Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

Sorry Guest, you are banned from posting and sending personal messages on this forum.

This ban is not set to expire.

[SSSnakehater]

Hello!

I recently got into using the aircrack-ng software.

I have successfully initiated an DeAuth attack to a 2.4GHz network on channel 1 but as soon as I change the channel to channel 100 to attack a 5GHz I am receiving the "No such BSSID available." error. I also switch to a dualband ASUS usb-N53 with 802.11 n WLAN. (This adapter worked with the 2.4Ghz network on channel 1 so I guess the adapter may not be the problem)

The loggs are:

^{root@kali-pi:~# aireplay-ng --deauth 0 -a xx:xx:xx:xx:xx:xx wlan1mon
06:59:22 Waiting for beacon fram (BSSID: xx:xx:xx:xx:xx:xx) on channel 100
06:59:32 No such BSSID available.}


I executed following commands in order:
airmon-ng start wlan1 100
aireplay-ng --deauth 0 -a xx:xx:xx:xx:xx:xx wlan1mon

[SSSnakehater]

Note:
I use airodump-ng to get available networks and my 5GHz network is detected.

[misterx]

Does the adapter support 5GHz?

Could you show the output of 'iw phy phy0 info' (replace phy0 by the one of the adapter from the airmon-ng output), and 'iw reg get'?

[SSSnakehater]

Yes it should support 5GHz

iw phy phy1 info

Code: [Select]

