Deauth All

[guitar_man]

hi there, I am looking for command for aireplay that will deauth everyone that is connected to the network not including a specific mac. <_<

[digip]

Are you using the pineapple or just straight aircrack suite? There is a module for the pineapple to do this, but you would need to write a little script to do it with aireplay-ng, since its meant for 1 off at a time, you need to create a variable to grab all mac addresses and script it. Something like a modification of the "Leg3nd's Elegant Mass DeAuth Script" for the pineapple would probably do what you want, you just need to adjust the script to run for your needs, since it was meant for the pineapple.

[guitar_man]

I'm just using aireplay. I want to deauth everyone else on a network not including my nic.

[digip]

yes, and you could "Script" aireplay to do it is what I was saying.

[guitar_man]

yes, but i dont know the aireplay command. :)

[digip]

At times, its nice to have someone walk you through everything, hold your hand as you do it so to speak, and while I could probably stumble my way through writing my own script to do something you ask after doing a few google searches and testing it out myself, spoon feeding every question we get asked is also not the best way to learn if someone else is doing all the work for you.

Start with what you know of the command and learn how to do a single deauth first and make sure you know how it works, "aireplay-ng --help" for starters, then work out how to grab MAC addresses from other clients on your network, how to do wireless scans, etc, then how to deauth multiple devices by piping it through aireplay.

While you are here looking for someone to write it for you, you could be on google or youtube (for which I already found a video that shows exactly what you asked...) and have the chance to try it yourself.

And before someone comes in and gives the reply "I hate when someone says google it, what is a forum for if you can't ask questions or get an answer to your problem" damn straight, thats the first place you should go IS to google, then come here with your code example of what you tried on your own, show us what you have, and then let others help you fix what you couldn't figure out on your own. No one here is an expert, and a lot of people here do know a hell of a lot, but not everyone jumps at the chance to answer question that have been asked a zillion times too. Search the forums, there are probably several posts which already contain code snippets to do what you ask.

Also, please don't take offense to my post, because I know I can sound like a dick at times, but just goes without saying, we help where help is needed, not where the work has not been done. Show us what you've tried first and the results, do some of the work on your own, then come back when you don't understand something and need more help with specifics.

[guitar_man]

digip, thanks for the very long reply.

I googled the command for the situation but I cant the exact answer.

Situation is there's an AP with AA:BB:CC:11:22:33 which send a aireplay command to deauth all connected to it.

But I want not to include a certain MAC. All I can do is to deauth all by send command aireplay-ng -0 0 -a AA:BB:CC:11:22:33 mon0

[digip]

Aireplay can send deauths to the AP, but can also send only to clients if needed. Check the commands documentation. You basically need to network ngrep all the connected clients, filter out yourself and the router, and send deauths to the clients on said router sans your mac and the routers.

I would say look up sed, awk, and some other command line fu commands that might help you pipe output through aireplay, or look into airdrop-ng instead, might be easier to figure out. Airdrop can do rule based drops from an airodump csv file. I've never used it but its kind of the same context from what I understand and you should be able to rule yourself out of the deauths.

By the way, if this is your router you are trying to protect, look into MAC address filtering(or change it over to WPA2). Will keep 99% of the noobs off your AP so long as they don't clone your MAC address.

Edited September 29, 2012 by digip

[Infiltrator]

digip, thanks for the very long reply.

I googled the command for the situation but I cant the exact answer.

Situation is there's an AP with AA:BB:CC:11:22:33 which send a aireplay command to deauth all connected to it.

But I want not to include a certain MAC. All I can do is to deauth all by send command aireplay-ng -0 0 -a AA:BB:CC:11:22:33 mon0

To deauth every client from the AP, use the following command.

Aireplay-ng -0 10 -a <mac of access point> name interface
[/CODE]

To deauth a client only

[CODE]
aireplay-ng -0 1 -a <mac address of access point> -c <mac address of client> name of interface
[/CODE]

If you need more information, I suggest reading the aireplay-ng documentation.

http://www.aircrack-...eauthentication

Edited September 30, 2012 by Infiltrator

[Maxwell8686]

Hi if I use Aireplay-ng -0 10 -a <mac of access point> name mon0 its scans on the wrong channel how do I ensure it scans on channel 1 say

[digip]

change airodump-ng to use the channel to monitor on, and aireplay-ng will follow suit, ie:

airodump-ng -c 6 mon0[/CODE]

where -c is channel 6. Then when you run aireplay, it will stick to the same channel airodump-ng was set to. Change -6 to whatever channel you need to use obviously. Otherwise, both tools, run in scan mode and hop all channels.

