Aircrack-ng forum
General Category => Newbies => Topic started by: SSSnakehater on February 02, 2020, 08:12:14 pm
-
Hello!
I recently got into using the aircrack-ng software.
I have successfully initiated an DeAuth attack to a 2.4GHz network on channel 1 but as soon as I change the channel to channel 100 to attack a 5GHz I am receiving the "No such BSSID available." error. I also switch to a dualband ASUS usb-N53 with 802.11 n WLAN. (This adapter worked with the 2.4Ghz network on channel 1 so I guess the adapter may not be the problem)
The loggs are:
root@kali-pi:~# aireplay-ng --deauth 0 -a xx:xx:xx:xx:xx:xx wlan1mon
06:59:22 Waiting for beacon fram (BSSID: xx:xx:xx:xx:xx:xx) on channel 100
06:59:32 No such BSSID available.
I executed following commands in order:
airmon-ng start wlan1 100
aireplay-ng --deauth 0 -a xx:xx:xx:xx:xx:xx wlan1mon
-
Note:
I use airodump-ng to get available networks and my 5GHz network is detected.
-
Does the adapter support 5GHz?
Could you show the output of 'iw phy phy0 info' (replace phy0 by the one of the adapter from the airmon-ng output), and 'iw reg get'?
-
Yes it should support 5GHz
iw phy phy1 info
Wiphy phy1
max # scan SSIDs: 4
max scan IEs length: 2257 bytes
max # sched scan SSIDs: 0
max # match sets: 0
max # scan plans: 1
max scan plan interval: -1
max scan plan iterations: 0
Retry short long limit: 2
Coverage class: 0 (up to 0m)
Device supports RSN-IBSS.
Supported Ciphers:
* WEP40 (00-0f-ac:1)
* WEP104 (00-0f-ac:5)
* TKIP (00-0f-ac:2)
* CCMP-128 (00-0f-ac:4)
* CCMP-256 (00-0f-ac:10)
* GCMP-128 (00-0f-ac:8)
* GCMP-256 (00-0f-ac:9)
Available Antennas: TX 0 RX 0
Supported interface modes:
* IBSS
* managed
* AP
* AP/VLAN
* monitor
* mesh point
Band 1:
Capabilities: 0x2fe
HT20/HT40
SM Power Save disabled
RX Greenfield
RX HT20 SGI
RX HT40 SGI
TX STBC
RX STBC 2-streams
Max AMSDU length: 3839 bytes
No DSSS/CCK HT40
Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
Minimum RX AMPDU time spacing: 2 usec (0x04)
HT TX/RX MCS rate indexes supported: 0-15, 32
Bitrates (non-HT):
* 1.0 Mbps
* 2.0 Mbps (short preamble supported)
* 5.5 Mbps (short preamble supported)
* 11.0 Mbps (short preamble supported)
* 6.0 Mbps
* 9.0 Mbps
* 12.0 Mbps
* 18.0 Mbps
* 24.0 Mbps
* 36.0 Mbps
* 48.0 Mbps
* 54.0 Mbps
Frequencies:
* 2412 MHz [1] (20.0 dBm)
* 2417 MHz [2] (20.0 dBm)
* 2422 MHz [3] (20.0 dBm)
* 2427 MHz [4] (20.0 dBm)
* 2432 MHz [5] (20.0 dBm)
* 2437 MHz [6] (20.0 dBm)
* 2442 MHz [7] (20.0 dBm)
* 2447 MHz [8] (20.0 dBm)
* 2452 MHz [9] (20.0 dBm)
* 2457 MHz [10] (20.0 dBm)
* 2462 MHz [11] (20.0 dBm)
* 2467 MHz [12] (20.0 dBm)
* 2472 MHz [13] (20.0 dBm)
* 2484 MHz [14] (disabled)
Band 2:
Capabilities: 0x2fe
HT20/HT40
SM Power Save disabled
RX Greenfield
RX HT20 SGI
RX HT40 SGI
TX STBC
RX STBC 2-streams
Max AMSDU length: 3839 bytes
No DSSS/CCK HT40
Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
Minimum RX AMPDU time spacing: 2 usec (0x04)
HT TX/RX MCS rate indexes supported: 0-15, 32
Bitrates (non-HT):
* 6.0 Mbps
* 9.0 Mbps
* 12.0 Mbps
* 18.0 Mbps
* 24.0 Mbps
* 36.0 Mbps
* 48.0 Mbps
* 54.0 Mbps
Frequencies:
* 5180 MHz [36] (20.0 dBm)
* 5190 MHz [38] (20.0 dBm)
