Deauthentication problem with aieplay-ng

**geiszla** · 2015-09-13

I've already read multiple threads about this, but nobody seems to have the solution. I have an Acer V5-573G laptop with an Intel Dual Band Wireless-N 7260 WiFi card with iwlwifi-7260-10 driver installed (Kali Linux 2.0). I can successfully use airodump-ng: set the channel and bssid it should listen to, it can find the access point and the beacons count is rising. But when in a new terminal I try to use aireplay-ng it slows after 3 deauth attempts to about 1 deauth in a few seconds, and meanwhile the beacons count in airodump also stops, and even if I restart airodump no more traffic can be captured. It seems like the problem is with the channel, because if I change the channel in airorodump and change it back it works again (however if I change e.g. the bssid instead, nothing happens and airodump can't monitor the traffic).

The process:

Code:

root@AndrewLaptop:/home/andrewg# airmon-ng
PHY	Interface	Driver		Chipset

phy0	wlan0		iwlwifi		Intel Corporation Wireless 7260 (rev 73)

root@AndrewLaptop:/home/andrewg# airmon-ng check kill
Killing these processes:

  PID Name
  779 wpa_supplicant
  887 dhclient

root@AndrewLaptop:/home/andrewg# airmon-ng start wlan0
No interfering processes found
PHY	Interface	Driver		Chipset

phy0	wlan0		iwlwifi		Intel Corporation Wireless 7260 (rev 73)
		(mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon)
		(mac80211 station mode vif disabled for [phy0]wlan0)

Then:

Code:

airodump-ng -c 3 --bssid 10:7B:EF:59:EB:70 wlan0mon

I get this:

Code:

CH  3 ][ Elapsed: 6 s ][ 2015-09-13 20:40                                         
                                                                                                        
 BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID
                                                                                                        
 10:7B:EF:59:EB:70  -20 100      106       11    4   3  54e  WPA2 CCMP   PSK  GeiszlNet                 
                                                                                                        
 BSSID              STATION            PWR   Rate    Lost    Frames  Probe                              
                                                                                                        
 10:7B:EF:59:EB:70  24:A0:74:3D:F6:57  -61    0e-24      0        5                                      
 10:7B:EF:59:EB:70  D4:F4:6F:86:BF:15  -36    0e-24      1       14

An meanwhile in another terminal:

Code:

root@AndrewLaptop:/home/andrewg# aireplay-ng -0 0 -a 10:7B:EF:59:EB:70 wlan0mon
20:43:03  Waiting for beacon frame (BSSID: 10:7B:EF:59:EB:70) on channel 3
NB: this attack is more effective when targeting
a connected wireless client (-c <client's mac>).
20:43:03  Sending DeAuth to broadcast -- BSSID: [10:7B:EF:59:EB:70]
20:43:04  Sending DeAuth to broadcast -- BSSID: [10:7B:EF:59:EB:70]
20:43:04  Sending DeAuth to broadcast -- BSSID: [10:7B:EF:59:EB:70]

First 3 deauth request comes in under a second, then it slows down and meanwhile the beacon count in the airodump window stops, and I cant start a new airodump except if I change the channel and back again. If I start airodump again with another channel and then start with the same it can collect traffic again.

**Max555** · 2015-09-21

Have you tried setting the continuous attack to a fixed number say 5. This may make a difference. (-0 0 -a) to (-0 5 -a)

**kcdtv** · 2015-09-21

As suggested in the shell; instead of making "blind and global" desauth, use a concrete client (the one with better PWR and RXQ)

NB: this attack is more effective when targeting
a connected wireless client (-c <client's mac>).

