Jump to content

Recommended Posts

@CMW, YOU are right, Windows does not respond to a general deauth attack. (I learned it the hard way) Congrats to Micro$oft.

You can however deauth specific any client from an AP (windows or no windows)

As far as i know, you need Kali for that.

Do know if the MKV can do that?

cheers

Of course you can do it with an MKV - actually, by defcon the new WiFi Pineapple MKV firmware is going to have some nice treats in this regard :)

Best Regards,

Sebkinne

Link to comment
Share on other sites

  • Replies 139
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted Images

SEB, this is very encouraging news!!!

I've tried this on my mkv: aireplay-ng -0 'number of deauth packages' -a 'access point bssid' -c 'victim machine bssid' 'interface'

But it didn't work. It, of course, works fine on Kali.

Having an effective deauth plays major role in Evil Portal & Karma (perhaps other infusions as well). Because If we can't deauth a pc how can we expect a victim pc to log onto the mkv?

This upcoming update could be a true milestone for the MKV. Thanks for your dedication!!!

Cheers

Link to comment
Share on other sites

  • 1 month later...

I seem to be experiencing a problem with Deauth and I'm wondering if anyone else has run into this. FW version = 2.0.3, Infusion version = 1.8, mon0 interface started from wlan1.

Configuration: whitelist-blank, blacklist-my router's BSSID, aireplay-ng, channel 11(same as my router), deauth packets-tried everything, sleep seconds-10, set blacklist.

When I run this, in Wireshark I see a bunch of probe responses from my router to mon0 and a couple probe requests from mon0 to my router, but NO deauth packets. Sooo...

I SSHed into the pineapple and tried to run aireplay-ng from the CLI and here's what I found:

running---> aireplay-ng -0 1 -a <my router> -c <my phone> mon0

results in getting THIS message---> "Couldn't determine current channel for mon0, you should either force the operation with --ignore-negative-one or apply a kernel patch" (btw, I tried the --ignore-negative-one optio to no avail).

I also was getting this on my install of Kali on my main puter and just thought it was something conflicting because I have so much other crap installed on here. I always just run all of my wifi interfaces in "true" monitor mode on my main puter anyway and deauth/injection works great.

A little googling revealed that some other peeps having this problem un-installed their network manager to get around this problem. This seems kind of drastic.

Any thoughts?

Oh, one last thing. mdk3 doesn't seem to do anything at all. Of course, I haven't played with it too much as I've been concentrating on aireplay-ng for now.

Edited by WiFi Cowboy
Link to comment
Share on other sites

Posted · Hidden by Whistle Master, September 8, 2014 - No reason given
Hidden by Whistle Master, September 8, 2014 - No reason given

I have a strange issue... I run Deauth, with mdk3 method, and when it starts in the output says "Deauth is not running". Here a few captures:

2WDlMgV.jpg

mon0 for it's the monitor from Wlan2.

Here my infusions running:

V5mBrRH.jpg

And my infusion's configuration:

Ly4oJry.jpg

I don't know why is this. Before this issue i was running Deauth with few problems, like pineapple rebooting (with the battery Juice 6800mAh) and not deauthing clients.

Hope someone can help me.

Link to comment

Hello,

I have a strange issue... I run Deauth, with mdk3 method, and when it starts in the output says "Deauth is not running". Here a few captures:

2WDlMgV.jpg

mon0 for it's the monitor from Wlan2.

Here my infusions running:

V5mBrRH.jpg

And my infusion's configuration:

Ly4oJry.jpg

I don't know why is this. Before this issue i was running Deauth with few problems, like pineapple rebooting (with the battery Juice 6800mAh) and not deauthing clients.

Hope someone can help me.

Link to comment
Share on other sites

Legend is not the infusion author by the way but I'm :wink:

Can you try the following:

- Restart your pineapple

- Start the infusion with the config you mentioned

- Connect through ssh to the pineapple

a) If you installed the infusion on SD card:

cat /sd/infusions/deauth/includes/log

OR

b) If you installed the infusion on the internal memory:

cat /pineapple/components/infusions/deauth/includes/log

And post the result here. Thanks.

Link to comment
Share on other sites

I think I may have an explanation for what you were (or weren't) seeing, cmw. I too could not see the deauth packets in wireshark on certain channels.

This is only a theory I have (and please someone correct me if I'm wrong) based on tests and observation but it seems that if there is a lot of traffic on a specific channel then wireshark doesn't display the deauth packets. If you are on a nice, quiet channel then they are displayed. At least this is how it appears to me. This drove me nuts for a while as I didn't think I was sending out deauth packets at all.

Anybody else experience this? Any work arounds? I tried applying more capture filters but this didn't seem to be the magic bullet.

Link to comment
Share on other sites

  • 1 month later...

Hi Whistle Master,

can you add some more features for the mdk3 deauth to your todo list please ? :rolleyes:

  • eacon Mode (Beacon Flood Mode Sends beacon frames to show fake APs at clients)
  • [D]authentication( Deauthentication / Disassociation Amok Mode Kicks everybody found from AP)
  • [A]uthentication (Authentication DoS mode Sends authentication frames to all APs found in range. Too much clients freeze or reset almost every AP.)
Link to comment
Share on other sites

  • 2 weeks later...

