedin.com/in/deepanshukhanna.
www.PacktPub.com
eBooks, discount offers, and more
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at <[email protected]> for more details.
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
https://www2.packtpub.com/books/subscription/packtlib
Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can search, access, and read Packt's entire library of books.
Why subscribe?
Preface
This book demonstrates how to perform a successful wireless assessment utilizing a selection of open source tools. Readers, from beginners to seasoned professionals, will gain an understanding of the tools and techniques used to discover, crack, and exploit wireless networks as well as learn how to extract sensitive information from the wireless traffic and the clients themselves. Wireless networks are nearly always in scope as part of a comprehensive security assessment and require special consideration and a different skill set than other aspects of the assessment. You will learn the language and technologies that differentiate 802.11 networks and be introduced to the specialized applications used to test them. This book is built around gaining hands-on experience with Kali Linux, and each chapter contains many step-by-step examples on the use and mastery of the wireless assessment tools included with this distribution.
What this book covers
Chapter 1, Wireless Penetration Testing Fundamentals, introduces you to the hardware, software, and terminology associated with wireless penetration tests. It guides you through deploying Kali and verifying your wireless hardware required to conduct a successful wireless assessment.
Chapter 2, Wireless Network Scanning, covers the steps that are to be performed in order to discover, identify, and catalog wireless networks and clients that are in the scope of your penetration test.
Chapter 3, Exploiting Wireless Devices,describes weaknesses that may be present in the wireless equipment itself and tools and techniques you can use to exploit these weaknesses.
Chapter 4, Wireless Cracking, digs into the interception of wireless key exchanges and authentication between the clients and the infrastructure. It also shows you practical techniques to crack these various security mechanisms and expose the encrypted data transmissions.
Chapter 5, Man-in-the Middle Attacks,explains and demonstrates ways to extract sensitive information from the clients who are using the wireless infrastructure by enabling you to intercept their traffic and manipulate critical network resources.
Chapter 6, Man-in-the Middle Attacks Using Evil Twin Access Points, expands on the previous chapter by showing you techniques to set up a parallel wireless infrastructure to emulate the production network. This enables additional attacks against the clients utilizing the wireless network.
Chapter 7, Advanced Wireless Sniffing, covers the use of traffic captures and decryption as a means to extract sensitive information from the data that is traversing the wireless network. Tools and techniques used to collect and analyze the data are provided.
Chapter 8, Denial of Service Attacks,discusses the use of targeted or broad disruptions in the performance or availability of the wireless network as an element of a wireless assessment.
Chapter 9, Wireless Pen-Testing from Non-Traditional Platforms,expands upon the previous chapters and introduces additional hardware and software platforms that can be used during a wireless assessment, including Raspberry Pi and Android devices.
What you need for this book
This book covers the use of Kali Linux to conduct wireless penetration tests. The theory and explanations of the wireless technologies and applications are covered in each of the chapters; however, if you'd like to follow along with the provided examples, you will need some equipment. Chapter 1, Wireless Penetration Testing Fundamentals covers the hardware and software requirements for a wireless penetration test and should be sufficient to provide a list of prerequisites for the chapters that follow. In general, you will need a laptop running the Kali Linux distribution and a supported wireless adapter to follow along with the activities and tests described in this book.
Who this book is for
This book is intended for security professionals who actively conduct security assessments or penetration tests for their clients and would like to learn more about the security considerations for wireless network environments. This book will also be useful for those looking to get into the information security profession as it walks the reader step by step through many scenarios that are common when assessing wireless security.
Conventions
In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning.
Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "The iw command is used to show or manipulate wireless devices and their configurations."
A block of code is set as follows:
Any command-line input or output is written as follows:
New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: "We will now import the new image into VirtualBox. Navigate to File | Import Appliance… from the VirtualBox application."
Note
Warnings or important notes appear in a box like this.
Tip
Tips and tricks appear like this.
Reader feedback
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of.
To send us general feedback, simply e-mail <[email protected]>, and mention the book's title in the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.
Customer support
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Downloading the example code
You can download the example code files for this book from your account at http://www.packtpub.com. If you purchased this book elsewhere, you can visit http://www.packtpub.com/support and register to have the files e-mailed directly to you.
