Hack Like a Pro: How to Get Even with Your Annoying Neighbor by Bumping Them Off Their WiFi Network —Undetected

Thanks OTW

Can you please tell some more about aircrack-ng, aireplay-ng, airodump-ng, airmon-ng just what are there functions & which one is used to crack the password

Criss:

Aircrack is used for password cracking, airmon for putting your wifi card into monitor mode, airodump for capturing wifi traffic and aireplay for injecting traffic into the AP.

I'm going to start a series on Wifi cracking soon.

OTW

So you dont need the wifipassword or be on his network for this to work?

No. This does not need any password.

If i want to crack a wireless password i will follow these steps :

Capture>Monitor>Inject>Crack am i right ???. After cracking do we get password in hashes or what

Criss:

Monitor, inject, capture and then crack. When cracking WEP, they come back as the password, but often in hex. When cracking WPA, you grab the hashed password and then crack.

OTW

I'm hoping to have a WEP cracking tutorial online next week and then WPA cracking soon after that.

Thanks Waiting to see the tutorial :)

How bout a privilege escalation tutorial, that would be great so that when we do log into a network when can actually browse the network as well ... is this something that you could accomplish ?

Thank You

Philippe:

There are multiple ways to do privilege escalation. One is to get Metasploit's meterpreter on the remote system and the meterpeter has a built in script for privilege escalation called "system".

OTW

or is it possible to upload a rat to another computer on the network and execute them somehow ?

What do you mean? If you seriously mean uploading a "file" (in this case a RAT) then good luck. I'm not sure if that's possible. But what you could do is fake the acces point using the evil twin method. then you can make sure they go to a certain site. and then it's only a matter of Metasploit skills to crack their computer. Buit uploading a file to a acces point? Nope! probably impossible.

Th3skYf0x

Phillipe:

It is possible to upload a RAT to another computer, but not through the AP. I'll do a tutorial on uploading a RAT in the near future, so stay tuned.

OTW

I would love to see your methods of uploading crypted rats :) Thank You

im a little bit confused is the apps ur using nmap? i already downloaded nmap but dont sure how this thing works :) ill follow you i really like ur methods :) ill spend everyday doing this so i can learn as much as i can :)

by the way idownloaded nmap is this app only for tracing ip.? in ur methods aircrack where can i download that? im using windows 8

Anonymous:

Download BackTrack 5. All the tools are in it.

OTW

I followed all the steps yet I get an error in the end stating that mon0 and the AP have different channels. Like mon0 is at channel 6 and AP at 4 so it can't deauth.

Help.

Sahir:

You have two options. First, you can keep trying the death until they are on the same channels as mon0 rotates through the channels. Second, you can set mon0 on the target channel by typing

airmon-ng start wlan0 channel <channel#>

Hope this helps.

OTW

so how long it takes to neighbor to connect back? have any specific time?

Dhinesh:

You can keep him off indefinitely by keeping the deauth frames running on his AP. Once those deauth frames stop, he can reconnect almost instantanteously.

OTW

Is there a way to counter this hack becouse my father uses it on me?
Please help me

Hilarious, Your dad is Hacking you. Awesome (well maybe not for you) :-) You know 100% its him?

Franek:

You can block his MAC address in the router control panel. I'm sure he will love that.

OTW

in some part of the tutorial you say to put airdump-ng mon0, but you need to put airodump-ng mon0. Carefull with that.

Thanks

while reading this post. An idea came in my mind is this possible that if i make a wifi access point with the same name as other like there an wifi called netgear if i create a hotsopt named netgear by mistake someone tries to connect with mine thinking of the original one.i get the pass

is this possible can u please explain how?
thank you

"Evil Twin" is the term for this.

Yes, it is. I will be writing a tutorial on this soon.

Hello,

Firstly, I have been reading many of your articles non-stop over the past 72 hours and really enjoying them. I finally decided to create an account and engage this community. I had a question concerning the very last step you give: the deauth with the MAC address. Which BSSIDdo I input? Several of them are the same BSSID, but underneath that several MAC addresses are listed. But the only one that seems to work is the BSSID at the very top. How can I tell if what I'm doing is working?

Alex:

You want to use the BSSID of the AP. Look across the line and see the AP's SSID. Choose the BSSID of the SSID you want to deauth on.

If you are doing it right, you will see any connected wireless adapter drop off the bottom of the screen.

OTW

I appreciate your swift response. I changed the "1" too "100" in the command so that I can more easily study what happens. As far as the wireless adapter dropping off the bottom of the screen as you mentioned, I haven't seen anything that resembles that. However I did notice that the "PWR" changes from -65ish to 0 for the duration of the deauth. Does this mean the script is working?

There are much much easier ways to do than installing backtrack.

Hi Jay,
Would you mind sharing how there are much much easier ways to do than installing backtrack?

i installed virtual Box and Kali
i opened aircrack-ng
and i typed "iwconfig wlan0"
I received this message:
No such device

How can i solve this?

Nick:

First, you need an aircrack-ng comptible wifi adapter.
Second, you need to attach the wifi adapter to the VM.

OTW

nick I how would I go about configure my wifi adaptor to aircrack? and how do I attack the wifi adapter?

