Jump to content

I'm not able to deauth a specific WIFi, tried all

Daffy10

By Daffy10
in Questions

Recommended Posts

Daffy10 Newbie

Daffy10

Posted
Posted

Hi,
I know I'm new and you probably will think that I didn't research or signed here only to have answer, is not. I'm just a beginner in this all magic world of hacking and I'm here to learn.

In these days I have been 24/24 studying kali and the most various tools and code for using it. I understood how to works aireplay-ng, how to work with fluxion, airgeddon, wifiphisher and that's all. I bought a specific wifi card as here is suggested (ALFA Network AWUS036NH) but I'm stuck with 1 important home wifi, I can't make them deauth. Even if I'm sending ton of packets with aireplay-ng manually or by airgeddon for example, they stand. I'm sure of it because it's my wifi that i'm trying to test it. Of course the aP of AWUS036NH is working perfect, and i'm seeing it correctly but withoud killing the connection, all the tests are meaningless.

With the hotspot of my phone, all smooth the deauth. With another connection all fine, but this one, nothing.. All my efforts for make it disconnect, are vains.

Do you have any reccomendation? thank you so much

Link to comment
Share on other sites
Zylla Newbie

Zylla

Posted
Posted
On 3/20/2020 at 10:16 AM, Daffy10 said:

Hi,
I know I'm new and you probably will think that I didn't research or signed here only to have answer, is not. I'm just a beginner in this all magic world of hacking and I'm here to learn.

In these days I have been 24/24 studying kali and the most various tools and code for using it. I understood how to works aireplay-ng, how to work with fluxion, airgeddon, wifiphisher and that's all. I bought a specific wifi card as here is suggested (ALFA Network AWUS036NH) but I'm stuck with 1 important home wifi, I can't make them deauth. Even if I'm sending ton of packets with aireplay-ng manually or by airgeddon for example, they stand. I'm sure of it because it's my wifi that i'm trying to test it. Of course the aP of AWUS036NH is working perfect, and i'm seeing it correctly but withoud killing the connection, all the tests are meaningless.

With the hotspot of my phone, all smooth the deauth. With another connection all fine, but this one, nothing.. All my efforts for make it disconnect, are vains.

Do you have any reccomendation? thank you so much

I recommend reading up on "protected management frames". Which can be an issue now a days when trying to de-auth certain APs 🙂

Link to comment
Share on other sites
Daffy10 Newbie

Daffy10

Posted
  • Author
Posted

Hi @Cap_Sig & @Zylla I completly understood your point of PMF. Is my home wifi so I can check it out if its available but its look like yes I would say. Than in this scenario what is the "attack 2.0" that someone can plan to do? And by the way than, the deauth on such condition is impossible to do?

I investigated about Reaver but after few pin I got immidiatly AP lock. So what is your avices and opinions?

Link to comment
Share on other sites
Zylla Newbie

Zylla

Posted
Posted
41 minutes ago, Daffy10 said:

Hi @Cap_Sig & @Zylla I completly understood your point of PMF. Is my home wifi so I can check it out if its available but its look like yes I would say. Than in this scenario what is the "attack 2.0" that someone can plan to do? And by the way than, the deauth on such condition is impossible to do?

I investigated about Reaver but after few pin I got immidiatly AP lock. So what is your avices and opinions?

If you're unable to deauth, you can still try to capture handshakes the moment when people are connecting to the wifi. 

For example by capturing 24/7. 

Other attack vectors to try is WPS vulnerabilities with reaver and/or pixiewps, or trying to capture the PMKID with hcxdumptool. 

Link to comment
Share on other sites
Daffy10 Newbie

Daffy10

Posted
  • Author
Posted
4 minutes ago, Zylla said:

If you're unable to deauth, you can still try to capture handshakes the moment when people are connecting to the wifi. 

For example by capturing 24/7. 

Other attack vectors to try is WPS vulnerabilities with reaver and/or pixiewps, or trying to capture the PMKID with hcxdumptool. 

No in reality I'm able because the handshake I got it with aireplay-ng correctly. The problem is that the disconnection of the station is not even not noticing on the client because is getting few millisecond of disconnection. So problem is that the client is going to surf on the net and will never go to network manager to see if there are any connection available.

I already tried with handhsake and dictionary but the problem is that for sure many people leave the psw default of router and so, 16 random caracter impossible to get.. Reaver I tried but after few trial I got AP lock. What do you advice me? thank you much @Zylla

Link to comment
Share on other sites
Zylla Newbie

Zylla

Posted
Posted
12 minutes ago, Daffy10 said:

No in reality I'm able because the handshake I got it with aireplay-ng correctly. 

So you are able to deauth then? I'm a little confused. 

My last post lists alternatives you can try out, if you're having issues with capturing handshakes.

Link to comment
Share on other sites
Daffy10 Newbie

Daffy10

Posted
  • Author
Posted
2 minutes ago, Zylla said:

So you are able to deauth then? I'm a little confused. 

My last post lists alternatives you can try out, if you're having issues with capturing handshakes.

Yes I am able but only few second because my phone is still connected, im not noticing any deauth in reality. Maybe few millisecond (just disconnected/reconnected)

Link to comment
Share on other sites
NoExecute Enthusiast

NoExecute

Posted
Posted

Okish, trying to get this.

You say, you're note able to deauth the clients due to Protected Management Frames, because its turned on in the Access Point, right ?

But, then you also say, you got the handshake ? If you do, then the attack succeeded, and you don't need anything more.
But if you know that the password is 8-10+ mixed alpha, forget it. It wont crack under any normal conditions, the chance of that, is next to nothing.

But, if it's your AP, start with WEP, then WPA, WPA2, WPA2-Client attacks, and then on to some of the other tools.
A valid strategy, is an AP clone, with the same name, and see if you can trick the client into sending the handshake.
Or, as someone else have allready said, WPS.

Read, and try harder :)

Link to comment
Share on other sites
  • 2 weeks later...
Cap_Sig Newbie

Cap_Sig

Posted
Posted
On 3/23/2020 at 9:13 AM, Zylla said:

PMKID with hcxdumptool. 

Great tool to try. 

On 3/23/2020 at 9:22 AM, Daffy10 said:

The problem is that the disconnection of the station is not even not noticing on the client because is getting few millisecond of disconnection.

What are you trying to actually do in regard to disconnecting clients?  The time a client is disconnected doesn't matter when capturing handshakes as long as it causes the client to re-authenticate. 

On 3/23/2020 at 9:22 AM, Daffy10 said:

So problem is that the client is going to surf on the net and will never go to network manager to see if there are any connection available.

My guess is you are trying to deauth a station longer than required for handshake so a client connection will hopefully look for a new AP to use?  In hopes of them selecting your rogue AP? Eavesdropping is what you are looking to do?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...