Sebkinne Posted July 25, 2014 Share Posted July 25, 2014 @CMW, YOU are right, Windows does not respond to a general deauth attack. (I learned it the hard way) Congrats to Micro$oft. You can however deauth specific any client from an AP (windows or no windows) As far as i know, you need Kali for that. Do know if the MKV can do that? cheers Of course you can do it with an MKV - actually, by defcon the new WiFi Pineapple MKV firmware is going to have some nice treats in this regard :) Best Regards, Sebkinne Quote Link to comment Share on other sites More sharing options...
cheeto Posted July 25, 2014 Share Posted July 25, 2014 SEB, this is very encouraging news!!! I've tried this on my mkv: aireplay-ng -0 'number of deauth packages' -a 'access point bssid' -c 'victim machine bssid' 'interface' But it didn't work. It, of course, works fine on Kali. Having an effective deauth plays major role in Evil Portal & Karma (perhaps other infusions as well). Because If we can't deauth a pc how can we expect a victim pc to log onto the mkv? This upcoming update could be a true milestone for the MKV. Thanks for your dedication!!! Cheers Quote Link to comment Share on other sites More sharing options...
WiFi Cowboy Posted September 4, 2014 Share Posted September 4, 2014 (edited) I seem to be experiencing a problem with Deauth and I'm wondering if anyone else has run into this. FW version = 2.0.3, Infusion version = 1.8, mon0 interface started from wlan1. Configuration: whitelist-blank, blacklist-my router's BSSID, aireplay-ng, channel 11(same as my router), deauth packets-tried everything, sleep seconds-10, set blacklist. When I run this, in Wireshark I see a bunch of probe responses from my router to mon0 and a couple probe requests from mon0 to my router, but NO deauth packets. Sooo... I SSHed into the pineapple and tried to run aireplay-ng from the CLI and here's what I found: running---> aireplay-ng -0 1 -a <my router> -c <my phone> mon0 results in getting THIS message---> "Couldn't determine current channel for mon0, you should either force the operation with --ignore-negative-one or apply a kernel patch" (btw, I tried the --ignore-negative-one optio to no avail). I also was getting this on my install of Kali on my main puter and just thought it was something conflicting because I have so much other crap installed on here. I always just run all of my wifi interfaces in "true" monitor mode on my main puter anyway and deauth/injection works great. A little googling revealed that some other peeps having this problem un-installed their network manager to get around this problem. This seems kind of drastic. Any thoughts? Oh, one last thing. mdk3 doesn't seem to do anything at all. Of course, I haven't played with it too much as I've been concentrating on aireplay-ng for now. Edited September 4, 2014 by WiFi Cowboy Quote Link to comment Share on other sites More sharing options...
daniboy92 Posted September 4, 2014 Share Posted September 4, 2014 · Hidden by Whistle Master, September 8, 2014 - No reason given Hidden by Whistle Master, September 8, 2014 - No reason given I have a strange issue... I run Deauth, with mdk3 method, and when it starts in the output says "Deauth is not running". Here a few captures: mon0 for it's the monitor from Wlan2. Here my infusions running: And my infusion's configuration: I don't know why is this. Before this issue i was running Deauth with few problems, like pineapple rebooting (with the battery Juice 6800mAh) and not deauthing clients. Hope someone can help me. Link to comment
daniboy92 Posted September 7, 2014 Share Posted September 7, 2014 Hello, I have a strange issue... I run Deauth, with mdk3 method, and when it starts in the output says "Deauth is not running". Here a few captures: mon0 for it's the monitor from Wlan2. Here my infusions running: And my infusion's configuration: I don't know why is this. Before this issue i was running Deauth with few problems, like pineapple rebooting (with the battery Juice 6800mAh) and not deauthing clients. Hope someone can help me. Quote Link to comment Share on other sites More sharing options...
bytedeez Posted September 7, 2014 Share Posted September 7, 2014 Hmmm.. you may have better luck contacting the Infusion creator. Btw I believe Seb and Dareen mentioned they would be coming out with a new Deauth to be paired along with the new features. Quote Link to comment Share on other sites More sharing options...
daniboy92 Posted September 7, 2014 Share Posted September 7, 2014 I tried to contact with Legend, the creator in the infuion's thread but haven't answer yet. And... Did they say a day for release? Quote Link to comment Share on other sites More sharing options...
bytedeez Posted September 8, 2014 Share Posted September 8, 2014 I don't think they've gave a release time yet but it was mentioned in their google hangout video feat. PineAP. The closest time they gave was "soon". Have you tried using Deauth via ssh? Quote Link to comment Share on other sites More sharing options...
