Jump to content
sharkyz

Kick from WiFi (Wifi Deauthing)

By sharkyz, in Wireless Pentesting

Recommended Posts

sharkyz Newbie

sharkyz

Posted
Posted (edited)

Requirements:

OS: Linux

Wireless card with support for: injection and monitor mode.

Packages: 

    aircrack-ng (http://www.aircrack-ng.org/)
    mdk3 (http://aspj.aircrack-ng.org/) (You should be able to find these in your repos.)

 

Its possible to do this with just aircrack-ng but I prefer mdk3 for the actual deauthing.

If you know your system skip the first steps.

 

1. First thing we need to do is see if your wireless card supports injection and monitor mode.

For the sake of this tip we will call your wireless device wlan0. If you need to know what yours is type this command. 

ifconfig -a

Now look for the wlan# that you want to use. Most people will only have one unless your like me and use two wireless cards.

 

 

2. Take your card down with this command 

ifconfig wlan0 down

For testing injection type this: 

aireplay-ng -9 wlan0

You should get something back that says "Injection is working!"

 

 

3. Now to test if your card support monitor mode.

We first need the physical name of the wireless card. For this run. 

airmon-ng

Identify your card on the list and look for the phy#

 

 

4. Once you have it run this but replace phy0 with yours. 

iw phy phy0 info |grep -A8 modes

Under supported interface modes it should have "monitor" listed.

 

So if everything’s cool lets move on. If not you may need newer drivers or a different wireless card. I recommend the Alfa USB WiFi AWUS036H.

Now we are ready to have some fun.

 

 

5. You need to get some info about your access point to proceed. So at this point disconnect from your network and lets get to it.Use this command to get info about your access point. 

airodump-ng  wlan0

This should start packet capturing all wireless traffic. Once you see yours hit Ctrl+C to cancel the capture.

Take note of your essid, mac address, and channel.

 

 

6. Once you have it lets take a closer look at who is on line with the same command but a little different.

 

A.) Bring your network card back up with this command. 

ifconfig wlan0 up

B.) change your channel with iwconfig like this. My channel is 6. Make sure you use the channel you got earlier. 

iwconfig wlan0 channel 6

C.)Bring your wireless card back down. 

ifconfig wlan0 down

D.) Now its time to find out who's on line. Run this command below. 

airodump-ng -c 6 --bssid {mac address for access point}  wlan0

-c is for the channel number
--bssid is for your mac address on your access point.If you want to store the captured packets just add the -w option with the location you want to store the capture files. This would look like this 

airodump-ng -c 6 --bssid {mac address for access point} -w {path and name of file} wlan0

Once airodump-ng starts running if you see something on the end of the top line that says something like stuck on channel -1 then you suffered from the same bug I did. To fix it hit Ctrl+C and run these two commands and then start over on step a. 

airmon-ng stop mon0
airmon-ng stop wlan0

If you don't see that error then your good.

 

Now kick back and watch the stations appear. Each system on the network will show up at the bottom as they use the wireless. You can cross reference the first three MAC segments xx:xx:xx on line to see the manufacturer until you find your pray. For me it was my daughters Kindle Fire.

 

Once you see the device you want to kick off the network write down the mac address and hit Ctrl+C to stop the packet capture.

Now finally for the moment of truth. Which family member do you have in your sites. Once you pick one run this command. 

echo "xx:xx:xx:xx:xx:xx" > ./black.lst

Replace the "xx" with the mac address of the victim.


This creates a list of mac addresses you want to kick. If you want to add more then one change the > to >>.

The final command. 

mdk3 wlan0 d -n {essid} -b ./black.lst

replace {essid} with the essid of the access point.

 

That's it. As long as the command runs they will be kicked off line. Unless they spoof there mac address or use another access point. This also works well for neighbors that your wife gives the pass-phrase out to.

 

You can take this a step further and kick everyone off the access point with this command. 

mdk3 wlan0 d -n {essid}

By just leaving out the black list you will kick off everyone on that access point.

To stop the attack just hit Ctrl+C to kill the command and everyone will be able to connect again.

Have fun and remember its cool to play with your own equipment but don't cause trouble for other people. That's not nice. ;-)

 

sharkyz: If I have time tomorrow I'll update with a bash or python script to do all this. (If you know your system and wireless card you just need the packages and the last commands)

source: http://www.thelinuxgeek.com/content/linux-tip-wireless-deauthing

Edited by sharkyz
  • Upvote 6
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...