No configuration is nessary if you use it in Kali. Your wireless adapter must be aircrack-ng compatible.

so ill have to buy an new wireless adapter? because im having the problem when I open aircrack-ng and I typed "iwconfig wlan0"

I received this message: No such device

If you are using a VM, you will need an external wireless adapter. If you want to use aircrack-ng, you will need an aircrack-ng compatible adapter.

Is there a more up-to-date version to do this neighbor booting method in 2022? I tried with the virtual machine as well and having a hard time find a compatible wireless adapter. I'm using Kali on a VM using Windows 10. HP Pavilion G7 AMD Processor, SSD.

ok thanks

Sorry if i missed it in the comments or the article, im new here, but how do you know which MAC Address/access point your "neighbor" is?

Alaris:

Welcome to Null Byte!

Check out the step above where we used airodump-ng to see all the MAC addresses. If you know your neighbor's SSID, just match it up with the BSSID in the first column.

OTW

What do you do if you dont know their SSID? Is their a way to find it?
I also just installed Kali Linux and am using it by dual boot

Sorry for posting so many comments, but i just tried to use the airdump-ng mon0 command and got this "bash: airdump-ng: command not found"

You spelled it wrong.

Airodump-ng

ah, thank you.

So I have the command incuding the BSSID, and the only id connected is the same one I previously put in. Do I use the same thing for the deauth command?

Show us a screenshot

How would you automate this in a python script as you say is possible? What is the module to get aireplay commands in python?

You don't need Python, just a BASH script. Check out my post on DoSing a AP continuously.

My annoying neighbor was smarter than expected, he knows how to hack on passwords now he got into MY WiFi and got even more annoying

I am new to this and wanted to know that I don't use any external wireless usb adapter but my laptop runs on wifi. So even if I connect my host wifi in virtualbox, why doesn't the iwconfig command work??

Blaze:

The virtual machine converts your wifi to wired (eth0). You will need an external wifi adapter with a VM. Also, most wifi adapters won't work with aircrack-ng. You need an aircrack-ng compatible wireless adapter. Check for compatibility at www. aircrack-ng.com.

OTW

Well I already know the WIFI Password of my Neighbor. So what do I now need to do?

Then all you need to do is to authenticate against his AP and use your MAC address in in the aireplay-ng command.

sorry i meant WIFI not WLAN (certainly a common mistake of Germans)

hi.. can you help me? I try to disconnect my neighbor who connects to my network but it says invalid AP MAC Address.

So he's inside your network ? So what, you run an unecrypted wifi connection ? Or he stole your password ? This is a different scenario than the one portrayed in this tutorial. You can do pretty anything to that annoying leecher. From mitm, to rickrollin' all his pages, intercept traffic, eventually ban him from the network with a mac filter.

Anyway, post some screens, like OTW said.

Please send a screenshot of your airodump-ng and your aireplay-ng commands.

I'm sorry, I don't really know if he's inside my network or not. it's just my thought. just want to disconnect this guy over here because he seems really fishy but every time I use aireplay-ng but it says no such BSSID available. can you guys tell me about it?

An easier way to check if someone is on your network is to check your router's DHCP settings. All computers that connected recently will be listed there.

How can i deauthenticate everyone in a particular AP.
is there any script or any command
please tell.. OTW

When I run (airmon-ng start wlan0) it creates (wlan0mon) and I get this error when I attempt to airdump.

ioctl(SIOCSIWMODE) failed: Device or resource busy

ARP linktype is set to 1 (Ethernet) - expected ARPHRDIEEE80211,
ARPHRDIEEE80211FULL or ARPHRDIEEE80211PRISM instead. Make
sure RFMON is enabled: run 'airmon-ng start wlan0mon <#>'
Sysfs injection support was not found either.

Is this because my adapter is not compatible, I need another one? I've noted that it says injection support not found, could it be another issue though?

write airodump-ng wlan0mon
it will start work.mine also creates (wlan0mon) as well.

Good tut, thanks OTW!

I keep getting "No such BSSID available", then asks for the ESSID (-e). When I add the ESSID, it says "Waiting for beacon frame", then doesn't do anything.

To be clear, I'm trying to kick my laptop off of my net while running Kali in my VM on an external network card. I put eth0 down, so the VM has no connection to my network. I set my network card to monitor via iwconfig manually, because airmon doesn't seem to want to do it. (AWUS036NH)

aireplay-ng --deauth 1 -a ma:cm:ac:ma:cm:ac wlan0
Waiting for beacon frame (BSSID: 00:23:15:8B:A3:60) on channel 4
No such BSSID available.
Please specify an ESSID (-e).

---

aireplay-ng --deauth 1 -a ma:cm:ac:ma:cm:ac -e ESSID wlan0
Waiting for beacon frame (BSSID: 00:23:15:8B:A3:60) on channel 4
........................................almost fell asleep at this point.........

So, your trying to knock yourself off your wireless network?

Basically, yes. A guy's gotta learn somehow. I also tried knocking my phone off the network. Same deal.

edit: Actually, even with the -e, it comes back with "No such BSSID available." Now, just like without the -e, it's timing out after 10 seconds.

Let's start with the obvious. You are sending packets to deauth your own wireless adapter and it times out after 10 seconds. Can you think of any possible reasons?

I may be missing something, so bear with me while I explain... I'm using my external wireless adapter to deauth my internal adapter from the network. The external is not connected to the AP, is in monitor mode, and is controlled only by the VM. The internal (eth0) is down from the VM.

If I'm understanding where you're going, I'm not attacking "myself", but, as far as I know, a computer on a target AP that I'm not connected to. That is, unless I misunderstood something. I got the same result, however, when I tried to knock my phone off the network.

Send screenshots of airmon and aireplay commands.

http://imgur.com/a/y2scK

I can't think why this might be doing this... I made sure my eth0 was down (VM), so I theoretically have no access to the outside world. airmon-ng didn't seem to want to set the card into monitor mode, so I had to do it manually. I also made sure to forget all previous networks. I installed Kali from the images on the Kali site for VirtualBox, then ran apt-get update/upgrade. Hopefully this is sufficient background. In case I forget to say it later, thanks for the help.

First of all thank you OTW for your excellent tutorial, as well as the inspiration to grow my computer skills and delve into the wonderful world of Linux. I have a few questions I am hoping you could answer for me, I have read through previous comments and it seems they haven't been asked. When deauthing an access point is there any evidence available showing the amount of time it is offline (I notice during deauth the pwr goes from its -67 to 0), in addition does deauthing leave any trace of your equipment's MAC, IP, or ISP? From my understanding it uses the MAC of the machine being deauthed, but I wan't sure if perhaps an expert would have the ability to find where the deauth originated. I look forward to your response.

Best regards, G. Viceroy

Viceroy:

Every attack can be traced by a good forensic investigator and enough resources. In this case, it uses an authenticated user's MAC address, the packets are going through an ISP and no IP address has been obtained. This makes it difficult to find where the deauth originated from.

OTW

I'm using this attack and try to make my other computer disconnected from my own wifi. It actually sends deauth packets but nothing happens.

root@kali:~# aireplay-ng --deauth 1 -c 8c:dc:d4:93:20:bd -a a4:b1:e9:aa:98:83 wlan0mon
13:57:21 Waiting for beacon frame (BSSID: a4:b1:e9:aa:98:83) on channel 11
13:57:22 Sending 64 direct DeAuth. STMAC: 8C:DC:D4:93:20:BD 11|12 ACKs

I'm on the right channel, with the right BSSID and the right MAC address, but nothing happens afterwards. My wireless adapter is Atheros AR928X and must be compatible.

Any idea? :/

Hi and thanks for the tutorial.
I'm new to this so bear with me if the questions are basic.

Do I need any additional hardware to do it? or is it enough with the inbuilt WiFi card in my laptop?
Can this be done using aircrack-ng running on Windows 7 Pro?
Can this be done using kali instead of BackTrack?
Thanks

Can I do this without a wired Ethernet cable?

@PRANAV

I would highly suggest you do this without any connection to the internet at all so yes.

!!!!!It is not mentioned in the tuto but most routers/modems will keep a log on the incident....!!!!! So as some one asked >> can this attack be traced back to you<<

Yes and fairly easy to .. so what you wanna do is
(Never do anything from your home address gps tracking is a risk)

1. boot up a live kali from an bootable encrypted usb penn
2. make sure that the internal network devices are switched off
3. change your mac address before putting external wifi device into monitor mode
4. delete the usb-penn "safely"

That way you will make sure that even if the attack is being investigated there will be no evidence pointing towards you.. ;)

I am failing to perform the last step successfully.

When I enter "aireplay-ng --deauth 1 -a 98:0C:A5:D3:8F:63 wlan0mon" , I get the response " 16:40:56 Waiting for beacon frame (BSSID: 98:0C:A5:D3:8F:63) on channel 8

16:41:06 No such BSSID available.
Please specify an ESSID (-e)."

Am I doing something wrong? I am using latest kali. I would also like to know how can I figure out who if someone plays such a trick with me or others.

Sir! Please make a tutorial on hacking any android device using malicious Open Wifi.

I am completely new so please forgive me for the stupid questions. Do I need to run Linux to do this? Any suggestions for Mac iOS?

For a Mac, make sure the OS has an X.

Hey there. Ive got a Question for you guys. How do you know with certainty which AP belongs to each neighbor?

Also, on the aircrack-ng man, it talks about having a GPS on your computer to geolocate APs. Which GPS model should I consider buying or is that not necessary?

Many thanks in advance!

Hello OTW, I finally got my adapter that is compatible with Kali Linux. I have followed all the steps and they work until i get to the very last step. I've even tried changing the channel like you mentioned in another comment. I'm attaching two screenshots, one of the error message as well as one of the BSSID and the 3 MAC addresses i'm trying to target on their network. (I have to see which of the 3 of his MAC addresses is the one i'm targeting) Side-note, my monitor mode is sometimes mon0 and sometimes mon1

Thank you! Stuff nice to know these days. But, I face a different prob. I was cut-off from the real Internet, while still paying for exactly that.