Whistle Master Posted September 8, 2014 Share Posted September 8, 2014 Legend is not the infusion author by the way but I'm Can you try the following: - Restart your pineapple - Start the infusion with the config you mentioned - Connect through ssh to the pineapple a) If you installed the infusion on SD card: cat /sd/infusions/deauth/includes/log OR b) If you installed the infusion on the internal memory: cat /pineapple/components/infusions/deauth/includes/log And post the result here. Thanks. Quote Link to comment Share on other sites More sharing options...
daniboy92 Posted September 8, 2014 Share Posted September 8, 2014 Sorry Whistle Master :-P Ok, I will run it and summit here log's information. Quote Link to comment Share on other sites More sharing options...
WiFi Cowboy Posted September 9, 2014 Share Posted September 9, 2014 I think I may have an explanation for what you were (or weren't) seeing, cmw. I too could not see the deauth packets in wireshark on certain channels. This is only a theory I have (and please someone correct me if I'm wrong) based on tests and observation but it seems that if there is a lot of traffic on a specific channel then wireshark doesn't display the deauth packets. If you are on a nice, quiet channel then they are displayed. At least this is how it appears to me. This drove me nuts for a while as I didn't think I was sending out deauth packets at all. Anybody else experience this? Any work arounds? I tried applying more capture filters but this didn't seem to be the magic bullet. Quote Link to comment Share on other sites More sharing options...
daniboy92 Posted September 14, 2014 Share Posted September 14, 2014 My problems was solved alone :/, i don't know why but it's working fine Quote Link to comment Share on other sites More sharing options...
BeNe Posted October 20, 2014 Share Posted October 20, 2014 Hi Whistle Master, can you add some more features for the mdk3 deauth to your todo list please ? eacon Mode (Beacon Flood Mode Sends beacon frames to show fake APs at clients) [D]authentication( Deauthentication / Disassociation Amok Mode Kicks everybody found from AP) [A]uthentication (Authentication DoS mode Sends authentication frames to all APs found in range. Too much clients freeze or reset almost every AP.) Quote Link to comment Share on other sites More sharing options...
BeNe Posted October 29, 2014 Share Posted October 29, 2014 Short Question: Which interface can i use to deauth ? wlan0 -> AP for the Clients to connect wlan1 -> is used by PineAP (mon0 on wlan1 is used for PineAP) wlan2 -> ClientMode for ICS (Alfa) So can i use wlan1 if PineAP is running or not ? Quote Link to comment Share on other sites More sharing options...
cheeto Posted December 11, 2014 Share Posted December 11, 2014 @daniboy92 Is the screenshot you made in posrt Hi Daniboy92, I decided to give Deauth another try. (I haven't tried it in a while). My questions are: Are your screen shots that you made the CORRECT configuration to deauth? I assume the BLACKLIST would be for your MKV and the WHITE LIST for the computers you want to Deauth. Right? That brings me to my next question, does this deauth everything on a wifi network? or does it deauth a single computer? Sorry for the questions, Cheeto mon0 for it's the monitor from Wlan2. Here my infusions running: And my infusion's configuration: I don't know why is this. Before this issue i was running Deauth with few problems, like pineapple rebooting (with the battery Juice 6800mAh) and not deauthing clients. Hope someone can help me. Quote Link to comment Share on other sites More sharing options...
cheeto Posted December 11, 2014 Share Posted December 11, 2014 (edited) Hi folks, I bought the Alfa AWUS036NEH radio. My objective is to DEAUTH an AP (along with all the clients). Ever since I updated to the new firmeware, I'm getting an additional readio called wlan0-1. What in the world is that? Is it normal? These are steps that I'm taking: 1) open the Deauth 2.0 infusion 2) Select monitor mode on wlan1 3) Select my victim AP in the BLACKLIST (and hit save) 4) Add my mkv and my AP to the Whitelist (and hit save) 5) In the Control menu, I select wlan1 and hit START Results = no deaith's were made. *note the victim AP is a spare AP of mine that I'm using for target practice. I have a notebook and and Android smartphone connected to it. Any help would be GREATLY appreciated. Thanks guys! Edited December 11, 2014 by cheeto Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted December 11, 2014 Share Posted December 11, 2014 wlan0-1 is the new WPA2 secured AP. Best Regards, Sebkinne Quote Link to comment Share on other sites More sharing options...