* 5200 MHz [40] (20.0 dBm)
* 5220 MHz [44] (20.0 dBm)
* 5230 MHz [46] (20.0 dBm)
* 5240 MHz [48] (20.0 dBm)
* 5260 MHz [52] (20.0 dBm) (radar detection)
* 5270 MHz [54] (20.0 dBm) (radar detection)
* 5280 MHz [56] (20.0 dBm) (radar detection)
* 5300 MHz [60] (20.0 dBm) (radar detection)
* 5310 MHz [62] (20.0 dBm) (radar detection)
* 5320 MHz [64] (20.0 dBm) (radar detection)
* 5500 MHz [100] (27.0 dBm) (radar detection)
* 5510 MHz [102] (27.0 dBm) (radar detection)
* 5520 MHz [104] (27.0 dBm) (radar detection)
* 5540 MHz [108] (27.0 dBm) (radar detection)
* 5550 MHz [110] (27.0 dBm) (radar detection)
* 5560 MHz [112] (27.0 dBm) (radar detection)
* 5580 MHz [116] (27.0 dBm) (radar detection)
* 5590 MHz [118] (27.0 dBm) (radar detection)
* 5600 MHz [120] (27.0 dBm) (radar detection)
* 5620 MHz [124] (27.0 dBm) (radar detection)
* 5630 MHz [126] (27.0 dBm) (radar detection)
* 5640 MHz [128] (27.0 dBm) (radar detection)
* 5660 MHz [132] (27.0 dBm) (radar detection)
* 5670 MHz [134] (27.0 dBm) (radar detection)
* 5680 MHz [136] (27.0 dBm) (radar detection)
* 5700 MHz [140] (27.0 dBm) (radar detection)
* 5745 MHz [149] (disabled)
* 5755 MHz [151] (disabled)
* 5765 MHz [153] (disabled)
* 5785 MHz [157] (disabled)
* 5795 MHz [159] (disabled)
* 5805 MHz [161] (disabled)
* 5825 MHz [165] (disabled)
* 5835 MHz [167] (disabled)
* 5845 MHz [169] (disabled)
* 5855 MHz [171] (disabled)
* 5865 MHz [173] (disabled)
Supported commands:
* new_interface
* set_interface
* new_key
* start_ap
* new_station
* new_mpath
* set_mesh_config
* set_bss
* authenticate
* associate
* deauthenticate
* disassociate
* join_ibss
* join_mesh
* set_tx_bitrate_mask
* frame
* frame_wait_cancel
* set_wiphy_netns
* set_channel
* set_wds_peer
* probe_client
* set_noack_map
* register_beacons
* start_p2p_device
* set_mcast_rate
* connect
* disconnect
* set_qos_map
* set_multicast_to_unicast
Supported TX frame types:
* IBSS: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* managed: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* AP: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* AP/VLAN: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* mesh point: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* P2P-client: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* P2P-GO: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* P2P-device: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
Supported RX frame types:
* IBSS: 0x40 0xb0 0xc0 0xd0
* managed: 0x40 0xd0
* AP: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
* AP/VLAN: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
* mesh point: 0xb0 0xc0 0xd0
* P2P-client: 0x40 0xd0
* P2P-GO: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
* P2P-device: 0x40 0xd0
software interface modes (can always be added):
* AP/VLAN
* monitor
valid interface combinations:
* #{ AP, mesh point } <= 8,
total <= 8, #channels <= 1
HT Capability overrides:
* MCS: ff ff ff ff ff ff ff ff ff ff
* maximum A-MSDU length
* supported channel width
* short GI for 40 MHz
* max A-MPDU length exponent
* min MPDU start spacing
Device supports TX status socket option.
Device supports HT-IBSS.
