DEAUTHENTICATION ATTACK
Hi it's your one and only Mxlkommarz, Here on Cyber Komand with another one.
I'm starting with the "ifconfig" command which displays the network information the purpose for this is mainly to stay anonymous before performing the attack and to avoid it being traced back to my device also to reconfirm the option i will be changing in this case is the wlan0 ether (my wireless adapter) mac address which i'll be using to monitor for other networks around not just like any wifi would. Focus on the wlan0 ether in the next image.
Let me walk you through the commands in the image above.
The first command "sudo ifconfig down" think of this like shutting down an apartment to do some renovation on it. Shutting down the ifconfig services so we're able to make changes to the interfaces on the network although once you restart your kali the all changes will be reverted back to the normal mac address by your networkManager in kali.
The next command "sudo ifconfig wlan0 hw ether 00:11:22:33:44:55" i'm guessing you already know what this command does, it's saying in ifconfig wlan0 the "hw" stands for hardware change the "ether" (the mac address ) to 00:11:22:33:44:55 there you have it. quick reminder when changing the mac address you must start with zero.
The next command "sudo ifconfig wlan0 up" it does the opposite of what the first command does which is starting all the services in the ifconfig interfaces.
The last command "ifconfig" is going to display the ifconfig network interfaces information, let’s see if it worked and the wlan0 mac address changed.
.png)
As you can see all the commands worked and wlan0 ether (mac address ) was changed to the new mac address. if you've been following the steps you just took the first step in learning how to clean your tracks as you perform attacks in the near future. Lets move on to the next phase.
PHASE 2: Changing the wireless adaptor from managed to monitor.
wireless adaptors use different frequencies mine uses a 2.4gh which gets the job done so basically when the adaptor is on managed mode you only receive packets meant for your device but when switched to monitor you can sniff on other wifi signals around you'll be able to see passwords what sites they visit and things they do on the network that's the main purpose of this, i don't just want to sniff on my network i want snoop around other networks and be able to capture packets . Now lets me work you through the commands in the image below remember we're changing the wlan0 mode from managed to monitor.
- The first command "iwconfig" similar to the ifconfig command but to display the wireless information if you looks closely at the wlan0 you'll see that the wireless mode id on managed which is the default mode.
- The next command "sudo ifconfig wlan0 down" i already explained what this command does previously so i wont be explaining that again read through again if you're lost.
- The next command in line "sudo iwconfig wlan0 mode monitor" this command your saying okay iwconfig (wireless information details) the wlan0(the interface) mode monitor,that's you're telling the terminal that you want to change the wlan0 mode from managed to monitor.
- The next command "sudo ifconfig wla0 up" does the opposite of what the first command in the terminal does, i won't explain you should know what this does if you've reached this far.
- The last command in the terminal is a repeat of the first command we want to check if the the changes we made in the wireless adaptor worked.
As you can see the changes were made and we can now monitor other wifi with our adaptor, mind you that not all adaptor can perform this task of changing the modes you'll have to find one with the right specifications for more information about what wireless adaptor to use and where to get feel free to interact in the comment section, okay from here on i'll be using the airodump-ng tools for packets sniffing into other networks.
TIP: This next step is optional so you can skip if you feel like you type this command in the terminal so that there's no interference type the command "sudo airmon--ng check kill" this kills all processes and will disable your network but we don't need internet access to perform deauth attack.
Okay now let’s move on to the third phase using airodump-ng
Phase 3: Network Sniffing
In the third stage ill start by running this command shown in the image above "sudo airodump-ng wlan0" airodump-ng which is a in-built kali sniff tool for raw packets also for locating networks around. so what tis command is saying is hey airodump-ng using wlan0 that is on monitor mode show me list of networks around me, just like you do when you put on your wifi and search for a wireless router to connect to. In the second image above you can see the result of the command we just ran, wifi network up with "ESSID: ?????" which is the one im currently connected to access the internet. i'm going to explain only necessary things we'll be using the BSSID which is the device mac address and then below we have the list of devices connected to the network with there mac address and STATION on the list is the devices connected to network "????" mac address. i hope that's a fair enough explanation of what's happening in the images above.
After snooping around and i have a list of network at my disposal the next command is to specify which network will be my target and that's what the above command does, let me walk you through it. "sudo airodump-ng --bssid <target bssid> --channel <target channel number> --write <name of file> wlan0" so the command you telling airodump you want to target the router device with --bssid (mac address) of your target , --channel 6 the targets wifi is on channel 6 and that's the channel we want to be on and --write is saying you want to store the raw packets gathered and saved as testsniff and lastly wlan0 to notify what interface to use and ENTER.
To quit any command use crtl and c to quit the program, so we can see the program quit and the files from the airodump-ng saved the one we'll be needing is the testsniff-01.cap file just wanted to show you were you can locate the file and what file that is needed. The next step is a little detour from what were supposed to be doing but i want to sure how it is to analyze the raw packets we got from the airodump-ng with wireshark.
Okay if you are already familiar you know this is wireshark and from the raw packets we got using airodump-ng the testsniff-01.cap file. to point out something to you here you wont get any useful information because its all encrypted and all we'll be able to see is gibberish even though it may contain passwords,sites etc. But i was able to know who sent what and to where it was sent by looking at the source address i was able to know which device on the network sent out out a specific packet, Destination address to know where the packet was sent to. That was the only information i could get and also the device either it was an android or apple device. Now lets get to the most interesting part of this project which is the deauthentication of a specific client (host) on the network.
PHASE 4; Deauthentication
Once you specify the target for the deauth attack we move to the final stages of thi project by using the tool aireply-ng which as the option of a deauth, Okay so let me break the above command "sudo aireplay-ng --deauth 1000 -a <network bssid> -c <client bssid> wlan0. This command your saying hey use aireplay to do a deauth the 1000 is signifying the amount of deauth tries you want and -a is the bssid of the network and -c is the client bssid client who is connected to the wifi.
And there you have it you just carried out a deauthentication attack on a device connected to a wifi note that this works for any device or any network as long as you follow the steps. see you in the next project and i hope you enjoyed this as much as i did bye for now.
Neat!
ReplyDelete