Deauthentication (module 21) in Learning Ethical Hacking from scratch

Well, I followed the instructions using VB Kali. First I tried deauthenticating my smartphone (Galaxy Note 5). It kicked it off, but then, despite the repeated deauthenticating commands, it got right back on again and stayed on.
So I tried it with my laptop, which has Kali as the OS. It never even got kicked off.

Here’s the command I used:
aireplay-ng --deauth 10000 -a 94:44:52:DF:78:5B -c 0C:EE:E6:99:DF:7F wlan0mon

Did I get something wrong on that, like syntax? The responses I got included:
13:12:40 Sending 64 directed DeAuth. STMAC: [0C:EE:E6:99:DF:7F] [ 0|64 ACKs]
13:12:41 Sending 64 directed DeAuth. STMAC: [0C:EE:E6:99:DF:7F] [19|62 ACKs]

So some had ACKs, some didn’t.

I’d appreciate some insight. If I can’t deauthorize, I’m kind of stuck!

  • Russ

Hello Russell,

Is your laptop connected via Ethernet cable or Wirelessly? Because this attack will not work with devices on Ethernet cable. For your device portion, can you try another way of enabling monitor mode shown in Module 16,17,18?

Let me know if you need anything else,

Thank you!

Hi,
Yes, it’s connected wirelessly. I finally got it to work just now - I think what was happening was it kept switching to a bridged AP, so it hopped from one connection to another. As it was bridged, it had the same SSID (although the MAC was different).
I ended up unplugging that AP, and then it worked great. Thanks for your response!

Hello Russell,

Glad you figured it out! :slight_smile:

Let me know if you need anything else,

Thank you!

Well, as long as you’re asking:
Having a tough time with injection. With the fakeauth command to work, although I was getting a bunch of “authorized” then “Deauthorization packet sent” issues. I tried using the Kill command but it didn’t help - the deauthorization packets kept comingI I also had “channel jumping” even though I specified the channel using airmon-ng wlan0 6.

I closed it all up, then went back to it today. I used “ifconfig wlan0 down”, “iwconfig wlan0 mode monitor”, and “ifconfig wlan0 up” to get it in monitor mode, and I was able to get fake authorization with no issue, including no channel jumping.

BTW - I’m using the latest version of Kali, VB, and I bought the wireless adapter you suggested, the AWUS036NHA.

Anyway, here’s what happens - I successfully do a fake authorization. It shows OPN in the Auth column. But when I run aireplay-ng --arpreplay -b 00:11:95:78:62:D0 -h 00:c0:ca:96:c9:ba wlan0 (not wlan0mon, because the name doesn’t change using the iwconfig method) it tells me the MAC is wrong - and I get no ARP packets! So I change it to what it suggests, but still get no ARP packets. Then I re-run the fake authorization, type aireplay-ng --arpreplay and -

It tells me the MAC is wrong, and gives me a completely different one. This keeps happening.

Sorry for the length of this, but it’s about to get longer. I noticed something weird with the MAC when I did the macchanger portion of the course.

Typing “macchanger -s wlan0”, I get:

Current MAC: de:72:0d:61:93:20 (unknown)
Permanent MAC: 00:c0:ca:96:c9:ba (ALFA, INC.)

After taking the interface down, and typing “macchanger -r wlan0”, I get:

Current MAC: da:67:c5:67:3c:77 (unknown)
Permanent MAC: 00:c0:ca:96:c9:ba (ALFA, INC.)
New MAC: 66:77:49:52:49:36 (unknown)

Note that the Current MAC is different.

Then, after bring up the interface, and typing “macchanger -s wlan0” again, I get:

Current MAC: 42:65:1f:ed:0a:86 (unknown)
Permanent MAC: 00:c0:ca:96:c9:ba (ALFA, INC.)

So, I’m getting three Current MACS for the only wireless adapter I have plugged in, and none of them are the same as the permanent MAC.

I just plowed ahead, thinking “well, it’s just some weirdness with Kali that won’t matter.” But it sure does.

Do I need to make a blood sacrifice or something?

  • Russ

Hello Russ,

For the Mac Changer issue please try this:
Try this

ifconfig wlan0 down
airmon-ng check kill
macchanger -r wlan0
ifconfig wlan0 up

If that didn’t work then try this

ifconfig wlan0 down
ifconfig wlan0 hw ether [NewMac]
ifconfig wlan0 up

Then run ifconfig to check if the mac address actually changed.

For the deauth issues:
Can you try to enable monitor mode with different methods shown in Modules 16,17,18 please? One of this methods should help you.

As for the Channel Jumping Issue:
Please try to run all of this attack WITH an airodump-ng running on the target router on another terminal window.

Let me know if you need anything else,

Thank you!

Ok, I did all of that. It seems that if I run airodump-ng wlan0 (even in another window), it causes the channel hopping issue.

The macchanger weirdness got solved when I added the check kill command, so that’s a relief. Then I used the iwconfig wlan0 mode monitor channel 6 command to set the adapter. Then I ran the fakeauth in another terminal window, and in the same window I split the screen and ran aireplay-ng --arpreplay -b 00:11:95:78:62:D0 -h 00:c0:ca:96:c9:ba wlan0.

But it didn’t get any ARP packets. So, I ran the fakeauth again (successfully). Still no ARP packets. I stopped aireplay-ng --arpreplay and restarted it again, right after (again) redoing fakeauth.

Then, in the first terminal window, I ran airodump-ng wlan0 so I could confirm that AUTH was OPN. It wasn’t.

So I went back to the second terminal window and re-ran fakeauth, and…

Got the channel hopping issue back.

So now I’m totally lost as to why airodump-ng seems to be causing the channel hopping issue, and why I can’t seem to inject ARP packets.

Any pointers would be greatly appreciated!

  • Russ

Update:
After speaking with my brother last night, he said the host system (Windows 10) could be screwing up my VB installation of Kali. So, this morning, I tried it all on a dedicated Kali laptop.

So far, everything works as far as the MAC issue, authenticating, and there’s no channel hopping at all. However, I’m still not getting any ARP packets! I’ve tried it a few times, and it just doesn’t seem to be generating any.

You might want to mention that issue with the host system interfering with VB - I never heard of that before, but he seemed to feel it was well known. In the meantime, any thoughts on how to get those ARP requests to work?

Again, thanks for your help.

Hello Russell,

May I know what is the model of your adapter and also what is the Channel that the router is hopping on? Anything above channel 12 is 5ghz frequency, If so, you need an adapter that supports both 2.4ghz and 5ghz frequency to do injection on this router.

Let me know if you need anything else,

Thank you!

I’m using the Alfa Atheros AR9271, as you recommended. I would use channel 6 or 11, usually. Unfortunately, I can’t go revisit this issue (in my copious notes I’m taking for your course, I noted that I never resolved the ARP packet issue!)

I can’t revisit it at this time because my Kali laptop has both USB ports broken (don’t ask), and my WIndows 10 machine crashes every time I have the adapter plugged in and try to use either my VirtualBox or my VMWare version of Kali. I have no idea why, it worked fine for weeks and then started crashing. I even went back to the original install snapshots, and it would work work a couple of times and then crashed my whole machine again. After hours of fighting with it, I gave up!

I plan on getting a used laptop - with working USB ports - as soon as possible and I will ask for your assistance again if it still doesn’t work. Thanks for your help!