WallE Posted April 27, 2013 Share Posted April 27, 2013 (edited) Alright so I was trying to use aireplay to DEauth an AP unfortunately something is wrong. I am using my wifi pineapple with an alfa awus036h connected to it. The wifi pineapple is plugged into the wall so there is no power issue. Here's what I did root@Pineapple:~# airmon-ng start wlan1 root@Pineapple:~# airodump-ng -c 1 wlan1 root@Pineapple:~# aireplay-ng -0 0 -a 00:14:6C:7E:40:80 wlan1 19:49:24 Waiting for beacon frame (BSSID: 00:14:6C:7E:40:80) on channel 1 NB: this attack is more effective when targeting a connected wireless client (-c <client's mac>). 19:49:24 Sending DeAuth to broadcast -- BSSID: [00:14:6C:7E:40:80] 19:49:25 Sending DeAuth to broadcast -- BSSID: [00:14:6C:7E:40:80] 19:49:25 Sending DeAuth to broadcast -- BSSID: [00:14:6C:7E:40:80] 19:49:26 Sending DeAuth to broadcast -- BSSID: [00:14:6C:7E:40:80] 19:49:26 Sending DeAuth to broadcast -- BSSID: [00:14:6C:7E:40:80] And that goes on and on forever so I tough the job was done but when I connect to the AP I can still go on internet and surf at a normal speed... Any tough? PS: It's the first time I am DEauthing. So I was also wondering if it's possible to totally shutdown an AP (Invisible when you scan for AP)? or it will just disconnect people from it? EDIT: I also tried root@Pineapple:~# aireplay-ng -0 0 -a 00:14:6C:7E:40:80 -c 00:14:6C:7E:40:80 wlan1 19:56:10 Waiting for beacon frame (BSSID: 00:14:6C:7E:40:80) on channel 1 19:56:10 Sending 64 directed DeAuth. STMAC: [00:14:6C:7E:40:80] [166|166 ACKs] And it's go on and on for that lane19:56:10 Sending 64 directed DeAuth. STMAC: [00:14:6C:7E:40:80] [166|166 ACKs]But I still can surf the web .... Edited April 27, 2013 by WallE Quote Link to comment Share on other sites More sharing options...
no42 Posted April 27, 2013 Share Posted April 27, 2013 -a is the access point -c should be the client looks like your trying to deauth the AP with itself??? -c can either equal a client mac aa:bb:cc:dd:ee:ff or equal a broadcast ff:ff:ff:ff:ff:ff:ff do deauth all clients Quote Link to comment Share on other sites More sharing options...
WallE Posted April 28, 2013 Author Share Posted April 28, 2013 But the -c is to Deauth a specific user of the AP no? If you don't put the -c command and just the -a command isn't supose to deauth all the AP user? Like that command? root@Pineapple:~# aireplay-ng -0 0 -a 00:14:6C:7E:40:80 wlan1 And I am not sure what is a -c broadcast -c can be a command to deauth a particular user (client) or equal a broadcast ff:ff:ff:ff:ff:ff but what is a broadcast ff:ff:ff:ff:ff:ff Quote Link to comment Share on other sites More sharing options...
WallE Posted April 28, 2013 Author Share Posted April 28, 2013 Well I tried to deauth a specific user and it's working like a charm. But this is not exactly what I want to do. So 2 questions here: 1. Is it possible to deauth every client connected to the AP or we can only jam one client at a time? 2. Is there a way to SHUTDOWN the AP, I want to find a way to not be able to see the AP anymore. Some kind of DDoS. How can I perform that? Quote Link to comment Share on other sites More sharing options...
Crypiehef Posted May 8, 2013 Share Posted May 8, 2013 Well I tried to deauth a specific user and it's working like a charm. But this is not exactly what I want to do. So 2 questions here: 1. Is it possible to deauth every client connected to the AP or we can only jam one client at a time? 2. Is there a way to SHUTDOWN the AP, I want to find a way to not be able to see the AP anymore. Some kind of DDoS. How can I perform that? 1. Yes, you can deauth every client, however you need a rule based script from what I understand. Like airdrop-ng (instructions). I have airdrop running in Kali on my laptop and am starting to get in on my Kali Raspberry Pi which is already connected to my Pineapple. 2. Shutdown the AP? Unplug it.. j/k. Depends on the AP. What I generally do is run reaver against the AP (if it's protected) get the PSK key. Then connect to the AP in client mode. Then I goto to the AP's config page and try the PSK password which, for me, works about 30-40 percent of the time, another 10 percent of the time it's the default or just "password". Otherwise I brute force in. Then I shut it down. If it's open. Connect to it and try bruteforcing your way in. Remember to spoof your MAC address if you have to or at least change it every time you connect to not arise suspicion. yadda yadda yadda. Some routers you can essentially shut down or jam. Do a quick search on google for those. Remember, with great power comes great responsibility... Only do this on networks your authorized on. :/ Quote Link to comment Share on other sites More sharing options...
Crypiehef Posted May 8, 2013 Share Posted May 8, 2013 Ok, so here is my setup and works beautifully. Pineapple MkIV: connected to Anker 10000 MaH battery. USB Powered 4 port hub, powered by the Elite battery. Raspberry Pi running Kali: connected to POE port on Pineapple configured with 172.16.42.42 static. USB Wireless N adapter (Thumb type) connected to my iPhone's hotspot. Routing from hotspot through the pineapple using wp4.sh on the Pi. The Pi is powered by a second 10000 MaH battery. USB Hub connected to the MKIV has a USB Drive (for modules, logs etc) and an Alfa AWUS036NH (more on this)... The Alfa serves as my de-auth adapter. I use wifi jammer module(in the pineapple bar) I whitelist my iPhones hotspot and away it goes. Disconnects everyone in range and the Pineapple saying "HERE I AM" gladly advertises and everyone that was de-authed connects to my Pineapple. Works great! Why the 3 batteries? Well glad you asked. Even though my two honking big batteries have more than 1 USB charge port they only offer 1A and 2.5A on both respectively. I use the 2.5A on the Pineapple and the Raspberry Pi. The USB hub doesn't stay powered with the 1A ports. I use the 5A elite battery for the USB hub. There you have it. All fits great in my tablet man purse. Do I look like a pen-tester/Hacker with one of those? Hell no. <evil grin> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.