Welcome back, my dear hackers!
As part of my Wi-Fi hacking series, I want to integrate a guide dedicated to denial-of-service (DoS) and DoSing attacks for a wireless access point (AP). There are a lot of ways we can do this, but in this guide I will show you how to send repeated authentication frames to AP with airplay from aircrack-ng. Keep in mind! Cracking wireless networks is not just about breaking Wi-Fi passwords!
The scenario of our problem
Let’s imagine a scenario in which our best friend is sick and unfortunately he has a college exam tomorrow. If he had a few more days, he could learn and pass. Our mission will be to use a DOS attack to the wireless access point, so the exam cannot take place at the scheduled time, and the university management will have to reschedule it, giving our friend enough time to recover and learn.
The solution to our scenario
So, on the day of the exam, our friend enters the class, as scheduled, although totally unprepared to take the exam. We just need to be somewhere close enough to be able to access the wireless access point. This could be in the hallway, in the next class, or in the library. Most access points will extend to about 100 meters, so we do not have to be very close.
In addition, if we put an antenna to the wireless adapter, we can go much further. All we have to do is take our laptop out of our backpack and our wireless adapter to save our friend from the ruthless exam.
Step 1: Open the terminal
Now that we are positioned within the wireless access point, we start BlackWeb OS and open a terminal. We will need to make sure that our wireless adapter is recognized and working.
Step 2: Put the wireless adapter in monitor mode
The next step is to put the wireless adapter in monitor mode with airmon-ng.
- airmon-ng start wlan0
Step 3: We check the available APs with Airodump-Ng
Now let’s take a look at all the access points in the range using airodump-ng.
- airodump-ng mon0
As we can see, the access point has been listed. We observe its BSSID (this is its unique global identifier based on the MAC address) and copy it.
Step 4: We connect to the access point (AP)
Now we need to connect to the AP with our laptop.
We can see the connection at the bottom of the screen. There we can see the BSSID of the access point at the bottom left and the MAC address of our client. We need this little information for our next step in this hack.
Step 5: Deauthentication transmission of users connected to the AP
We are now ready to deauthenticate (remove) all users from the access point. We need to send thousands of authentication frames to prevent any users from reconnecting to the AP. We can do this by entering the following command in another terminal:
- aireplay-ng –deauth 1000 -a A4:99:47:C9:73:A4 -h 84:4B:F5:87:CD:08 mon0
- A4:99:47:C9:73:A4 is the BSSID of the AP
- 84:4B:F5:87:CD:08 is the MAC address of our laptop.
- 1000 is the number of authentication frames sent to the AP
While students are trying to connect to the AP to take the exam, they will not be able to connect or, as soon as they do, they will be disconnected. It is unlikely that the teacher has any idea what is going on.
Step 6: Attack performed successfully
We must keep these deauthentication frameworks aimed at the AP until the teacher gives up and reschedules the exam.
Now, our best friend has a few days to learn. Thanks to a Linux distribution and a small hacking ability, we saved our friend from an exam, which he would surely fail.
Be sure to check out our WI-FI hacking series again, as more hacks will be posted. If you have any questions, please comment below.
Until next time.