Device supports SAE with AUTHENTICATE command
Device supports low priority scan.
Device supports scan flush.
Device supports AP scan.
Device supports per-vif TX power setting
Driver supports full state transitions for AP/GO clients
Driver supports a userspace MPM
Device supports configuring vdev MAC-addr on create.
iw reg get
global
country SE: DFS-ETSI
(2402 - 2482 @ 40), (N/A, 20), (N/A)
(5170 - 5250 @ 80), (N/A, 20), (N/A), AUTO-BW
(5250 - 5330 @ 80), (N/A, 20), (0 ms), DFS, AUTO-BW
(5490 - 5710 @ 160), (N/A, 27), (0 ms), DFS
(57000 - 66000 @ 2160), (N/A, 40), (N/A)
-
Have you killed the network managers prior to putting in monitor mode?
-
Now tried to start with:
airmon-ng check killgot:
Killing these processes:
PID NAME
359 wpa_supplicant
443 wpa_supplicant
449 dhclient
500 dhclient
and then I executed the rest of the commands:
airmon-ng start wlan1 100
aireplay-ng --deauth 0 -a xx:xx:xx:xx:xx:xx wlan1monnow when I try airodump-ng --bssid xx:xx:xx:xx:xx:xx wlan1mon i get no detected internets but when I try airodump-ng -c 100 wlan1mon I do get the network I am looking for.
DeAuth still doesn't work, same error as before: No such BSSID available.
-
Just FYI, running airodump-ng without -c will make it channel hop on 2.4GHz.
If airodump-ng isn't showing the BSSID, even when on the right channel, then it's likely there is a typo in the BSSID
-
I used airodump-ng and it did show the correct BSSID, but when I strait out copied that BSSID and pasted it into the aireply-ng deauth command it still says:
Waiting for beacon fram (BSSID: xx:xx:xx:xx:xx:xx) on channel 136
No such BSSID available.(channel of the router have now been changed from the beginning of this post but I also changed the channel of the interface to 136 with iwconfig wlan1mon channel 136 just saying to not cause any confusion later on)
But anyways there is no typo in the BSSID as it is shown in airodump-ng and copied right into aireplay-ng where it doesn't get recognised but instead it threw: 06:59:22 Waiting for beacon fram (BSSID: xx:xx:xx:xx:xx:xx) on channel 136
06:59:32 No such BSSID available. as an error even though airodump-ng is getting the correct BSSID.
-
You can try adding -D to aireplay-ng
-
I executed
airmon-ng check kill
airmon-ng start wlan1 136
iwconfig wlan1mon channel 36 # <-
With
aireplay-ng --deauth 0 -a xx:xx:xx:xx:xx:xx -c xx:xx:xx:xx:xx:xx -D wlan1monI get the output:
Sending 64 directed DeAuth (code 7), STMAC: [xx:xx:xx:xx:xx:xx] [62| 68 ACKs]
Sending 64 directed DeAuth (code 7), STMAC: [xx:xx:xx:xx:xx:xx] [78| 71 ACKs]
Sending 64 directed DeAuth (code 7), STMAC: [xx:xx:xx:xx:xx:xx] [17| 99 ACKs]
Sending 64 directed DeAuth (code 7), STMAC: [xx:xx:xx:xx:xx:xx] [17| 81 ACKs]
Sending 64 directed DeAuth (code 7), STMAC: [xx:xx:xx:xx:xx:xx] [401| 443 ACKs]
Sending 64 directed DeAuth (code 7), STMAC: [xx:xx:xx:xx:xx:xx] [89| 66 ACKs]
With no luck in interrupting my computers internet connection.
But I did get to slow down the internet connection from 110 Mb/s to around 50 Mb/s.
My goal is to get them to disconnect
-
Forgot to add comment to:
iwconfig wlan1mon channel 36 # <-iwconfig wlan1mon channel 36 # <- tested an other internet with an other mac address and channel
-
Look in the pcap, it may be reconnecting automatically
-
What is pcap and what should I do in pcap?
-
It's the packet capture file, that has a .cap extension. Open it with wireshark to see if it reconnects, aka doing handshakes multiple time: https://aircrack-ng.org/doku.php?id=wpa_capture