Wiphy phy1
max # scan SSIDs: 4
max scan IEs length: 2257 bytes
max # sched scan SSIDs: 0
max # match sets: 0
max # scan plans: 1
max scan plan interval: -1
max scan plan iterations: 0
Retry short long limit: 2
Coverage class: 0 (up to 0m)
Device supports RSN-IBSS.
Supported Ciphers:
* WEP40 (00-0f-ac:1)
* WEP104 (00-0f-ac:5)
* TKIP (00-0f-ac:2)
* CCMP-128 (00-0f-ac:4)
* CCMP-256 (00-0f-ac:10)
* GCMP-128 (00-0f-ac:8)
* GCMP-256 (00-0f-ac:9)
Available Antennas: TX 0 RX 0
Supported interface modes:
* IBSS
* managed
* AP
* AP/VLAN
* monitor
* mesh point
Band 1:
Capabilities: 0x2fe
HT20/HT40
SM Power Save disabled
RX Greenfield
RX HT20 SGI
RX HT40 SGI
TX STBC
RX STBC 2-streams
Max AMSDU length: 3839 bytes
No DSSS/CCK HT40
Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
Minimum RX AMPDU time spacing: 2 usec (0x04)
HT TX/RX MCS rate indexes supported: 0-15, 32
Bitrates (non-HT):
* 1.0 Mbps
* 2.0 Mbps (short preamble supported)
* 5.5 Mbps (short preamble supported)
* 11.0 Mbps (short preamble supported)
* 6.0 Mbps
* 9.0 Mbps
* 12.0 Mbps
* 18.0 Mbps
* 24.0 Mbps
* 36.0 Mbps
* 48.0 Mbps
* 54.0 Mbps
Frequencies:
* 2412 MHz [1] (20.0 dBm)
* 2417 MHz [2] (20.0 dBm)
* 2422 MHz [3] (20.0 dBm)
* 2427 MHz [4] (20.0 dBm)
* 2432 MHz [5] (20.0 dBm)
* 2437 MHz [6] (20.0 dBm)
* 2442 MHz [7] (20.0 dBm)
* 2447 MHz [8] (20.0 dBm)
* 2452 MHz [9] (20.0 dBm)
* 2457 MHz [10] (20.0 dBm)
* 2462 MHz [11] (20.0 dBm)
* 2467 MHz [12] (20.0 dBm)
* 2472 MHz [13] (20.0 dBm)
* 2484 MHz [14] (disabled)
Band 2:
Capabilities: 0x2fe
HT20/HT40
SM Power Save disabled
RX Greenfield
RX HT20 SGI
RX HT40 SGI
TX STBC
RX STBC 2-streams
Max AMSDU length: 3839 bytes
No DSSS/CCK HT40
Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
Minimum RX AMPDU time spacing: 2 usec (0x04)
HT TX/RX MCS rate indexes supported: 0-15, 32
Bitrates (non-HT):
* 6.0 Mbps
* 9.0 Mbps
* 12.0 Mbps
* 18.0 Mbps
* 24.0 Mbps
* 36.0 Mbps
* 48.0 Mbps
* 54.0 Mbps
Frequencies:
* 5180 MHz [36] (20.0 dBm)
* 5190 MHz [38] (20.0 dBm)
* 5200 MHz [40] (20.0 dBm)
* 5220 MHz [44] (20.0 dBm)
* 5230 MHz [46] (20.0 dBm)
* 5240 MHz [48] (20.0 dBm)
* 5260 MHz [52] (20.0 dBm) (radar detection)
* 5270 MHz [54] (20.0 dBm) (radar detection)
* 5280 MHz [56] (20.0 dBm) (radar detection)
* 5300 MHz [60] (20.0 dBm) (radar detection)
* 5310 MHz [62] (20.0 dBm) (radar detection)
* 5320 MHz [64] (20.0 dBm) (radar detection)
* 5500 MHz [100] (27.0 dBm) (radar detection)
* 5510 MHz [102] (27.0 dBm) (radar detection)
* 5520 MHz [104] (27.0 dBm) (radar detection)
* 5540 MHz [108] (27.0 dBm) (radar detection)
* 5550 MHz [110] (27.0 dBm) (radar detection)
* 5560 MHz [112] (27.0 dBm) (radar detection)
* 5580 MHz [116] (27.0 dBm) (radar detection)
* 5590 MHz [118] (27.0 dBm) (radar detection)
* 5600 MHz [120] (27.0 dBm) (radar detection)
* 5620 MHz [124] (27.0 dBm) (radar detection)
* 5630 MHz [126] (27.0 dBm) (radar detection)
* 5640 MHz [128] (27.0 dBm) (radar detection)
* 5660 MHz [132] (27.0 dBm) (radar detection)
* 5670 MHz [134] (27.0 dBm) (radar detection)
* 5680 MHz [136] (27.0 dBm) (radar detection)
* 5700 MHz [140] (27.0 dBm) (radar detection)
* 5745 MHz [149] (disabled)
* 5755 MHz [151] (disabled)
* 5765 MHz [153] (disabled)
* 5785 MHz [157] (disabled)
* 5795 MHz [159] (disabled)
* 5805 MHz [161] (disabled)
* 5825 MHz [165] (disabled)
* 5835 MHz [167] (disabled)
* 5845 MHz [169] (disabled)
* 5855 MHz [171] (disabled)
* 5865 MHz [173] (disabled)
Supported commands:
* new_interface
* set_interface
* new_key
* start_ap
* new_station
* new_mpath
* set_mesh_config
* set_bss
* authenticate
* associate
* deauthenticate
* disassociate
* join_ibss
* join_mesh
* set_tx_bitrate_mask
* frame
* frame_wait_cancel
* set_wiphy_netns
* set_channel
* set_wds_peer
* probe_client
* set_noack_map
* register_beacons
* start_p2p_device
* set_mcast_rate
* connect
* disconnect
* set_qos_map
* set_multicast_to_unicast
Supported TX frame types:
* IBSS: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* managed: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* AP: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* AP/VLAN: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* mesh point: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* P2P-client: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* P2P-GO: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* P2P-device: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
Supported RX frame types:
* IBSS: 0x40 0xb0 0xc0 0xd0
* managed: 0x40 0xd0
* AP: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
* AP/VLAN: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
* mesh point: 0xb0 0xc0 0xd0
* P2P-client: 0x40 0xd0
* P2P-GO: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
* P2P-device: 0x40 0xd0
software interface modes (can always be added):
* AP/VLAN
* monitor
valid interface combinations:
* #{ AP, mesh point } <= 8,
   total <= 8, #channels <= 1
HT Capability overrides:
* MCS: ff ff ff ff ff ff ff ff ff ff
* maximum A-MSDU length
* supported channel width
* short GI for 40 MHz
* max A-MPDU length exponent
* min MPDU start spacing
Device supports TX status socket option.
Device supports HT-IBSS.
Device supports SAE with AUTHENTICATE command
Device supports low priority scan.
Device supports scan flush.
Device supports AP scan.
Device supports per-vif TX power setting
Driver supports full state transitions for AP/GO clients
Driver supports a userspace MPM
Device supports configuring vdev MAC-addr on create.
iw reg get

Code: [Select]

global
country SE: DFS-ETSI
(2402 - 2482 @ 40), (N/A, 20), (N/A)
(5170 - 5250 @ 80), (N/A, 20), (N/A), AUTO-BW
(5250 - 5330 @ 80), (N/A, 20), (0 ms), DFS, AUTO-BW
(5490 - 5710 @ 160), (N/A, 27), (0 ms), DFS
(57000 - 66000 @ 2160), (N/A, 40), (N/A)


[misterx]

Have you killed the network managers prior to putting in monitor mode?

