In this tutorial, we will use Aircrack-ng and a BASH shell script that will DoS a wireless AP continuously. Unlike other resources on the web, APs are VERY easy to deny access to. There are multiple ways to DoS a wireless AP, but among the easiest is to use the de-authenticate frame.

Step 1Put Your Wireless Adapter into Monitor Mode

First, fire up Kali and open a terminal. Then, in order to use Aircrack-ng effectively, we need to put our wireless adapter into monitor mode. This is the equivalent of promiscuous mode on a wired network card. When we do this, we can see all the wireless traffic passing through the air around us.

kali > airmon-ng start wlan0

Step 2Use Airdump-Ng to Get the Parameters

Now that we have our adapter in monitor mode, we need to use Airdump-ng to view all the parameters of all the traffic around us.

kali airodump-ng mon0

Note that the enemy’s AP is named “TheDragonLair.” That is the AP we will be DoSing, and that is the MAC address we need to write our script. In this case, it is 78:CD:8E:3B:B7:08, but yours, of course, will be different.

Step 3Open a Text Editor & Write the Script

Now, we are going to use Aireplay-ng to de-authenticate the users on TheDragonLair AP. You will need a text editor to create our script. Here, I will be using Leafpad, but you can use any text editor of your choice.

We want a script that will send de-authentication frames to the AP and all clients, knocking everyone off the network. After doing so, we will give them 60 seconds to re-authenticate and then de-authenticate them again. We could write the script to send continuous de-authenticate frames, but that would likely be met with a countermeasure. We want to both confuse and block any effective wireless communication by the enemy.

Copy this script into your text editor, replacing the MAC address with the MAC address of your target AP. This simple script does the following.

  • #!/bin/bash tells the terminal what interpreter to use.
  • for i in {1..5000} creates a for loop that will execute our commands 5,000 times.
  • do contains the commands we want to execute. Everything after the do and before the done will be executed in each loop.
  • aireplay-ng sends the deauth frames 1,000 times (the default is continuous) to the MAC address of the AP (-a) from the interface mon0.
  • sleep 60s tells the script to sleep for 60 seconds. In this way, the clients will be able to re-authenticate for 60 seconds before we send another deauth flood. Hopefully, this short interval will lead them to believe that the problem is with their AP and not us.
  • done closes the for loop.

The way we have written this script, it will de-authenticate ALL clients. Some APs will not allow this, and we would have to rewrite this script with the individual MAC addresses we want to de-authenticate.

Now, save the script as wirelessDoS.

Step 4Change Permissions

To be able to execute the script, we will need to give ourselves execute permissions. We use the Linux command chmod for this.

kali > chmod 755 wirelessDoS

Step 5Execute the Script

Finally, we execute the script by typing:

kali > ./wirelessDoS

Now that we have disabled the enemy’s wireless communication, they may try to block your MAC address. An advanced variation of this script would be one where you use a tool like macchanger to change your MAC address before each de-authentication making it much harder for the enemy to block you deauth frames.