You can download the code files by following these steps:
Once the file is downloaded, please make sure that you unzip or extract the folder using the latest version of:
Downloading the color images of this book
We also provide you with a PDF file that has color images of the screenshots/diagrams used in this book. The color images will help you better understand the changes in the output. You can download this file from https://www.packtpub.com/sites/default/files/downloads/MasteringKaliLinuxWirelessPentesting_ColorImages.pdf.
Errata
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title.
To view the previously submitted errata, go to https://www.packtpub.com/books/content/support and enter the name of the book in the search field. The required information will appear under the Errata section.
Piracy
Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at <[email protected]> with a link to the suspected pirated material.
We appreciate your help in protecting our authors and our ability to bring you valuable content.
Questions
If you have a problem with any aspect of this book, you can contact us at <[email protected]>, and we will do our best to address the problem.
Chapter 1. Wireless Penetration Testing Fundamentals
Before you begin to scan, inject, crack, sniff, spoof, and DoS (Denial of Service) wireless networks, it helps to have an understanding of the fundamentals of conducting a wireless assessment. You should have an understating of the equipment you will need, the environment where the assessment will occur, and the basics of the regulatory standards for wireless communication. This book is a collection of practical applications that tell you how one would go about actually testing the security of wireless networks. It should be mentioned upfront that it is intended to provide some guidance for wireless security professionals and those who are looking to learn what it takes to attack and defend against wireless threats. It probably goes without saying, however, that before you proceed to try any of what you are about to learn against a production network, or any equipment you do not own, you must get written permission from the organization or individual you are providing the wireless assessment for. Unauthorized wireless cracking, traffic capture, or any other attacks that will be presented are a good way to find yourself in hot water and are not condoned or intended by the authors or the publisher of this content. This chapter will set the stage and help guide you through the basics of wireless communication, selecting the hardware that will provide you with all of the functionality required to conduct a wireless pentest, the procurement and installation of Kali Linux, the security professional's distribution of choice, and finally, validating that our configuration is sound and supports all of the tools we will be using throughout this publication.
We will cover the following topics in this chapter:
Wireless communication
The term wireless can be construed in many different ways depending on who you are speaking to. In general, this can encompass any transmission of data using a technology where the sender and the receiver of the data are not connected by a physical medium. From an information technology context, this will cover technologies such as microwave, cellular, mobile broadband, Bluetooth, LoRa, Zigbee, and of course, Wi-Fi, or Wireless Fidelity. While some of the other areas of wireless are intriguing from a security perspective, we have chosen to keep the scope of this book down to only Wi-Fi technologies. This section will discuss the basics of Wi-Fi communications and the protocols and standards at a level appropriate for security professionals. Thankfully for us, we are able to benefit from lots of work done by our electrical engineering and software engineering counterparts, who have reduced the complexity of magically sending packets through the air at great speeds down to something manageable.
Let's start by discussing the wireless LAN networking technology defined by the IEEE 802.11 working group. Wireless Local Area Networks, typically referred to simply as WLANs, are very popular technologies that are used to create a network of clients and devices that do not require each host to be connected to the network via a wired Ethernet connection. The biggest advantages of WLANs are their ease of use, low cost of deployment, and dynamic operational model. As mentioned, WLANs are easy to deploy, and even home users can buy an access point and start networking it with available mobile devices, such as laptops, smartphones, and tablets, with little skill and in a short amount of time. It's typically just a matter of plugging in the access point and correctly configuring your mobile devices, and the WLAN will be operational within a few minutes. For WLANs in a corporate environment, many of the same principles apply, though the complexity and security considerations will typically increase linearly to the size of the deployment. Organizations typically have many access points and configurations to manage, and it's common to see them deployed, leveraging a controller model to ensure consistency. While this model varies from what you will typically see in a residential or SMB scenario, the underlying technologies (and weaknesses) still exist. To better understand the security risks associated with WLANs, we need to know how wireless stations and clients communicate and the underlying technologies that enable this communication.
Some WLAN components are as follows:
The preceding components alone provide the hardware required to build a WLAN. From a software perspective, wireless drivers and firmware on access points enable this hardware, and an operating system and an application stack will provide the management, user control, encryption, and other functionalities.
As we look at the security considerations for each part of the stack that enables wireless connectivity, we have to ensure that all components are scrutinized. It is possible that vulnerabilities in something as fundamental as device drivers may lead to the compromise of the AP or client. Additionally, firmware in an access point can potentially be infected with malware, which can lead to the compromise of the clients that are connected to them. If you are a security professional reading this book, to be better informed and better understand how to test and protect a wireless network you are responsible for, subsequent chapters will provide you with some guidance on known vulnerabilities, what to look out for, and operational best practices in addition to the demonstrated penetration testing exercises.
