[Support] WiFi Deauth

[Whistle Master]

Guys, let's me have a look at it and I will try to post a new version soon. Maybe the issue is in the channel hopping.

Edited December 29, 2014 by Whistle Master

[cheeto]

Thanks for jumping in Whistle Master. Nothing like having the architect of this infusion working on this.

Again, Deauth works when deauthing my smartphone and from time to time it might deauth a pc. But's not 100% effective.

Looking forward to the update.

Thanks again.

Edited December 29, 2014 by cheeto

[siddharth]

reset the pineapple ..drop 2,3 dip switch and turn on...

[pla12]

Guys, let's me have a look at it and I will try to post a new version soon. Maybe the issue is in the channel hopping.

Whistle Master, for me part of the issue seems to be with the blacklist file, Using the web UI and adding any mac addresses in the list, or selecting one from the available AP list always results in adding the following to the blacklist file

root@Pineapple:/pineapple/components/infusions/deauth/includes/rules# cat blacklist.lst

# Every AP

[a-zA-Z0-9]

Manually adding Mac addresses to the blacklist file fixed the mdk3 deauth for me. Once the mac was added, and setting the proper channel it deauth the client.

[cheeto]

@Pla12,

Are you able to deauth APs? including pcs?

Cheers

[pla12]

I can confirm that it worked to deauth all clients connected to my test AP including IOS, MAC OSX, and various devices such as webcams, streaming devices, etc

[cheeto]

@Pla12,

Are Serious?

Are you using mdk3?

Can you please tell me if I'm missing something here?:

1) Enable wlan1 and start monitor mode

2) Whitelist your AP and mkv

3) blacklist your target AP

4) Start to Deauth on wlan1 mon0

Thanks!!

[Whistle Master]

There is a bug in the last version regarding the blacklist saving. I'm working one it.

However, please note that mdk3 can only works in one mode: either blacklist or whitelist. This means that you have to choose in the configuration tab which mode you would like to use for mdk3. Then, put the MAC addresses accordingly in one or another tab.

Only aireplay-ng can use both blacklist AND whitelist.

So, @cheeto, if you want to make it:

1) Enable wlan1 and start monitor mon0

2) Assuming you are in blacklist mode: add your target AP mac address.

3) Start to Deauth on wlan1 and mon0

[Whistle Master]

New version 2.1 is out !

[cheeto]

I was trying the steps you mentioned but it's still inconsistent. Sometimes it works and sometimes it doesn't.

In the configuration menu, Which mode should i be using? Whitelist or Blacklist? I tried both but it's giving me the same result.

Again, I'm just blackisting my target AP. Therefore I'm using mdk3 and Whitlelisting my MKV

I'm going to update the infusion and get back to you.

Thank you SO MUCH!!

[cheeto]

update:

objective is to deauth my LINKSYS ROUTER.

1) open deauth

2) blacklist LINKSYS router

3) whitelist MKV

4) configuration -> Method MDK3 Mode: Whitlist

5) start Deauth

Results successful

Objective 2

Start pineAP along with Dogma, Harvester, Karma & Beacon response + Deauth.

Results: failed.

Conclusion, it's not possible to deauth and use PineAP (Harverster etc... ) at the same time.

Am I wrong?

Thanks!

By the way, Thanks Whist Mster for the UPDATE. IT's clearly BETTER!

Edited December 31, 2014 by cheeto

[cheeto]

Before making this video, I Reflashed my mkv and re-installed DEAUTH infusion.

My objective is to Deauthenticate using WLAN0 (disabled) + mon0

Target AP: LINKSYS router.

This method does work very well against smartphones.

The problem is deauhing pc's.

If you see's what im doing wrong, PLEASE let me know.

Thanks guys

[Sebkinne]

As I said in the other thread, I cannot speak for the infusion, but running mdk3 from the command line along with pineap will deauth clients.

At the very least it will send out the correct packets.

[Whistle Master]

Nothing wrong with the infusion as well, if you can deauth smartphones, you should be able to deauth workstations as well.

I've just noticed that, if you put your target AP is in the blacklist list, you should use the "Blacklist" mode in the configuration tab, not the "Whitelist" mode.

From mdk3 usage, option used by the infusion:

d - Deauthentication / Disassociation Amok Mode
Kicks everybody found from AP
OPTIONS:
-w <filename>
Read file containing MACs not to care about (Whitelist mode)
-b <filename>
Read file containing MACs to run test on (Blacklist Mode)
-s <pps>
Set speed in packets per second (Default: unlimited)
-c [chan,chan,chan,...]
Enable channel hopping. Without providing any channels, mdk3 will hop an all
14 b/g channels. Channel will be changed every 5 seconds.
-d [target]
Enable WPA/WPA2-Downgrade-Attack
Blocks clients only if they use WPA Encryption, WEP and unencrypted traffic still works
Use this test to see if the Sysadmin thinks WEP is still enough security when WPA "doesn't work"

Edited January 1, 2015 by Whistle Master

[cheeto]

Thanks guys but unfortunately it's not deauthing.

