**Note: The content in this article is only for educational purposes and understanding of cybersecurity concepts. It should enable people and organizations to have a better grip on threats and know how to protect themselves against them. Please use this information responsibly.**
A de-authentication attack aims to deny service to wireless networks. It targets the de-authentication feature in the IEEE 802.11 wireless protocol. This allows attackers to kick users off a Wi-Fi network against their will. When users lose their connection, they might connect to a fake access point without realizing it. The attacker sets up this rogue point to intercept data or launch more attacks. This type of attack puts Wi-Fi users at risk of stealing their information or becoming victims of further cyber threats.
How De-Authentication Attacks Work
- Identifying the Target: The attacker scans the wireless network to find connected clients and access points.
- Spoofing De-Authentication Frames: The attacker sends crafted de-authentication frames to the access point or client, tricking the network into believing they are legitimate requests.
- Forcing Disconnection: The target client receives the de-authentication frame and disconnects from the Wi-Fi network. The client may then fail to reconnect or connect to a rogue access point set up by the attacker.
Using WEF (Wi-Fi Exploitation Framework) for De-Authentication:
Installing WEF
git clone https://github.com/D3Ext/WEF.git
cd WEF
wef -i wlan0
Performing a De-Authentication Attack
- 1. Deauthentication attack
It will open a window where it will run Airodump-ng for scanning the APs. Let it run and wait till you find your target AP. Once it finds the target AP, hit enter to stop the scanning.
- After the scanning the APs, it will give the output:
BSSID: The MAC address uniquely identifies a wireless access point.
Channel: The frequency on which the wireless network operates.
Speed: The maximum data transfer rate of the network is in Mbps.
Privacy: The type of encryption used, like WEP, WPA, or WPA2.
Cipher: The encryption algorithm, such as TKIP or AES.
Authentication: The method of verifying user identity, like Open, WPA-PSK, or WPA-EAP.
Power: The signal strength of the access point measured in dBm.
Beacons: Frames sent periodically by the access point to announce the network.
ESSID: The name of the wireless network, also known as the SSID
- Give target no. (here, I am using 1 for Hidden Leaf)
- After giving the target no., we want to deauthenticate all the clients, for that we are using 1.
- Since we want to capture the handshakes, that’s why we are using y(for yes). Then, it will open an airodump-ng window where it will collect the handshakes of the reauthenticate who are trying to connect again.
- After that, we will be specifying the amount of deauth frames to send. (Packets used to disconnect clients from a wireless network.)
- Hit enter to launch the attack, and the clients will get disconnected from the target AP.
- Once the client gets disconnected from the target AP, they will try to reconnect, where our tool will capture the handshake. (that will be contain the AP password)
- After capturing the handshakes, we will try to crack the WPA/WPA2 handshake.
- For cracking the handshakes, we will use the dictionary file (rockyou.txt).
- After selecting the dictionary file, we are going to select the tool for cracking the handshake. (aircrack-ng)
- After selecting the cracking method, it will launch the Aircrack-ng for cracking the handshake using rockyou.txt, where it is gives us the key (spiderman)