Wireless standards
The Wi-Fi Alliance (www.wi-fi.org) is an organization that supports and certifies wireless technologies to ensure interoperability between vendors, and it has been instrumental in bringing Wi-Fi to homes and businesses around the world. Early implementations of wireless technologies for network communications were hampered by interoperability issues and conflicting implementations because the IEEE did not have the testing equipment to ensure compliance with its standards. This led to the creation of the Wireless Ethernet Compatibility Alliance, or WECA, who were promoting a new higher speed standard for wireless communication, which ultimately became 802.11b. WECA was rebranded in 2002 as the Wi-Fi Alliance continues to validate and certify wireless technologies until this day in order to ensure interoperability and promote standards in the industry. Today, wireless networking technologies used to implement WLANs (Wireless Local Area Networks) are organized under the IEEE 802.11 specifications. They are an alphabet soup of protocols that define the frequencies, transmission rates, bandwidth, and modulation of the wireless communications. The following is a list of the protocols we will be focusing on in this book and those that are the most relevant to wireless security professionals:
Protocol
Frequency
Bandwidth
Maximum data rate
Modulation
802.11b
2.4 GHz
22 MHz
11 Mbps
DSSS
802.11a
5 GHz
20 MHz
54 Mbps
OFDM
802.11g
2.4 GHz
20 MHz
54 Mbps
OFDM
802.11n
2.4 or 5 GHz
20 or 40 MHz
150 Mbps
OFDM
802.11ac
5 GHz
20, 40, 80, or 160 MHz
866.7 Mbps
OFDM
In the preceding table, DSSS indicates Direct-Sequence Spread Spectrum, and OFDM is Orthogonal Frequency-Division Multiplexing. These technologies refer to how the radio allocates the bandwidth to transmit the data over the air. Again, a big thanks to wireless engineers for incorporating this complexity into a standard so that we don't necessarily need to know exactly how this works in order to send and receive packets wirelessly.
As we get into wirelessly capturing packets from the air, the concept of channels will come into play. The term channel refers to a specific frequency within either the 2.4 GHz or 5 GHz frequency spectrum that the wireless radios on the access point and the client have either negotiated or been told to use for the communication of the data between them. This is similar to the channel on your television set—think analog here—where the station transmits at a specific frequency and the television is configured to receive that specific frequency by you tuning it to a specific channel. If both sides are configured to talk on the same channel, then the communication between the two devices can proceed. A side note: there is an entirely tangential discussion we could launch into here about the channel selection, co-channel interference, and channel design, but for the purposes of this discussion, we will focus on the channels available in each range and the frequency on which they run. This is explained in detail in the next section.
The 2.4 GHz spectrum
The 2.4 GHz spectrum is commonly used for wireless deployments due to its range and support for many common Wi-Fi protocols, such as 802.11b, g, and n. You will typically find it used either exclusively in your target network or as a co-resident with the 5 GHz spectrum in dual-mode access points. The following table lists the channels and associated frequencies that you will encounter when you conduct your wireless penetration test. We will be using these channel numbers in the subsequent chapters as we set up our captures and define channels for our virtual access points.
Channel
Frequency (MHz)
1
2412
2
2417
3
2422
4
2427
5
2432
6
2437
7
2442
8
2447
9
2452
10
2457
11
2462
12
2467
13
2472
14
2484
In North America, only channels 1-11 are used, while in most of the world, 1-13 are used. Channel 14 is only used in Japan under the 802.11b protocol. These same channels apply whether your wireless interface is using 802.11b, 802.11g, or 802.11n. In the next chapter, when we look at wireless scanning, you will be able to see which channel the access point and client are communicating on using the airmon-ng application. You will then proceed to specifically select one of these channels when we want to capture the traffic being sent between the wireless devices.
The 5 GHz spectrum
The 5 GHz spectrum is massive and varies widely in its implementation depending on which part of the world it is operating in. Fundamentally, it ranges between Channel 36 at 5180 MHz and Channel 165 at 5825 MHz; however, some parts of the world use frequencies ranging down to 4915 MHz, and channels range from 7 to 196. The most common channels and frequencies are represented in the following table. However, you should reference the standards that are in use in your geography before conducting a wireless security assessment as the range might be expanded in your area.
