Disconnect any device from Network

Disconnect any device from Network

What's up DEVs?

In this quick hacking tutorial I am going to show you how to disconnect client from network. We are starting our journey from basics of hacking. However, with this little trick you can access WIFI passwords and even capture some private data by analyzing the network traffic.

Disclaimer: You know the drill. Don’t do this to anyone else that isn’t you unless you have their permission. I am not advocating illegal hacking.

Alright! Let's start!

Deauthentication Attack

A deauthentication attack is a type of attack which targets the communication between router and the device. Effectively disabling the WiFi on the device. This attack works on encrypted networks such as WPA and WPA2 and you don't have to connect the network to use this attack. Deauthencation attack’s use a deauthenication frame. This frame sent from a router to a device forces the device to disconnect. In technical terms it’s called:

“sanctioned technique to inform a rogue station that they have been disconnected from the network”

This means that a device is on the network that shouldn’t be on the network. The router sends a deauthentication frame to the device telling it that it has been disconnected.

How to Deauth

We are going to utilize aircrack-ng tool which is a suite of tools for auditing wireless networks. Aircrack-ng is a fork of the original Aircrack project. It can be found as a preinstalled tool in many Linux distributions such as Kali Linux or Parrot, which share common attributes as they are developed under the same project (Debian). So I am assuming that you are using Kali Linux. Since we're talking about sending packets, we're going to need a wireless adapter capable of both monitoring and injecting packets!

I am using TP-LINK TL-WN722N 150 High Gain Mbps Wireless Adapter and it works well for me. It is important to have a wireless adapter otherwise you can't see other stations packets as well as duplicate and replicate them over the air.

Kali in VirtualBox

Sometimes wireless adapters can cause problems while connecting to VirtualBox. For prevent it, go to Settings of Virtual Box , click USB and enable USB Controller. SETTINGS >USB. Once you enabled, select which controller your wireless adapter is using (it is usually USB 2.0 EHCI). Now, plug your wireless adapter and click the plus button right of the screen, select your wireless adapter and add to your VM. Before you run your kali linux in VM, unplug your adapter and plug again when kali fully loaded. Great! I hope you successfully connected your adapter let's continue our tutorial.

Step 1: Monitor Mode

Once you connected wireless adapter to computer open your terminal and run

iwconfig

We are using iwconfig to see wireless interfaces. You will see wlan0 which is your wireless adapter. lo and eth0 don’t come up since they are not wireless. This means we know for sure wlan0 is the wireless interface.

As you see mode of this adapter is set to Managed which is default mode of all adapters and will capture packets that has the destination MAC. But we want to be able to capture all the packets that are within our range. Even if they are sent to the router and even if they are set to another device. So to do this we need to set the mode to 'monitor mode' instead of 'managed mode'.

Before you change the options of your interface, you have to temporally disable WIFI by the following command:

ifconfig wlan0 down

Then, we are actually going to run a command to kill any process that could interfere with using interface in monitor mode.

airmon-ng check kill

It will actually kill the network manager and you will completely lose your internet connection. Because we will only need to be in 'monitor mode' when we are running preconnection attacks. So attacks that do not require us to connect to any network.

Now, we can change the mode to monitor by following command:

iwconfig wlan0 mode monitor

We provide the name of the interface that we want to change its mode to monitor. Once command got executed properly, we need to enable the interface again.

iwconfig wlan0 up

iwconfig command again you will see that Mode is changed to Monitor. This interface now can be used to capture any packet that is within our range./p>

Packet Sniffing using Airodump

It basically a program designed to capture packets while you're in monitor mode and it allows us to see all the wireless networks around us. Airodump will show us detailed information about networks around us. Run the command below to see networks near you

airodump-ng wlan0

airodump

As you see it shows all networks around me with useful details. Let me quick explain you what is all these stuff:/p>

  • BSSID - MAC address of the network
  • PWR - signal strength or the power of the network. (if it is higher then better signal we have)
  • Beacons-frames sent by the network in order to broadcast its existence.
  • #Data-Number of captured data packets
  • #/s- Number of data packets per second measure over the last 10 seconds.
  • CH-Channel number
  • MB-Maximum speed
  • ENC-Encryption algorithm in use.
  • CIPHER-The cipher.
  • AUTH-The authentication protocol used.
  • ESSID-Shows the wireless network name.

Let's move on to see how to use this info.

Target device packet sniffing

Alright! Select your target network to see connected devices by running following command:

airodump-ng --bssid TARGET_BSSID --channel CHANNEL_NUMBER wlan0

bssid

It is really simple command, we provide BSSID and specific channel of target network. Run the command to see connected clients to the network.

Disconnect target device

Now, you have to see connected devices with it's details. We are going to use tool named aireplay-ng to send deauth packets.

aireplay-ng --deauth 100000 -a TARGET_BSSID -c TARGET_STATION wlan0

deauth

STATION is MAC address of target device. As you see, I give very large number of packets to keep client disconnect very long period of time. If you want to let target to connect again just quit from aireplay by Ctrl+c. In addition, wlan0 is name of my wireless adapter it can be different for you so use that name for successfull attack. Run the command and that's it!

I hope you learned something from this terminal. Folllow me on social media and support me by buying a cup of coffee. I will use your support to make the lab more productive and secure. Thank you! Stay Connected!

Buy me a coffeeBuy me a coffee