Wi-Fi networks come in two flavors: the more common 2.4 GHz used by most routers and IoT devices, and the 5 GHz one offered as an alternative by newer routers. While it can be frustrating to attack a device that moves out of reach to a 5 GHz Wi-Fi network, we can use an Alfa dual-band adapter to hack Wi-Fi devices on either type of network.
Wi-Fi is a radio standard that has been around since 1997, and the number of devices using it has made its part of the spectrum quite crowded. To relieve that stress, 5 GHz was introduced to offer fast Wi-Fi connections over similar distances as a comparable 2.4 GHz network. For hackers going after Wi-Fi devices, a router that provides both 2.4 and 5 GHz networks can be a real problem, as attacks requiring sending de-authentication frames can simply cause the target device to move out of reach to the 5 GHz network.
In the United States, 2.4 GHz Wi-Fi can operate on any channel between one and eleven. While it may seem like a lot of room, the truth is that all but three of these channels overlap with each other, causing issues with interference and slow speeds when too many devices are on the same channel. The reason it happens is that each channel is really just the center frequency of a 22 MHz wide channel. That means only channels one, six, and eleven are far enough apart not to overlap.
As you can see in the picture above, devices on channels one and two would interfere with each other and share a lot of space on the radio spectrum. That makes it challenging to pack too many devices on to the same network, primarily because most IoT Wi-Fi devices operate on 2.4 GHz only.
The 5 GHz offering gives faster speeds, more channels, and more room for devices to transmit than 2.4 GHz, but it suffers from some limitations in range. Over shorter distances, the broader channels of 5 GHz can allow for faster data transfers, but not all devices support the frequency. Modern routers will typically offer both types to provide the most spectrum for congested Wi-Fi networks, and modern smartphones and laptops will likely support 5 GHz networks. That makes it equally likely that a device belonging to a target might be connected to the 5 GHz or 2.4 GHz networks, making it critical to be able to interact with both.
To get started hacking 5 GHz networks, we'll need a network adapter with the proper chipset. The Alfa Wireless AWUS036ACS is a dual-band network adapter that offers both 2.4 and 5 GHz reception in a single feed line, and it can be combined with a long-range directional antenna like the Simple Wi-Fi 2.4/5 GHz Yagi antenna. While the AWUS036ACS driver is not plug-and-play with Kali Linux, it's simple to install on both Kali and Ubuntu systems.
Once we have the drivers installed, hackers will find that many standard Wi-Fi hacking tools work perfectly well against 5 GHz targets. Kismet, Wireshark, the Aircrack suite, and Wifite2 are all updated to take advantage of the ability to target 5 GHz networks. That means hackers who can't access 5 GHz channels are missing out on half of the fun, which may become an issue with devices that can transition between both types of networks.
To get started with hacking 5 GHz networks, you'll need a wireless network adapter that supports 5 GHz and preferably 2.4 GHz. The Alfa AWUS036ACS 802.11ac AC600 Wi-Fi Wireless Network Adapter does a great job.
- Don't Miss: Track a Target Using Canary Token Tracking Links
Thanks to popular demand, Kali Linux has included the RealTek drivers needed to control many 5 GHz adapters. The installation process on Kali is by far the most simple, but it's critical to update and upgrade your system before doing so. Keep in mind that on a slow connection, it can take quite some time.
~$ apt update && apt upgrade ~$ apt dist-upgrade
Once your system is entirely up to date, you can install the drivers you need on Kali with the following command.
~$ apt install realtek-rtl88xxau-dkms
That should install the driver, and you can try plugging in the network adapter after a reboot to see if the LED on it flashes immediately. Next, we'll test out the functionality of the adapter.
If you can see the adapter when running ifconfig or ip a after installing the driver, we can move on to trying to put it into monitor mode to verify it works. First, we'll need to bring the interface down to put it into monitor mode. Make sure to replace wlan0 with the name of your wireless card.
~$ sudo ip link set wlan0 down
Next, we'll set monitor mode using iwconfig in the following command.
~$ sudo iwconfig wlan0 mode monitor
Finally, we'll bring the interface back up after it's been put in monitor mode.
~$ sudo ip link set wlan0 up
If all of these steps worked smoothly, then your card should be in monitor mode, and you may be good to go. To try out working with 5 GHz channels, we can move on to the next step.
To test if we've got the card working on Kali, we'll try to set it to a 5 GHz channel. First, we can try to set the channel with the following command in a terminal window.
~$ sudo iw wlan0 set channel 6 HT40-
That will attempt to set the channel to a 5 GHz frequency. In general, you can use this command to specify a channel in the 5 GHz range to listen in on. To set the channel to 149 with the channel width set to 80 MHz, we can modify the command to look like the example below.
~$ sudo iw wlan0 set freq 5745 80 5775
If it isn't working, then you can move on to the manual installation, which also works on Ubuntu.
- Don't Miss: Hunting Down & Cracking WEP Networks
To install the drivers directly, we'll be using the Aircrack-ng GitHub repo and DKMS. First, we'll need to install DKMS and download the GitHub repo with the command below.
~$ sudo apt-get install dkms ~$ git clone https://github.com/aircrack-ng/rtl8812au.git
Once it is installed, we can change directories into the repository by typing cd rtl8812au. Then, we just need to run a single command to install the driver from within the folder we downloaded.
~$ sudo ./dkms-install.sh
You should see output like below if it's successful.
About to run dkms install steps... Creating symlink /var/lib/dkms/rtl8812au/5.3.4/source -> /usr/src/rtl8812au-5.3.4 DKMS: add completed. Kernel preparation unnecessary for this kernel. Skipping... Building module: cleaning build area... 'make' -j2 KVER=4.15.0-55-generic KSRC=/lib/modules/4.15.0-55-generic/build.......................... Finished running dkms install steps.
Finally, let's run airodump-ng to test if the card can capture on a 5 GHz channel. The following command uses the --band option to set Airodump to scan through 5 GHz channels.
~$ airodump-ng wlan1 --band a
If we've got the card up and running, we should start to see 5 GHz networks appear!
CH 200 ][ Elapsed: 12 s ][ 2019-08-19 04:56 BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID 00:69:54:32:12:99 -55 3 0 0 1 54e WPA2 CCMP PSK MySpectrumWiFi69-2G 88:24:62:94:10:2A -74 1 0 0 -1 54e WPA2 CCMP PSK MySpectrumWiFi96-5G
While network adapters like the Alfa Wireless AWUS036ACS may not be plug-and-play with Kali Linux, they are well supported and easy to get set up in only a few commands. Once you've got the drivers installed, you can easily use familiar tools like Wireshark to capture data on 5 GHz networks the same as 2.4 GHz networks. Thanks to these cheap and easy-to-set-up network adapters, a directional antenna can let a hacker manipulate 5 GHz networks from extreme distances on a budget.
- Don't Miss: How to Pick an Antenna for Wi-Fi Hacking
I hope you enjoyed this guide to getting started with hacking 5 GHz Wi-Fi networks! If you have any questions about this tutorial on setting up an Alfa Wireless AWUS036ACS, please ask below, and if you have a comment or idea for a future episode, feel free to reach me on Twitter @KodyKinzie.
Want to start making money as a white hat hacker? Jump-start your hacking career with our 2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and get over 60 hours of training from cybersecurity professionals.
Other worthwhile deals to check out: