**Note: The content in this article is only for educational purposes and understanding of cybersecurity concepts. It should enable people and organizations to have a better grip on threats and know how to protect themselves against them. Please use this information responsibly.**
A de-authentication attack aims to deny service to wireless networks. It targets the de-authentication feature in the IEEE 802.11 wireless protocol. This allows attackers to kick users off a Wi-Fi network against their will. When users lose their connection, they might connect to a fake access point without realizing it. The attacker sets up this rogue point to intercept data or launch more attacks. This type of attack puts Wi-Fi users at risk of stealing their information or becoming victims of further cyber threats.
How De-Authentication Attacks Work
- Identifying the Target: The attacker scans the wireless network to find connected clients and access points.
- Spoofing De-Authentication Frames: The attacker sends crafted de-authentication frames to the access point or client, tricking the network into believing they are legitimate requests.
- Forcing Disconnection: The target client receives the de-authentication frame and disconnects from the Wi-Fi network. The client may then fail to reconnect or connect to a rogue access point set up by the attacker.
Using WEF (Wi-Fi Exploitation Framework) for De-Authentication:
Installing WEF
git clone https://github.com/D3Ext/WEF.git
cd WEF
wef -i wlan0
Performing a De-Authentication Attack
- 1. Deauthentication attack
It will open a window where it will run Airodump-ng for scanning the APs. Let it run and wait till you find your target AP. Once it finds the target AP, hit enter to stop the scanning.
- After the scanning the APs, it will give the output:
BSSID: The MAC address uniquely identifies a wireless access point.
Channel: The frequency on which the wireless network operates.
Speed: The maximum data transfer rate of the network is in Mbps.
Privacy: The type of encryption used, like WEP, WPA, or WPA2.
Cipher: The encryption algorithm, such as TKIP or AES.
Authentication: The method of verifying user identity, like Open, WPA-PSK, or WPA-EAP.
Power: The signal strength of the access point measured in dBm.
Beacons: Frames sent periodically by the access point to announce the network.
ESSID: The name of the wireless network, also known as the SSID
- Give target no. (here, I am using 1 for Hidden Leaf)
- After giving the target no., we want to deauthenticate all the clients, for that we are using 1.
- Since we want to capture the handshakes, that’s why we are using y(for yes). Then, it will open an airodump-ng window where it will collect the handshakes of the reauthenticate who are trying to connect again.
- After that, we will be specifying the amount of deauth frames to send. (Packets used to disconnect clients from a wireless network.)
- Hit enter to launch the attack, and the clients will get disconnected from the target AP.
- Once the client gets disconnected from the target AP, they will try to reconnect, where our tool will capture the handshake. (that will be contain the AP password)
- After capturing the handshakes, we will try to crack the WPA/WPA2 handshake.
- For cracking the handshakes, we will use the dictionary file (rockyou.txt).
- After selecting the dictionary file, we are going to select the tool for cracking the handshake. (aircrack-ng)
- After selecting the cracking method, it will launch the Aircrack-ng for cracking the handshake using rockyou.txt, where it is gives us the key (spiderman)
Caught feelings for cybersecurity? It’s okay, it happens. Follow us on LinkedIn and Instagram to keep the spark alive.