Short Question:

Which interface can i use to deauth ?

wlan0 -> AP for the Clients to connect

wlan1 -> is used by PineAP (mon0 on wlan1 is used for PineAP)

wlan2 -> ClientMode for ICS (Alfa)

So can i use wlan1 if PineAP is running or not ?

Link to comment
Share on other sites

  • 1 month later...

@daniboy92

Is the screenshot you made in posrt

Hi Daniboy92,

I decided to give Deauth another try. (I haven't tried it in a while).

My questions are: Are your screen shots that you made the CORRECT configuration to deauth?

I assume the BLACKLIST would be for your MKV and the WHITE LIST for the computers you want to Deauth. Right?

That brings me to my next question, does this deauth everything on a wifi network? or does it deauth a single computer?

Sorry for the questions,

Cheeto

2WDlMgV.jpg

mon0 for it's the monitor from Wlan2.

Here my infusions running:

V5mBrRH.jpg

And my infusion's configuration:

Ly4oJry.jpg

I don't know why is this. Before this issue i was running Deauth with few problems, like pineapple rebooting (with the battery Juice 6800mAh) and not deauthing clients.

Hope someone can help me.

Link to comment
Share on other sites

Hi folks,


I bought the Alfa AWUS036NEH radio.

My objective is to DEAUTH an AP (along with all the clients).


Ever since I updated to the new firmeware, I'm getting an additional readio called wlan0-1. What in the world is that? Is it normal?


These are steps that I'm taking:


1) open the Deauth 2.0 infusion

2) Select monitor mode on wlan1

3) Select my victim AP in the BLACKLIST (and hit save)

4) Add my mkv and my AP to the Whitelist (and hit save)

5) In the Control menu, I select wlan1 and hit START


Results = no deaith's were made.


*note the victim AP is a spare AP of mine that I'm using for target practice. I have a notebook and and Android smartphone connected to it.


Any help would be GREATLY appreciated.


Thanks guys!


deauth.jpg

Edited by cheeto
Link to comment
Share on other sites

Hey guys,

I have a weird problem with the Deauth infusion.

This is my setup:

  • wlan0: master mode
  • wlan1: client mode
  • wlan2: mon0 & used for deauth

Content Whitelist: HomeAP, wlan0

Content Blacklist: RangeExtender of my home network (separate network)

(both saved of course)

When I now start aireplay-ng (with wlan2 and mon0 selected), it deauths all APs in reach EXCEPT my RangeExtender. Of course that fucks up everything for a second.

When I then log back into the pineapple management and the deauth infusion, the contents of my black/whitelist have changed.

Content Whitelist: RangeExtender

Content Blacklist: # Every AP (default option)

How can that happen? Is something wrong in my setup or is that some kind of bug? Fw is the current version.

Thanks for your support!

Edited by jogischika
Link to comment
Share on other sites

  • 2 weeks later...

I made some progress with Deauth:

1) Enable wlan1 and start monitor mode

2) Whitelist your AP and your mkv

3) blacklist your target AP

4) Start to Deauth on wlan1 mon0

Results: deauthed my Android smartphone but did not deauth my windows 7 netbook.

Successs rate 50%

I switched from mdk3 and airplay. sometimes 1 works and the other doesn't - strange..

Can the mkv deauth pc's? (without having to resort to ssh and sing cli etc..)

thanks

Link to comment
Share on other sites

Until the infusion is fix the CLI is your friend

1- Put wlan1 in monitor mode by running

  • airmon-ng start wlan1

2- Pick a client and its access point to deauth. Note the channel they are on and their MAC addresses

3- Then set wlan1 to that channel by running

  • iwconfig wlan1 channel X

4- Run "aireplay-ng -0 0 -a 00:14:6C:7E:40:80 -c 00:0F:B5:AE:CE:9D wlan1

Where (taken from the air crack-ng site)

  • -0 means deauthentication
  • 0 is the number of deauths to send (you can send multiple if you wish, 0 means unlimited)
  • -a 00:14:6C:7E:40:80 is the MAC address of the access point
  • -c 000:0F:B5:AE:CE:9D is the MAC address of the client you are deauthing
  • wlan1 is the interface name

To note you can't death a client/AP that the pineapple radios don't support, also running pineap, karma or any of the other infusions that require any of the radios may interfere with the deauth by doing things like changing the channel, etc.

Edited by pla12
Link to comment
Share on other sites

I think most of the problem is with the newest firmware and how it affects the interfaces. I don't know the nitty gritty of the issue, but I do know that wlan manager is also affected, and it has something to do with the new secure wireless ap used for management, on int wlan0-1, I'd suggest either breaking out your favorite editor and going to work fixing stuff, if you're up to it, or brushing up on your command-line-fu.

Link to comment
Share on other sites

Thanks for the feedback guys. It's too bad that Deauth isn't 100% effective through the user interface.

I was hoping, with the new firmware, to be able to carry out an attack with my smartphone.

If I'm forced to use a computer along side my MKV, wouldn't I just be better off using Kali Linux to deaith:

aireplay-ng -0 'number of deauth packages' -a 'access point bssid' -c 'victim machine bssid' 'interface'

while having the mkv run PineAP,Harvester,Dogma, etc...?

This way there wouldn't be any interference at all.

Please note that I do have an Alpha radio connected to the mkv. Perhaps I could take advantage of the extra radio to deauth with MKV?

Thanks again.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...