4 External USB Wifi Adapters for Kali Linux Pentesting

If you are like me, you have been working with Kali Linux, the Linux distribution for penetration testing and ethical hacking, and have been running it as a virtual machine on your 2015 Macbook Pro. And, you have been having issues with sniffing packets because your 2015 Macbook’s built-in wifi adapter is not going into true promiscuous mode — only a limited version that doesn’t give you everything you need. Sadly, other versions of the Macbook don’t seem to have this problem at all, so you may be finding yourself in need of an additional interface.

Or, perhaps you are not like me, and the chipset driving your PC’s Wifi adapter doesn’t let you do much at all, and you just want an external USB Wifi adapter that will make it easy to use tools such as Aircrack-ng for ethical hacking jobs.

Whatever the case, I’ve done some research and will present a few options that don’t break the bank and should provide you with a quick and easy way to do all the proper packet sniffing you deserve.

TP-Link N150

The first option on this list is the $13.45 TP-Link N150 dongle. A small USB device that sports a detachable antenna, it should get the job done if you prefer portability over power. This device uses the Atheros AR9271 chipset, which is known to work smoothly in Kali Linux (and probably most other distros).

USB Rt3070

The cheapest USB adapter, at a paltry $11.99, is the generic USB Rt3070, another dongle style device that is also the smallest you will find here. With similar specs as the TP-Link device, this one is even easier to conceal, and probably won’t raise any suspicions if you have it plugged into your laptop in a crowded place. While not the most powerful device by any means, if you are near the router you want to connect to, it shouldn’t be a problem.

Alfa AWUS051NH

Taking a big step up in everything, including features, power, and profile, we have the Alfa AWUS051NH. This one has been sitting on my Amazon wishlist for quite a while, and I think it’s about time I pick it up. It even has a holster with suction cups to stick to a window, and it will pick signals up from long range.

If you are needing to physically stay away from the target you are testing, while still being able to test it, try this sucker.

Alfa AWUS036NHA

Lastly, we have another Alfa device, both of which get really good reviews for Kali Linux in particular. At only $6 more than the AWUS051NH, the Alfa AWUS036NHA looks cooler and has a boost in power to let it pick up signals from even farther away. It also comes with the holster and suction cups for the windows of your vehicle, office, or home. According to its description, what sets it apart is the “High Transmitter Power of 28dBm – for Long-Rang and High Gain Wi-Fi.”

 

Are there others?

Have you tried any of these? What did you think? Know of any others that do a good job?

Tool Sharpening

As honest Abe Lincoln said, “Give me six hours to chop down a tree and I will spend the first four sharpening the axe.”

For the last six months, I have been playing the part of Hey Blinkin, getting the tools in my toolbox sharpened, honed, configured, and ready as I am inches away from starting the PWK/OSCP course. As soon as some paperwork clears, I’ll be signing up, hopefully to start in mid-July. You may have seen me posting things I’ve learned so far here on my blog. I intend to keep it up, as finding other OSCP adventurer blogs, tips, and tools along my journey has been invaluable. I hope to pay it forward here.

That said, here are a few very sharp tools I’ve come to love (as recently as this evening):

iTerm 2 – http://iterm2.com/ – a better Terminal app for Mac. Highly configurable, integrative, and versatile. Not exactly a pentesting tool, but something anyone doing command line work on a Mac should check out.

Sn1per – https://github.com/1N3/Sn1per – a super-thorough and invasive reconnaissance tool. It is very noisy and not recommended for actual pentesting, but it is great for working on CTF and Vulnhub VMs.

OSINT Framework – http://osintframework.com/ – a hefty, well-organized set of free tools for gathering all kinds of information. Originally geared towards security, it includes a lot of other fields as well. Follow it on GitHub here.

 

Microsoft Windows has Free Virtual Machines

Wish I had know about these earlier. Microsoft offers free Windows virtual machines for VirtualBox, VMWare, and others. You can choose from Windows 7, Windows 8, or Windows 10 (a few different flavors of each). They last 90 days before expiring, but you can snapshot them right after you install them to make it easy to reset that 90 days by rolling back to the snapshot.

Officially, these are for testing out the Edge browser, but you can also use them for whatever else 😉

Check them out here:

https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/

 

 

Metasploit Tidbits

I’ve been working through Metasploit Unleashed in preparation for the PWK course and the ensuing OSCP exam. Looks like I’ll be signing up for that in early July. While you can’t use Metasploit on the OSCP exam, they do teach it in the PWK course itself, and it’s a very powerful tool anyway, so learning it now seemed like a good idea.

I’ve been taking a lot of notes in OneNote as I progress on all things OSCP, but I thought I’d share some of the handier Metasploit tricks that I might find myself using from day to day. Additionally, writing all this out and thinking about it as I do so helps me commit it to memory, so this blog post isn’t an entirely selfless effort 😉

Find Hosts on Your Network

The arp_sweep auxiliary module comes in handy to find hosts on your network. In the below example, you select the arp_sweep tool, show its options, then set the RHOSTS variable accordingly for you your network range.

Running the above will return some output that looks something like this:

If you want to be sneaky when you do this (and why would you need to be sneaky on your home network? 😉 ) you can spoof the source host (you) and the source MAC address so that it doesn’t look like you have been scanning anything. Typically, you might set this to appear to be coming from your router.

Scan a Host

Metasploit lets you scan hosts that you discover.

You can set THREADS (10) and CONCURRENCY (20) too, to help speed things up without getting too crazy.

You can even use nmap from within Metasploit, and store the results in the database, or import normal nmap results (saved as xml) into the Metasploit database. The advantage of doing this is that you can save your work and results in workspaces in Metasploit. Workspaces let you create projects and keep things organized, which is useful when working on many targets, or with a team.

I will provide some examples of this soon. Stay tuned. For now, here’s what looks like a great reference for this.

 

Speaking at Drupal Camp Asheville

I will be doing a talk on Drupal and Security at this year’s Drupal Camp Asheville. I will cover some security best practices for Drupal developers, how to avoid certain Drupal-specific security gotchas, some lessons learned in keeping Drupal sites secure, and some handy tidbits you can use to prevent the bad people from ruining things.

The times for the various speaker sessions haven’t been announced yet, but stay tuned. I hope to see you all there!

#dcavl