De-authorising Everybody on a Wireless Network
Wireless networks have always been the easiest to use, yet they have been the most easily breachable networks. There is a wide array of utilities out there to help one do so. In this tutorial, we will be using Aircrack-ng suite of utilities to deauthorise selected nodes on a WiFi network. Kali Linux comes pre-installed with these utilities, so we would be following this tutorial on this OS. But these utilities are also available for Windows family of OSes, here.
Putting the Wireless Card into Monitor Mode
As common sense commands, we first need to look for existing wireless networks to breach into. For this, we need to put our card on the 'monitor mode'. This enables passive observation of packets of data being transmitted wirelessly.
We first stop our wireless card with the command
airmon-ng stop wireLessCardName
You can know the name of your wireless card by typing iwconfig, noting the alias name of the wireless card and putting it in place of 'wireLessCardName'.
Then we start our wireless card in the monitor mode with the command
airmon-ng start wireLessCardName
The monitor mode can be confirmed by the iwconfig command and checking the mode of the wireless card. A new wireless interface would also be visible, probably named 'mon0'. We will assume it to be mon0 here on.
Looking for Networks
Now we start looking for wireless networks around us. For this we use the airodump-ng utility. The command is as
airodump-ng wireLessCardName
It switches on various channels to find every wireless transmission. Its output consists of two tables and the first one gives the info about access points / WiFi servers. The things that we are interested in are the BSSID and the ESSID of the access points. The CH column gives the info about the channel over which the transmission is taking place.
The second table gives info of the transmissions happening in real time. The Station column in this table gives the MAC IDs of the network clients, i.e. the devices connecting back to access points. The Packets column shows the number of data frames transmitted while the Probes column shows the ESSIDs the client has probed into.
Obtaining the MAC ID of the Target
So here is the catch; you have to know what the MAC ID of the target system is. The target system could be a laptop, a phone or any other wirelessly connected device. One could either do the wild guess and choose any Station column MAC ID depending on the BSSID or ESSID it is connecting to. Else another way is to have physical access to the device sometime and obtain its MAC ID( social engineering could be taken into account). Whatever way you do it, we here have assumed that you have obtained the MAC ID of the target device.
Firing the Laser
Assuming that 00:11:02:03:04:05 is the target and is connected to the BSSID 01:02:03:04:05:6f and their transmission is happening over channel 6, we first make our wireless card switch over to this channel of communication as
iwconfig mon0 channel 6
Then we fire the de-authorising command as
aireplay-ng --deauth 0 -a 01:02:03:04:05:6f -c 00:11:02:03:04:05 mon0
This will result in the access point sending de-authorisation packets to the device with the MAC ID 00:11:02:03:04:05 repeatedly, till this command is stopped with the [Ctrl+d] suspend key combination.
If you want to completely deny access to an access point to every device, fire the following command
aireplay-ng --deauth 0 -a 01:02:03:04:05:6f -c FF:FF:FF:FF:FF:FF mon0
Here, FF:FF:FF:FF:FF:FF acts as a wildcard which sends de-authorisation packets to every device that tries to connect to the access point 01:02:03:04:05:6f. Thus, no device would be able to connect to this access point until the command execution is terminated with [Ctrl+d].
How much could you follow this post ?
Let us know with your comments.
No comments:
Post a Comment