Deauthentication Attacks
Theory
IoT devices are often either connected to a WiFi network or even host their own network for user to intact with it. A stable WiFi connection can be critical to some IoT devices.For example deauthentication is probably one of the most concerning things a drone pilot can experience, since when his controller is deauthenticated he is unable to control the drone appropriate.
Cheat Sheet
Using aireplay-ng
ARP-Spoofing:
Usage
1. Put the Wireless Interface in Monitor Mode
First, place your wireless network interface card in monitor mode. Replace wlan0
(should be shown in ifconfig
) with your interface name.
This will enable monitor mode on wlan0
and may rename it to something like wlan0mon
.
2. Identify Target Access Point and Clients
Next, use airodump-ng
to find the BSSID (MAC address) of the access point (AP) and the client(s) connected to it.
Take note of the BSSID of the target AP and the channel it is operating on.
3. Deauthenticate Target Client
Use the aireplay-ng
command to send deauthentication packets. Replace wlan0mon
with your monitor interface, AP_BSSID
with the BSSID of the access point, and CLIENT_MAC
with the MAC address of the target client.
Deauthenticate a specific client from an AP:
Here,
10
is the number of deauth packets to send (you can increase or decrease this as needed).Deauthenticate all clients from an AP:
Resources
https://book.hacktricks.xyz/generic-methodologies-and-resources/pentesting-wifi#deauthentication-packets https://en.wikipedia.org/wiki/Wi-Fi_deauthentication_attack
Last updated