2010
03.09

Airdrop-ng.. what I’ve learned

It’s been sometime since I’ve posted something, and I apologize. Changed jobs, then the training and getting used to the new people and work environment (which is still on going) has prevented me from investing time into learning new security related…stuff.

Well today I took the time to try out “airdrop-ng”. The new de-authentication tool developed by TheX1le if I’m not mistaken. The basic premise behind this python application is pretty simple: prevent or allow connections to wireless access points to clients. Either by MAC address, vendor name etc. Or by the access point’s MAC and vendor etc.
You can prevent 1 specific client to connect to any access point in your area, or allow only that 1 client to connect. The possibilities are enormous. In a nutshell, you’re deciding who can connect, and to what they are connecting.

Here’s the video presentation of airdrop-ng at Schmoocon 2010 – here -

Installing airdrop-ng is quite simple (as usual I’m using Backtrack 4):
I suggest reading the README file.

root@bt:~# apt-get install python-psyco
root@bt:~# cd /pentest/wireless/
root@bt:/pentest/wireless# svn co http://trac.aircrack-ng.org/svn/trunk/scripts/airdrop-ng
root@bt:/pentest/wireless/airdrop-ng/python install.py
root@bt:/pentest/wireless/airdrop-ng/airdrop-ng -u #this is to update the OUI text file

There you have it, it’s installed. Take the time to read the README file and examples and explanations found in the docs folder.

Using airdrop-ng is pretty easy (so far). For now I can only test it using 1 wireless card (second is one the way). It works with the single card, but I can see why it would better with 2.
Using only 1 card, you need to be specific in your rules file. For example, “d/ANY|ANY” won’t work as well as “d/ANY|Apple”. Since you need airodump-ng running the whole time airdrop-ng is. They seem to be battling each other for use of the card. Running the “d/ANY|ANY” with one card will generate lots of errors.
So “d/”AP MAC ADDY”|ANY” works also, but won’t completely deny access to the access point. As far as my tests here, my laptop would lose 50% of it’s pings. Although my laptop was still connected to the router, Internet access was pretty darn slow.

Guess that’s all for my findings on airdrop-ng so far. Once I get my second wireless adapter, I’ll be in a better position to experiment and report on it’s usage. TheX1le’s application is very nice, easy to use and understand. Besides a few typos in the documentation, it’s an easy read and something I suggest you do.

I’ll try and whip up a video of it in action in the next few weeks.
Thanks for reading, and remember to visit us at kioptrix.com