banner Expire 1 October 2024
Ad Ends 13 October 2024
ad End 25 April 2025
Ad Ends 13 October 2024
banner Expire 25 April 2025
banner Expire 16 November 2024
ad expire at 08 november 2024
What's new
banner Expire 16 November 2024
Ad Ends 20 January 2025
banner Expire 11 November 2024
Adv exp on 11 NOv 2024
banner Expire 15 January 2025
Ad expire at 5 August 2024
banner Expire 20 October 2024
Western union transfer
UniCvv
casino
swipe store
adv exp at 23 August 2024
Carding.pw carding forum
BidenCash Shop
Kfc CLub

ESCO

TRUSTED VERIFIED SELLER
Staff member
Joined
Jun 28, 2020
Messages
6,564
Reaction score
715
Points
212
Awards
2
  • Somebody Likes you
  • First post
The owners of some wireless access points configure them so that they do not broadcast their name (ESSID). This is considered, in their opinion, additional protection (along with the password) TD.

Simply put, a hidden Wi-Fi network (hidden) is a network that is not visible in the list of available networks. To connect to it, you must enter its name manually.

In fact, this method of protection is untenable, if only because at certain moments the name of the wireless network (ESSID) is still broadcast in an open form.

There is a whole set of recommendations on how to protect your wireless router. But this type of protection (hiding the name of Wi-Fi), as well as filtering by MAC address, are not recommended for use, because they cause certain difficulties to legitimate users and do not provide any protection.

This material shows the failure of protection by hiding the network. The next section will show how easy it is to bypass MAC filtering.

How to see hidden Wi-Fi networks

Let's start with the fact that hidden networks are not so hidden. They are very easy to see with Airodump-ng. To do this, we translate our wireless card into monitor mode:

ifconfig wlan0 down && iwconfig wlan0 mode monitor && ifconfig wlan0 up

And run Airodump-ng:

airodump-ng wlan0


1542759723640-png.1758






Pay attention to line

20: 02: AF: 32 : D2:61 -40 108 3 0 6 54e WPA2 CCMP PSK <length: 3>

This is the “hidden” Wi-Fi network. All data, except for ESSID, is available on a par with other access points. And we already know something about the ESSID: <length: 3>. This means that the length of the name is 3 characters.

We will learn the name of this TD by running brute force using the mdk3 program. For now, let's move on to another hidden Wi-Fi network and find out its name with Airodump-ng.

Getting the name of a hidden Wi-Fi network using Airodump-ng
The network name (ESSID) is transmitted in the broadcast in the clear and can be intercepted during client connection. You can wait for the client to connect in a natural way, or you can speed up the process if you “knock out” (deauthenticate) from the access point. After that, it will immediately start to reconnect, the name of the network will appear in the broadcast in clear text, and we, in turn, will intercept it. The sequence of actions corresponds exactly to the one described in the article “Capturing handshakes in Kali Linux”. Therefore, if you are already familiar with it, then it will be quite easy for you.

We look available to attack the access point

airodump-ng wlan0



1542759798353-png.1759





Network with a hidden name:

20: 25: 64: 16: 58: 8C -42 1856 0 0 1 54e WPA2 CCMP PSK <length: 11>
Its BSSID is 20: 25: 64: 16: 58: 8C, the length of its name is 11 characters, it works on channel 1. So I run airodump-ng on the first channel:

airodump-ng wlan0 --channel 1

If you remember, during the handshake capture, I also indicated the -w key after which the file name prefix followed. This can be done now - since the seizure of a handshake does not prevent the identification of the name of the hidden TD. In this case, you will kill two birds with one stone at once.

You can do nothing - just wait for someone to connect or reconnect naturally. If you are in a hurry, you can force the process using de-authentication attack.

To do this, we open a new terminal window and type the command there:

aireplay-ng -0 3 -a 20: 25: 64: 16: 58: 8C wlan0

Here -0 means deauthentication, 3 means the number of sent packets, -a 20:25: 64: 16: 58: 8C is the CSS ID of the target AP, and wlan0 is the network interface in monitor mode.


The result was obtained almost instantly:





Line of interest:

20: 25: 64: 16: 58: 8C -34 100 1270 601 0 54e WPA2 CCMP PSK SecondaryAP

Ie The name of the "hidden" network is SecondaryAP .
 
Ad End 1 October 2024
Top