[SSSnakehater]

Now tried to start with:

Code: [Select]

airmon-ng check killgot:

Code: [Select]

Killing these processes:

 PID NAME
 359 wpa_supplicant
 443 wpa_supplicant
 449 dhclient
 500 dhclient
and then I executed the rest of the commands:

Code: [Select]

airmon-ng start wlan1 100
aireplay-ng --deauth 0 -a xx:xx:xx:xx:xx:xx wlan1monnow when I try

Code: [Select]

airodump-ng --bssid xx:xx:xx:xx:xx:xx wlan1mon i get no detected internets but when I try

Code: [Select]

airodump-ng -c 100 wlan1mon I do get the network I am looking for.
DeAuth still doesn't work, same error as before: No such BSSID available.

[misterx]

Just FYI, running airodump-ng without -c will make it channel hop on 2.4GHz.

If airodump-ng isn't showing the BSSID, even when on the right channel, then it's likely there is a typo in the BSSID

[SSSnakehater]

I used airodump-ng and it did show the correct BSSID, but when I strait out copied that BSSID and pasted it into the aireply-ng deauth command it still says:

Code: [Select]

Waiting for beacon fram (BSSID: xx:xx:xx:xx:xx:xx) on channel 136
No such BSSID available.(channel of the router have now been changed from the beginning of this post but I also changed the channel of the interface to 136 with

Code: [Select]

iwconfig wlan1mon channel 136 just saying to not cause any confusion later on)

But anyways there is no typo in the BSSID as it is shown in airodump-ng and copied right into aireplay-ng where it doesn't get recognised but instead it threw:

Code: [Select]

06:59:22 Waiting for beacon fram (BSSID: xx:xx:xx:xx:xx:xx) on channel 136
06:59:32 No such BSSID available. as an error even though airodump-ng is getting the correct BSSID.

[misterx]

You can try adding -D to aireplay-ng

[SSSnakehater]

I executed

Code: [Select]

airmon-ng check kill
airmon-ng start wlan1 136
iwconfig wlan1mon channel 36 # <-


With

Code: [Select]

aireplay-ng --deauth 0 -a xx:xx:xx:xx:xx:xx -c xx:xx:xx:xx:xx:xx -D wlan1monI get the output:

Code: [Select]

Sending 64 directed DeAuth (code 7), STMAC: [xx:xx:xx:xx:xx:xx] [62| 68 ACKs]
Sending 64 directed DeAuth (code 7), STMAC: [xx:xx:xx:xx:xx:xx] [78| 71 ACKs]
Sending 64 directed DeAuth (code 7), STMAC: [xx:xx:xx:xx:xx:xx] [17| 99 ACKs]
Sending 64 directed DeAuth (code 7), STMAC: [xx:xx:xx:xx:xx:xx] [17| 81 ACKs]
Sending 64 directed DeAuth (code 7), STMAC: [xx:xx:xx:xx:xx:xx] [401| 443 ACKs]
Sending 64 directed DeAuth (code 7), STMAC: [xx:xx:xx:xx:xx:xx] [89| 66 ACKs]
With no luck in interrupting my computers internet connection.
But I did get to slow down the internet connection from 110 Mb/s to around 50 Mb/s.
My goal is to get them to disconnect

[SSSnakehater]

Forgot to add comment to:

Code: [Select]

iwconfig wlan1mon channel 36 # <-

Code: [Select]

iwconfig wlan1mon channel 36 # <- tested an other internet with an other mac address and channel

[misterx]

Look in the pcap, it may be reconnecting automatically

[SSSnakehater]

What is pcap and what should I do in pcap?

[misterx]

It's the packet capture file, that has a .cap extension. Open it with wireshark to see if it reconnects, aka doing handshakes multiple time: https://aircrack-ng.org/doku.php?id=wpa_capture