Also, read up on mdk3 black and white lists.

Edited October 20, 2012 by digip

[ocram6616967]

The best thing to do is to deauthenticate a single client.. For do this try the command: aireplay-ng -0 1 -a 'bssid access point' -c 'mac connected client' . Bye :D

[Infiltrator]

Hi if I use Aireplay-ng -0 10 -a <mac of access point> name mon0 its scans on the wrong channel how do I ensure it scans on channel 1 say

if you are going to hack a singe wieless router, you can already set the channel to your adapter, by issuing this command.

ifconfig wlan0 down

iwconfig wlan0 channel 1

ifconfig wlan0 up.
[/CODE]

[digip]

if you are going to hack a singe wieless router, you can already set the channel to your adapter, by issuing this command.

ifconfig wlan0 down

iwconfig wlan0 channel 1

ifconfig wlan0 up.
[/CODE]

Yeah, but if you use airmon-ng to start your card, I think it sets it to roam. I like setting airodump-ng with -c for channel number, then aireplay, will work on that channel, since I tend to use them in tandem anyway when either cracking wep or trying to capture WPA handshakes. I keep hearing about wifite though, will have to give that a try. Apparently works really well for various wifi attacks, including WPS(reaver), WEP and WPA handshake capturing. Not sure on the deauth stuff with it, but assume it has to do that to get the handshake and trigger replay attacks for IV's.

[Infiltrator]

Yeah, but if you use airmon-ng to start your card, I think it sets it to roam. I like setting airodump-ng with -c for channel number, then aireplay, will work on that channel, since I tend to use them in tandem anyway when either cracking wep or trying to capture WPA handshakes. I keep hearing about wifite though, will have to give that a try. Apparently works really well for various wifi attacks, including WPS(reaver), WEP and WPA handshake capturing. Not sure on the deauth stuff with it, but assume it has to do that to get the handshake and trigger replay attacks for IV's.

I agree with you 100% and I do that too, that was just a suggestion though.

[whitehat]

i think this is a good idea. can we group write a script like this, maybe on github?

[vector]

a real easy way to have some fun is with an old android phone thats just layin around. if you dont have one then get one from someone, root it, and have fun with a nice little app called wifikill. it is exactly what you are looking for and you can plug the phone in and hide it anywhere and just let it run all the time.

[Pwnd2Pwnr]

I never thought I would see the Aircrack-ng suite being man'd here. But, I digress. I am not complaining... I just know it took me a couple of hours to get the commands down (almost all of them).

Kismet is better than airodump-ng if ya ask me... but ya didn't :D

http://code.google.com/p/wifite/ <---- is this wifite, digip?

Edited December 12, 2012 by Pwnd2Pwnr

[digip]

I never thought I would see the Aircrack-ng suite being man'd here. But, I digress. I am not complaining... I just know it took me a couple of hours to get the commands down (almost all of them).

Kismet is better than airodump-ng if ya ask me... but ya didn't :D

http://code.google.com/p/wifite/ <---- is this wifite, digip?

I believe so. Edited December 12, 2012 by digip

[vector]

I never thought I would see the Aircrack-ng suite being man'd here. But, I digress. I am not complaining... I just know it took me a couple of hours to get the commands down (almost all of them).

Kismet is better than airodump-ng if ya ask me... but ya didn't :D

http://code.google.com/p/wifite/ <---- is this wifite, digip?

yes that is wifite. i use wifite on the reg. its one of my favorite tools. if you want to use the wps cracking features you will also need to install reaver. and wifite will suggest pyrit, tshark, and cowpatty, but arent required. i even have wifite,reaver,aircrack-ng working with my hp touchpad tablet and my asus tf101 android tablet for mobile owning.

some screenshots here.

https://www.box.com/s/4xriiwm6ycdkl00xfqxo

https://www.box.com/s/tlzfwhelg1g5fhm5xd2o

https://www.box.com/s/pvf0x6zqhn861owi9xmj

https://www.box.com/s/hpupfnzolgtgztgznp81

[Pwnd2Pwnr]

I can dig it... it is cool for when I am feeling lazy... but all in all... My favorite, bar none, is Reaver. So many pwns, so little time... :)

[ALi.hnd]

aireplay-ng -0 0 -a (mac address) wlan0 --ignore-negative-one.     Correct me if I'm wrong how do i specify channel here

 

 

 

[dark_pyrro]

You really dug deep to find this thread. However..... have you tried to "lock" the channel using airodump-ng before issuing the aireplay-ng command?