If i place my Deauth settings MODE TO BLACKLIST, it won't even deauth any of my smartphones.

If i place it in Whitelist, it will deauth everything except for pcs. (as seen in the video)

[cheeto]

OK, here's the unexplained.

This is the ONLY combo that works against pcs, in fact it wipes EVERYTHING out.

BLACKLIST my target AP (linksys)

WNLAN1 ENABLED mon0

Configuration Mode: WHITELIST.

This is totally backwards!

I will make a video because seeing is believing.

[cheeto]

Guys,

Again, I really appreciate all the help. I hope that my situation could help others in the same boat.

This is the set up works but if i use it, i can't use PineAP because PineAP requires Wlan1 down.

:(

Seeing is believing:

[DataHead]

Your target ap should be in a whitelist, and use a whitelist mode ( whitelist meaning in the mdk3 sense, only attack the provided whitelist ap's, everything else is ignored ).

Blacklist means in mdk3 sense, attack all other ap's except for those provided in the blacklist, ignore the aps in blacklist.

Put your ap in the whitelist, and use mdk3 in whitelist

[pla12]

Cheeto,

Just for testing purposes, have you tried deauth from the CLI? I know the web Ui should work but trying it first from the CLI can go a long way to troubleshoot this.

I would first try aireplay-ng, then mdk3 via the CLI. if that works then you know it's with the infusion.

Also what channel is the AP you are trying to deauth on? and is it running a,b,g, n or ac?

I haven't tested a windows 8 client with the latest version of deauth but I can confirm that with the blacklist fixes I'm able to deauth IOS and Mac clients

[pla12]

New version 2.1 is out !

Whistle Master, thanks for the quick fix! very Awesome!

[DataHead]

Well i stand corrected.actually mdk3 seems to whitelist / blacklist backwards. By looking at the options

OPTIONS:

-w <filename>

Read file containing MAC addresses to ignore (Whitelist mode)

-b <filename>

Read from a file containing MAC addresses to attack (Blacklist Mode)

-s <pps>

Set the speed in packets per second (Default: unlimited)

-c [chan,chan,chan,...]

Enables channel hopping. Without providing any channels, mdk3 will hop all channels until it finds the target you specified

[cheeto]

So, am I the only one experiencing these issues?

Pla12, My target AP is a Linksys Wireless-G Broadband Router WRT54G2 operating on Ch.1.

I have uninstalled and re-installed it in the internal memory abut I'm getting the same results.

In video 2 you could clearly see that I enabled WLAN1 + mon0 and it deauthed EVERYTHING (including pc's).

That alone is a problem since Wlan1 should be disabled.

And for some reason the Black/White options are doing just the opposite. Blacklisting is actually whitelisting and vice versa.

Anyway, thank you all for your help.

[cheeto]

Btw, I accessed my mkv with putty and did the following:

• Set my wlan1 into monitor mode
• aireplay-ng -0 100 -a 00:21:29:D6:AC:06 mon0

Once again it does not deauth pc's but it does deauth smartphones.

[cheeto]

SOLVED!

THANK YOU ALL FOR ALL YOUR FEEDBACK!

I'm going the share the solution in case someone happens to run into the same problem.

First of all the Blackist/whitlist is INVERTED. For me to deauth anything i have to WHITELIST my target.

Also make sure to use MODE: "Whitelist". (using MDK3)

So after messing around with this thing all day, I thought why in the world am i scanning channels 1-11 if my AP target

is on Channel 1. (Thanks for the tip PLA12)

So i went to the Configuration channel and set my channel to 1 (instead of 1,2,3,4,5,6,7,8,9,10,11)

And BOOOOOM Knock out!!! It deauthed everying on the AP. YES PC's too!!

Guys, thank you all so much for your patience, I hope this tip could come in handy.

Cheers!

[pla12]

do this

reboot the pineapple

use putty to ssh into and run the following commands

- airmon-ng start wlan1

-iwconfig wlan1 channel 1

-aireplay-ng -0 100 -a 00:21:29:D6:AC:06 wlan1

I use wlan1 on this command not mon0, also make sure the -a argument has the access point MAC,

to test death on the specific PC use the -c Mac of client

this works for me every time.