Using TL-WN722N in Kali Linux

Image © Stanley Skarshaug

Image © Stanley Skarshaug

How to use the TP-Link adapter for WLAN hacking
Updated 15. December 2021

Content:

Intro Enable adapter in VM Kernel module WLAN sniffing

There are many WLAN adapter on the market that has the option of running in monitor mode. The TP-Link TL-WN722N WLAN adapter is one of the more accessible and cheap adapters in Scandinavia. Unfortunately, it's a bit of a pain to get up and running in Kali Linux. Especially the versions you can buy in stores today (v2/v3).

In this article, I will guide you through the process of installing the needed kernel module, and making it run in monitor mode in Kali Linux on a Virtual Machine in VirtualBox.

Enable adapter in VM

Make the Wi-Fi adapter accessable in the VM

Before the adapter can be used by Kali Linux, the adapter has to be enabled or attached to the VM. Open the settings for the VM, navigate to the USB menu, and add the Wi-Fi adapter to the VM. This way only the VM will be able to use the Wi-Fi adapter, and no other VM or your host OS.

Adding the Wi-Fi NIC to the Kali Linux Virtual Machine

Add the Wi-Fi NIC to the Kali Linux Virtual Machine

To make the adapter appear in the VM you might have to restart it. To check if it's available you run the iwconfig command. If it's discovered by the Operating System it will appear in the output.

iwconfig

lo        no wireless extensions.

eth0      no wireless extensions.
 
wlan0     IEEE 802.11g  ESSID:"haxor"
          Mode:Managed  Frequency:2.427 GHz  Access Point: 00:0D:9D:FF:FF:FF   
          Bit Rate=48 Mb/s   Tx-Power=20 dBm   Sensitivity=8/0  
          Retry limit:7   RTS thr:off   Fragment thr:off
          Power Management:off
          Link Quality=91/100  Signal level=-39 dBm  Noise level=-87 dBm
          Rx invalid nwid:0  Rx invalid crypt:860  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:39   Missed beacon:8

As you can see from the output above the adapter was discovered. To enable monitor mode and start using it for ethical hacking you need to install a custom kernel module, and enable monitor mode.

Kernel module

Install the needed packages for your Kali VM

Before anything can be done, you need to have a fully updated version of Kali Linux. In my experience, the 2021 versions of Kali Linux do not break during updates. But proceed with caution! You might not be as lucky. Your best bet might be to download the newest VirtualBox image and proceed from there. To update Kali run these commands.

sudo apt update
sudo apt upgrade

Now you must install the Linux kernel header files and the bc programming language packet. Both are necessary dependencies that are needed to compile the driver for the Wi-Fi adapter.

sudo apt install linux-headers-amd64
sudo apt install bc

Before we can use the new driver we must blacklist the default realtech kernel module (driver). To do this you first need to login as the root user. Please note that this is not possible to do with sudo privileges.

sudo su -

Once logged in as root you can blacklist the kernel module.

echo "blacklist r8188eu" > "/etc/modprobe.d/realtek.conf"
exit

Now you are ready to download the sourcecode to the custom kernel modules for the Wi-Fi adapter.

cd ~/Downloads
git clone https://github.com/aircrack-ng/rtl8188eus
cd rtl8188eus

Once downloaded you can compile the kernel module and install it.

make 
sudo make install
sudo modprobe rtl8188eus

After the installation, you can use the Wi-Fi adapter for ethical hacking.

WLAN sniffing

Make sure the adapter is running the new kernel module run this command

sudo airmon-ng                        

PHY	Interface	    Driver		Chipset

phy0	wlan0		8188eu		TP-Link TL-WN722N v2/v3 [Realtek RTL8188EUS]

As you can see from the output - the kernel module was successfully installed and running. To enable monitor mode on the adapter run this command:

sudo airmon-ng --verbose start wlan0                          

Found 2 processes that could cause trouble.
Kill them using 'airmon-ng check kill' before putting
the card in monitor mode, they will interfere by changing channels
and sometimes putting the interface back in managed mode

    PID Name
    485 NetworkManager
   3847 wpa_supplicant

No LSB modules are available.
Distributor ID:	Kali
Description:	Kali GNU/Linux Rolling
Release:	2021.4
Codename:	kali-rolling

Linux kali 5.14.0-kali4-amd64 #1 SMP Debian 5.14.16-1kali1 (2021-11-05) x86_64 GNU/Linux

Regulatory Domain appears to be unset, please consider setting it with 'iw reg set XX'
https://wireless.wiki.kernel.org/en/users/documentation/iw#updating_your_regulatory_domain
Detected VM using lspci
This appears to be a VirtualBox Virtual Machine
If your system supports VT-d, it may be possible to use PCI devices
If your system does not support VT-d, you can only use USB wifi cards

K indicates driver is from 5.14.0-kali4-amd64
V indicates driver comes directly from the vendor, almost certainly a bad thing
S indicates driver comes from the staging tree, these drivers are meant for reference not actual use, BEWARE
? indicates we do not know where the driver comes from... report this


X[PHY]Interface		Driver[Stack]-FirmwareRev		Chipset										Extended Info

K[phy0]wlan0		8188eu[mac80211]-unavailable		TP-Link TL-WN722N v2/v3 [Realtek RTL8188EUS]					mode managed
		(monitor mode enabled)

From the verbose output for the command, you can see that it got activated in monitor mode. Another method of verifying that it is running in monitor mode is to run iwconfig:

iwconfig                                                                                                 
lo        no wireless extensions.

eth0      no wireless extensions.

wlan0     unassociated  Nickname:"<WIFI@REALTEK>"
          Mode:Monitor  Frequency=2.457 GHz  Access Point: Not-Associated   
          Sensitivity:0/0  
          Retry:off   RTS thr:off   Fragment thr:off
          Power Management:off
          Link Quality=0/100  Signal level=0 dBm  Noise level=0 dBm
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

As you can see from the output - the NIC is in monitor mode. You are now able to use it with wireshark and a lot of other fun networking tools. As a starter you can start running scan for access points and endpoints using airodump-ng:

sudo airodump-ng wlan0              

 CH 13 ][ Elapsed: 36 s ][ 2021-12-12 16:48 

 BSSID              PWR  Beacons    #Data, #/s  CH   MB   ENC CIPHER  AUTH ESSID

 72:02:71:7C:FF:FF  -82        5        0    0   9  130   WPA2 CCMP   PSK  Victim_AP_01
 72:02:71:7C:FF:FF  -69       16        0    0   1  130   WPA2 CCMP   PSK  Victim_AP_02
 50:C7:BF:4F:FF:FF  -57       15        2    0   9  405   WPA2 CCMP   PSK  Victim_AP_03

 BSSID              STATION            PWR   Rate    Lost    Frames  Notes  Probes

 (not associated)   7E:45:E3:FF:FF:FF  -38    0 - 5      0        3         Victim_AP_04

The Wi-Fi sniffer program airodump-ng will listen in on every channel looking for access points and devices. After a couple of minutes, you should have a list of all devices in the area. If you were able to successfully run airodump-ng using the Wi-Fi adapter you have verified that monitor mode is working correctly.

Congratulations. You now have a working Wi-Fi packet sniffing solution using the TP-Link TL-WN722N. Now, go ahead and use this for good!