Channel
Frequency (MHz)
36
5180
40
5200
44
5220
48
5240
52
5260
56
5280
60
5300
64
5320
100
5500
104
5520
108
5540
112
5560
116
5580
132
5660
136
5680
140
5700
149
5745
153
5765
157
5785
161
5805
165
5825
The same principles come into play when you are capturing the traffic from the 802.11a or 802.11n networks running at 5 GHz, as they do at 2.4 GHz. The tools provided by Kali will let you specify the frequency your wireless adapter is listening on by the associated channel number. You will identify the channel that the client and access point are communicating over and then set up your capture accordingly.
Choosing the right equipment
Though you may be eager to grab a laptop, install Kali on it, and jump right into running the tools, you'd be best served to spend some time researching and validating the devices you plan to use. It can be very frustrating to begin working through the tutorials and exercises in this book only to be thwarted by hardware that is not working right or doesn't support all of the features required to complete your assessment. This section will discuss wireless adapters, antennas, and other considerations that provide you the best chance of success.
Supported wireless modes
In this book, we will extensively make use of the advanced features of the wireless client that are not supported on all adapters. Two of these features, monitor and master modes, will help us capture the traffic and set up virtual access points, respectively. In the monitor mode, you are able to put your wireless adapter in a promiscuous (or listening) mode, which is capable of capturing the wireless frames from the air, while the master mode is essential for the setting up of an evil twin attack. These two modes are just some of the several supported modes in various wireless adapters, and the following are the commonly available modes and they explain what they are used for:
As mentioned, not all devices support all four of the preceding modes, notably missing either the monitor mode or the master mode. These two modes are important to many of the provided examples, and it might not be immediately clear that your chosen adapter does not support them. Next, we will discuss adapters that have been known to be successful in penetration tests, specifically with Kali Linux.
Wireless adapters
The first thing you'll look for when selecting a wireless adapter is the chipset used in the adapter. Many adapters may have different vendors and names printed on the outside of the device but use the same chipsets underneath the plastic where it really matters. The chipsets that have been known to be compatible are discussed in the upcoming sections.
Ralink RT3070
This chipset is used in many different USB wireless adapters that are available in different form factors.
The following are examples of several common adapters at the time of writing this book. There are hundred more adapters that also use this chipset, which comes in a variety of sizes and hardware configurations.
This model is ALFA AWUS036NH (image courtesy: http://www.alfa.com.tw)
Interface Type
USB 2.0
Supported Protocols
802.11 b/g/n
Band
2.4 GHz
Speed
150 Mbps
Gain
2000 mW
This model is ALFA AWUS036NEH (image courtesy: http://www.alfa.com.tw)
Interface Type
USB 2.0
Supported Protocols
802.11 b/g/n
Band
2.4 GHz
Speed
150 Mbps
Gain
1000 mW
This model is Tenda UH151 (image courtesy: http://www.tendacn.com)
Interface Type
USB 2.0
Supported Protocols
802.11 b/g/n
Band
2.4 GHz
Speed
150 Mbps
Atheros AR9271
Similar to the RT3070, this chipset also supports 2.4 GHz and is used by several vendors, including ALFA, TP-LINK, D-Link, and others. You will find these adapters regularly recommended by pentesters on Kali and aircrack-ng forums. Here are a few adapters shown along with their specifications.
This model is ALFA AWUS036NHA (image courtesy: http://www.alfa.com.tw)
Interface Type
USB 2.0
Supported Protocols
802.11 b/g/n
Band
2.4 GHz
Speed
150 Mbps
This model is ALFA AWUS036NH (image courtesy: http://www.alfa.com.tw)
Interface Type
USB 2.0
Supported Protocols
802.1 b/g/n
Band
2.4 GHz
Speed
150 Mbps
Gain
2000 mW
Ralink RT3572
This is the newer Ralink chipset, that has been found to be very compatible with Kali Linux, and it supports the modes that we are interested in. This chipset is capable of both 2.4 GHz and 5.0 GHz, making it very attractive for pentesters. A common example that uses this chipset is as follows:
This model is ALFA AWUS051NH (image courtesy: http://www.alfa.com.tw)
Interface Type
USB 2.0
Supported Protocols
802.11 a/b/g/n
Band
2.4 GHz and 5 GHz
Speed
150 Mbps
Gain
500 mW
