Continuous DoSing a Wireless AP

In previous tutorials for my Wi-Fi Hacking series, I have shown you how to crack WEP and WPA2 passwords, break a WPS PIN, and create Evil Twin and Rogue access points. In this continuation of the series, let's look at slightly different approach to attacking wireless.

(If you are new to hacking Wi-Fi, make sure you check out the getting started guide before attempting any of the tasks mentioned above.)

Our Cyber War Scenario

Your side, the good guys, of course, are about to launch an attack against the bad guys. Your mission is to knock out all of the wireless communication from their field command and control center so that your army can attack without any notifications being sent via Wi-Fi.

Of course, in this scenario, we are only knocking out Wi-Fi communication. The bad guys could certainly still communicate by cellular phone, by wired communication, by satellite, etc., but those are the tasks of your compatriots. Your single task is to knock out their Wi-Fi communication indefinitely, or at least, as long as possible.

How We'll Get the Job Done

In this tutorial, we will use Aircrack-ng and a BASH shell script that will DoS a wireless AP continuously. Unlike other resources on the web, APs are VERY easy to deny access to. There are multiple ways to DoS a wireless AP, but among the easiest is to use the de-authenticate frame.

Step 1: Put Your Wireless Adapter into Monitor Mode

First, fire up Kali and open a terminal. Then, in order to use Aircrack-ng effectively, we need to put our wireless adapter into monitor mode. This is the equivalent of promiscuous mode on a wired network card. When we do this, we can see all the wireless traffic passing through the air around us.

kali > airmon-ng start wlan0

 

Step 2: Use Airdump-Ng to Get the Parameters

Now that we have our adapter in monitor mode, we need to use Airdump-ng to view all the parameters of all the traffic around us.

kali> airodump-ng mon0

 

Note that the enemy's AP is named "TheDragonLair." That is the AP we will be DoSing, and that is the MAC address we need to write our script. In this case, it is 78:CD:8E:3B:B7:08, but yours, of course, will be different.

Step 3: Open a Text Editor & Write the Script

Now, we are going to use Aireplay-ng to de-authenticate the users on TheDragonLair AP. You will need a text editor to create our script. Here, I will be using Leafpad, but you can use any text editor of your choice.

We want a script that will send de-authentication frames to the AP and all clients, knocking everyone off the network. After doing so, we will give them 60 seconds to re-authenticate and then de-authenticate them again. We could write the script to send continuous de-authenticate frames, but that would likely be met with a countermeasure. We want to both confuse and block any effective wireless communication by the enemy.

Copy this script into your text editor, replacing the MAC address with the MAC address of your target AP. This simple script does the following.

  • #!/bin/bash tells the terminal what interpreter to use.

  • for i in {1..5000} creates a for loop that will execute our commands 5,000 times.

  • do contains the commands we want to execute. Everything after the do and before the done will be executed in each loop.

  • aireplay-ng sends the deauth frames 1,000 times (the default is continuous) to the MAC address of the AP (-a) from the interface mon0.

  • sleep 60s tells the script to sleep for 60 seconds. In this way, the clients will be able to re-authenticate for 60 seconds before we send another deauth flood. Hopefully, this short interval will lead them to believe that the problem is with their AP and not us.

  • done closes the for loop.

Please see the script below.

 

 

 

 

 

 

 

 

 

 

 

The way we have written this script, it will de-authenticate ALL clients. Some APs will not allow this, and we would have to rewrite this script with the individual MAC addresses we want to de-authenticate.

Now, save the script as wirelessDoS.

Step 4: Change Permissions

To be able to execute the script, we will need to give ourselves execute permissions. We use the Linux command chmod for this.

kali > chmod 755 wirelessDoS

 

Step 5: Execute the Script

Finally, we execute the script by typing:

kali > ./wirelessDoS

 

Now that we have disabled the enemy's wireless communication, they may try to block your MAC address. An advanced variation of this script would be one where you use a tool like macchanger to change your MAC address before each de-authentication making it much harder for the enemy to block you deauth frames.