cheeto Posted December 11, 2014 Share Posted December 11, 2014 Thanks SEB., Cheers Quote Link to comment Share on other sites More sharing options...
jogischika Posted December 13, 2014 Share Posted December 13, 2014 (edited) Hey guys, I have a weird problem with the Deauth infusion. This is my setup: wlan0: master mode wlan1: client mode wlan2: mon0 & used for deauth Content Whitelist: HomeAP, wlan0 Content Blacklist: RangeExtender of my home network (separate network) (both saved of course) When I now start aireplay-ng (with wlan2 and mon0 selected), it deauths all APs in reach EXCEPT my RangeExtender. Of course that fucks up everything for a second. When I then log back into the pineapple management and the deauth infusion, the contents of my black/whitelist have changed. Content Whitelist: RangeExtender Content Blacklist: # Every AP (default option) How can that happen? Is something wrong in my setup or is that some kind of bug? Fw is the current version. Thanks for your support! Edited December 13, 2014 by jogischika Quote Link to comment Share on other sites More sharing options...
cheeto Posted December 13, 2014 Share Posted December 13, 2014 (edited) Guys, I'm having problems de-authing anything at all. Any suggestions? I tried deauthing with wlan 0,1,2 with no results. Thanks Edited December 13, 2014 by cheeto Quote Link to comment Share on other sites More sharing options...
n1nj@sh03s Posted December 27, 2014 Share Posted December 27, 2014 Guys, I'm having problems de-authing anything at all. Any suggestions? I tried deauthing with wlan 0,1,2 with no results. Thanks I'm having similar issues. Seems like there must be a bug or something we're missing! Quote Link to comment Share on other sites More sharing options...
cheeto Posted December 28, 2014 Share Posted December 28, 2014 I made some progress with Deauth: 1) Enable wlan1 and start monitor mode 2) Whitelist your AP and your mkv 3) blacklist your target AP 4) Start to Deauth on wlan1 mon0 Results: deauthed my Android smartphone but did not deauth my windows 7 netbook. Successs rate 50% I switched from mdk3 and airplay. sometimes 1 works and the other doesn't - strange.. Can the mkv deauth pc's? (without having to resort to ssh and sing cli etc..) thanks Quote Link to comment Share on other sites More sharing options...
pla12 Posted December 29, 2014 Share Posted December 29, 2014 (edited) Until the infusion is fix the CLI is your friend 1- Put wlan1 in monitor mode by running airmon-ng start wlan12- Pick a client and its access point to deauth. Note the channel they are on and their MAC addresses 3- Then set wlan1 to that channel by running iwconfig wlan1 channel X4- Run "aireplay-ng -0 0 -a 00:14:6C:7E:40:80 -c 00:0F:B5:AE:CE:9D wlan1 Where (taken from the air crack-ng site) -0 means deauthentication 0 is the number of deauths to send (you can send multiple if you wish, 0 means unlimited) -a 00:14:6C:7E:40:80 is the MAC address of the access point -c 000:0F:B5:AE:CE:9D is the MAC address of the client you are deauthing wlan1 is the interface name To note you can't death a client/AP that the pineapple radios don't support, also running pineap, karma or any of the other infusions that require any of the radios may interfere with the deauth by doing things like changing the channel, etc. Edited December 29, 2014 by pla12 Quote Link to comment Share on other sites More sharing options...
TGYK Posted December 29, 2014 Share Posted December 29, 2014 I think most of the problem is with the newest firmware and how it affects the interfaces. I don't know the nitty gritty of the issue, but I do know that wlan manager is also affected, and it has something to do with the new secure wireless ap used for management, on int wlan0-1, I'd suggest either breaking out your favorite editor and going to work fixing stuff, if you're up to it, or brushing up on your command-line-fu. Quote Link to comment Share on other sites More sharing options...
cheeto Posted December 29, 2014 Share Posted December 29, 2014 Thanks for the feedback guys. It's too bad that Deauth isn't 100% effective through the user interface. I was hoping, with the new firmware, to be able to carry out an attack with my smartphone. If I'm forced to use a computer along side my MKV, wouldn't I just be better off using Kali Linux to deaith: aireplay-ng -0 'number of deauth packages' -a 'access point bssid' -c 'victim machine bssid' 'interface' while having the mkv run PineAP,Harvester,Dogma, etc...? This way there wouldn't be any interference at all. Please note that I do have an Alpha radio connected to the mkv. Perhaps I could take advantage of the extra radio to deauth with MKV? Thanks again. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.