Lecture Transcript - Deauthentication Attack (Disconnecting Any Device From The Network)

Now, before leaving this section and moving to the gaining access section where I'm going to teach you how to break the different encryption and gain access to networks. I want to spend one more lecture talking about a really useful attack that still falls under the free connection attacks under this section.

The attack that I want to talk about is the authentication attack. This attack allows us to disconnect any device from any network before connecting to any of these networks. And without the need to know the password for the network to do this, we're going to pretend to be the client that we want to disconnect by changing our Mac address to the Mac address of that client. And tell the router that, I want to disconnect from you. Then we're going to pretend to be thereafter again by changing our Mac address to the writers Mac address and tell the client that you requested to be disconnected.

So I'm going to disconnect you. This will allow us to successfully disconnect or authenticate any client from any network. Now, we're actually not going to do this manually. We're going to use a tool called airplane energy to do that.

From the previous lecture, we know that this Mac address right here belongs to an Apple computer. And like I said, this Apple computer is actually my computer right here. And as you can see, this host machine is connected to this network right here, which is the same as the one that you see in here.

And it actually has internet access. So if I just look for a test, you'll see that I'm connected and I can look for things. I can use Google, so I have a proper working internet connection. Now we're going to come back here and we're going to use a tool called a replay engine to launch the authentication attack and disconnect this Mac computer from the internet. So we're going to type the name of the program, which is a replay, and you were going to tell it that I want to run a D authentication attack. Then I'm going to give it the number of the authentication packets that I want to send, so I'm going to give it a really large number so that it keeps sending these packets to both the router and the target device. Therefore, I'll disconnect my Typekit device for a very long period of time. And the only way to get it back to Kinect is to hit controlled C and quit A to play.

Next, I'm going to give a play and the Mac address of my target network, so I'm going to do Dash eight and give it the Mac address, which I'm going to copy from here. Then I'm going to use Dash Sea to give it the Mac address of the client that I want to disconnect.

And the client thought, I want to disconnect, is this client right here, which is the Apple computer like we said? So I'm going to copied and pasted here. If your target network runs on the five gigahertz frequency, then you'll have to add Dash Capital to the command in here.

But my target, as you can see it, uses 2.4 gigahertz. Therefore, I don't need to do this, and I'm simply just going to add my wireless card in monitor mode, which is more on zero. Now, it's very important to understand that this command will only disconnect the target client from the specified network.

So if there are other networks that the target client can connect to, it will automatically connect to them. So in many cases, it might connect to the five gigahertz version of the network, or it might connect to a completely different network that it already knows the password to.

And if it's a mobile device, it might even continue to have internet access through its mobile data plan. So it might seem like the attack did not work, but it actually worked, and the clients just disconnected from this network and is using another network to solve this.

All you have to do is simply open up a new terminal window and run the exact same command. But this time target the new network that the client connected to. I actually covered that along with more advanced topics in my advanced network.

I can course. Check out the bonus lecture at the last lecture of this course for more information about my advanced network hacking course and all of the other courses that you can take along with this course. So a very, very simple command worth type in a to play, and this is the name of the program that we're going to use. We're doing Dash Dash the oath to tell a replay and that I want to run the authentication attack. I'm giving it a really large number of packets so that it keeps sending the authentication packets to both the writer and the client and keeps the client disconnected.

I'm using Dash to specify the Mac address of the target router or the target access point. Then I'm using DC to specify the Mac address of the client. Finally, I'm giving it 10, which is the name of my wireless adapter in monitor mode.

Now you can run this command like this, and in most cases, it would work, but in very rare cases, this command will fail unless aero dump ng is running against the target network. So what I'm going to do now is I'm going to go back to my first terminal in here and I'm going to run aero dump ng using the command that we've seen before, and I don't want to write anything to a file, so I'm going to remove the right argument. So I'm just doing a normal aero dump ng command. I'm literally just giving it the best idea of my target network, and I'm giving it the target channel, and then I'm just going to hit enter. We have seen how to do this. We spent the full lecture on it. That's why I did it really quickly. And then I'm going to go back to the command that we wrote so far and I'm going to hit enter now as you can see a replay and it's telling me that it's sending the authentication packets. And if we go back here and lookup. You can see that I actually lost my connection. And I'm trying to connect back. So obviously, if I try to look for anything, so let's say Test two, you'll see I'll get stuck and nothing will load for me.

So the only way for me to connect back is if I go back here if I quit this by doing control, c quit this again and now my machine should be able to connect back and restore its connection.

This is actually very, very handy in so many ways. It's very useful in social engineering cases where you could disconnect clients from the target network and then called the user and pretend to be a person from the IT department and ask them to install a virus or a back door, telling them that this would fix their issue. You could also set create another fake access point and get them to connect to the fake access point and then start spying on them from that access point. And we'll see how to do that later on in the course.

And you can also use this to capture the handshake, which is what happened in here, actually. And this is vital when it comes to WPA cracking, and we'll talk about this once we get to the WPA cracking section.

So like I said, this is a small attack that can be used as a plug-in to other attacks or to make other attacks possible.