Welcome back, my aspiring cyberwarriors!
Now that you understand a bit of BASH scripting, let's try to use our BASH scripting skills in conjunction with our Wi-Fi Hacking skills to write a simple script to create a Denial of Service (DoS) to a Wi-Fi AP. If you are unfamiliar with the aircrack-ng suite of tools or Wi-Fi hacking, read these tutorials before proceeding here.
Our Cyber War Scenario Your side, the good guys, of course, are about to launch an attack against the bad guys. Your mission is to knock out all of the wireless communication from their field command and control center so that your army can attack without any notifications being sent via Wi-Fi.
Of course, in this scenario, we are only knocking out Wi-Fi communication. The bad guys could certainly still communicate by cellular phone, by wired communication, by satellite, etc., but those are the tasks of your compatriots. Your single task is to knock out their Wi-Fi communication indefinitely, or at least, as long as possible. How We'll Get the Job Done In this tutorial, we will use aircrack-ng and a BASH shell script that will DoS a wireless AP continuously. Unlike other resources on the web, APs are VERY easy to deny access to. There are multiple ways to DoS a wireless AP, but among the easiest is to use the de-authenticate frame. Step 1: Put Your Wireless Adapter into Monitor Mode First, fire up Kali and open a terminal. Then, in order to use Aircrack-ng effectively, we need to put our wireless adapter into monitor mode. This is the equivalent of promiscuous mode on a wired network card. When we do this, we can see all the wireless traffic passing through the air around us. kali > airmon-ng start wlan0
Step 2: Use airodump-ng to Get the Parameters Now that we have our adapter in monitor mode, we need to use Airdump-ng to view all the parameters of all the traffic around us. kali> airodump-ng wlan0mon
From this screen, we need to identify the enemy's BSSID and copy it. That is the AP we will be DoSing, and that is the MAC address we need to write into our script. Step 3: Open a Text Editor & Write the Script Now, we are going to use aireplay-ng to de-authenticate the users on enemy's AP. You will need a text editor to create our script. Here, I will be using Leafpad, but you can use any text editor of your choice.
We want a script that will send de-authentication frames to the AP and all clients, knocking everyone off the network. After doing so, we will give them 60 seconds to re-authenticate and then de-authenticate them again. We could write the script to send continuous de-authenticate frames, but that would likely be met with a countermeasure. We want to both confuse and block any effective wireless communication by the enemy.
Copy this script into your text editor, replacing the MAC address with the MAC address of your target AP. This simple script does the following.
#!/bin/bash tells the terminal what interpreter to use.
for i in {1..10} creates a for loop that will execute our commands 10 times.
do contains the commands we want to execute. Everything after the do and before the done will be executed in each loop.
aireplay-ng sends the deauth frames 100 times (the default is continuous) to the MAC address of the AP (-a) from the interface wlan0mon.
sleep 60s tells the script to sleep for 60 seconds. In this way, the clients will be able to re-authenticate for 60 seconds before we send another deauth flood. Hopefully, this short interval will lead them to believe that the problem is with their AP and not us.
done closes the for loop.
Please see the script below.
The way we have written this script, it will de-authenticate ALL clients. Some APs will not allow this, and we would have to rewrite this script with the individual MAC addresses we want to de-authenticate.
Now, save the script as wirelessDoS. Step 4: Change Permissions To be able to execute the script, we will need to give ourselves execute permissions. We use the Linux command chmod for this. kali > chmod 755 wirelessDoS Step 5: Execute the Script Finally, we execute the script by typing: kali > ./wirelessDoS Now that we have disabled the enemy's wireless communication, they may try to block your MAC address. An advanced variation of this script would be one where you use a tool like macchanger to change your MAC address before each de-authentication making it much harder for the enemy to block you deauth frames.