And do not desauth permanently as suggested Max555
Starting with 5 has he sugested. If it doesn't work try with 15 or 30.
something like

Code:

(sudo) aireplay-ng -0 5 -a  10:7B:EF:59:EB:70 -c D4:F4:6F:86:BF:15 wlan0mon

**asecurity** · 2015-09-22

hi if you use kali2 you'd better use fern wifi cracker it hacks very easy & automatic

**geiszla** · 2015-09-25

Thanks for all the replies, here's a bit of update:
I tried changing the deauth number, same happens...
Tried sending to a client (-c), still the same with the following output:

HTML Code:

root@AndrewLaptop:~# aireplay-ng -0 5 -a 10:7B:EF:59:EB:70 -c D4:F4:6F:86:BF:15 wlan0mon
21:12:05  Waiting for beacon frame (BSSID: 10:7B:EF:59:EB:70) on channel 3
21:12:06  Sending 64 directed DeAuth. STMAC: [D4:F4:6F:86:BF:15] [ 1| 1 ACKs]
21:12:07  Sending 64 directed DeAuth. STMAC: [D4:F4:6F:86:BF:15] [13| 0 ACKs]
21:12:15  Sending 64 directed DeAuth. STMAC: [D4:F4:6F:86:BF:15] [ 0| 0 ACKs]
21:12:16  Sending 64 directed DeAuth. STMAC: [D4:F4:6F:86:BF:15] [ 0| 0 ACKs]
21:12:25  Sending 64 directed DeAuth. STMAC: [D4:F4:6F:86:BF:15] [ 0| 0 ACKs]

Tried wifite and fern-wifi-cracker too, all got stuck at the deauthentication part, also tried wps crack, which seems not to work as well. The weird part is, that other types of attack, which use the wifi card (mitm, sslstrip) work just fine. So at first I thought that there would be a problem with the driver, but now it seems more like something with aircrack (as wifite and fern are also using aircrack-ng as I understand). I hope it's only a bug in kali 2.0 and that aircrack team will fix it soon.

**soxrok2212** · 2015-09-25

Have you tested injection to see if your card is actually supported? http://www.aircrack-ng.org/doku.php?id=injection_test

**geiszla** · 2015-09-26

Originally Posted by soxrok2212

Have you tested injection to see if your card is actually supported? http://www.aircrack-ng.org/doku.php?id=injection_test

On the aircrack-ng wireless card compatibility page it says it should work. (http://www.aircrack-ng.org/doku.php?...#compatibility)

Intel wireless cards are common devices found inside most laptops apart from Broadcom, Atheros, Ralink and Realtek. These devices has native linux support and generally do work well for most parts except for Intel's older chipsets such as ipw2200. 3945 owners are recommended to use iwl3945 as the older driver ipw3945 does not have monitor or injection capability and requires ipwraw-ng and is often not easy to work with ipwraw-ng. Owners of 4965 and later has support with iwlagn.

However injection test doesn't work (No answer...), and I also found a thread on aircrack forums, on which they conclude, that it probably doesn't support injection. (https://forum.aircrack-ng.org/index.php?topic=629.0) So I think that's it. I have a portable TP-Link adapter, I will use that for injection. Thanks for all your help.

**soxrok2212** · 2015-09-26

Internal cards and Intel cards most of the time don't work very well, unfortunately. Not to mention 802.11AC cards (which you have) are still relatively new and there hasn't been much work for monitor mode support. At least your TP-Link works

**bastian85** · 2015-10-07

Originally Posted by geiszla

I hope it's only a bug in kali 2.0 and that aircrack team will fix it soon.

The same here! In the 1.x-Versions of Kali (and the included aireplay-ng-versions) deauthentication was no problem. With kali 2.0 (same hardware) deauthentication with aireplay-ng does not work anymore.

**aanarchyy** · 2015-10-09

Test to see if injection is even working

aireplay-ng -9 interface

Edit: just noticed you said you already did that, nevermind.

Thread: Deauthentication problem with aieplay-ng

Thread Tools

Search Thread

Display

Deauthentication problem with aireplay-ng

Update

Conclusion

Tags for this Thread

Posting Permissions