Tuesday, February 19, 2013

BackTrack 5: Bypassing Hidden SSID

Post Your Ads on this blog's posts for FREE any place you want !!!

Buddha was born in NEPAL. Visit UNESCO World Heritage site as proof by clicking the link:BUDDHA IS FROM NEPAL


Features of this post:
Related Post: crack wep password
                     bypass MAC filter
  1. Teaches you to use Wireshark
  2. Teaches you about the Hidden SSID
  3. Teaches you to bypass Hidden SSID

Our Facebook Page

Hello everybody! As mentioned earlier, today I have a stuff about Wireless Hacking. As you already know to hack or crack the WEP passwords of a visible network ( means when SSID is visible). I have mentioned the method to do so using BackTrack5 in my blog: http://loverofcode.blogspot.com/2013/02/specialized-linux-version-backtrack.html whose link I have posted while I posted the facts about BackTrack5 in earlier post in facebook. Sometime to increase the security (which is actually a false concept. I have explained about in earlier post on Feb 10 where I have mentioned process of finding your MAC addresses too. Or you can visit my blog: http://loverofcode.blogspot.com/2013/02/does-hidden-ssid-give-aid-to-network.html for that post) some people or organization use Hidden SSID or Hidden Network Name in their wireless network. Today's post is focused on the bypassing the Hidden SSID. Hope you will enjoy it!

#Click on images to view larger images or right click image and select open in new tab)

No Hidden SSID
Hidden SSID

Requirements:
1. Backtrack5 live-CD or Live USB
2. Wireless Receiver
3. Its better to go to a place where we get better signal of the wireless network that we are bypassing

Our Facebook Page

Steps:
a. Boot from live-cd or Live USB (prefer not to use Virtual Box)
b. At first, I will be teaching you to set your Wi-Fi network card or device into monitor mode which you will require later.
1. Open terminal and enter 'iwconfig'. This will show your cards that are properly detected.
You must have a card name 'Wlan0' otherwise your card is not detected by system.
2. Enter 'ifconfig wlan0 up' to bring the card up.
3. Verify step 2 using command 'ifconfig wlan0', you must see 2nd line starting with word UP.
4. Enter 'airmon-ng' to show detected wireless cards. You must see wlan0.
5. Enter 'airmon-ng start wlan0' to create monitor mode interface of wlan0.
6. Verify step 5 by using command 'airmon-ng' where you will see now 'mon0' just below wlan0.

Now your card is in monitor mode.

c. Enter 'wireshark' in terminal and WireShark will run.
(WireShark is used for various purposes but here we are using it for capturing the packets from mon0.)

d. click on Capture and then Interfaces in menu bar (Now, you will see a WireShark: Capture Interfaces)

e. Click 'Start' corresponding to mon0 (ignore others. WireShark will start capturing the packets.)

f. Look at info column in the table. You can resize it and make it bigger. Here you will find the SSID= bla bla bla. SSID will be shown in text is SSID is not hidden and in the case of hidden SSID is shown as "\000\000\000\000\000\000\000\000".

g. For bypassing it there are two simple ways. You may find many others too. they are: 1) Waiting the legitimate client to connect the access point which will generate Probe request which will make SSID visible. 2) Sending Deauthentication packets to all stations on behalf of the Wireless Network. This will disconnect all clients and reconnect again to network. 
We will be following no 2 because its faster.

h. Open terminal and enter " aireplay-ng -0 5 -a <source> mon0
Here, source is the Source from Source column which is a MAC address of access point. Enter other as it is.
This will send deauthentication packets to all clients.
Sending Deauthentication package
While sending Deauthentication package this is the effect you see in WireShark

i. When legitimate client connects back you will see Hidden SSID using probe request. To see those requests and SSID you need to add a filter in WireShark. In filter box enter '(wlan.bssid == <Source>) && !(wlan.fc.type_subtype == 0x08)'.
Enter source from Source column and other as it is. This will monitor the probe requests and give you with SSID of Hidden network.
BSSID found

You can view all types of Hidden SSID with this process. No matter whether it has WEP or WPA 1 or WPA 2 key.

Interesting Topics for you: 
Learn to Bypass MAC filter
Saving files before installing new windows
Top 5 web browsers

Hope you got it. If any doubts, feel free to post comment, I will make it clear.

Our Facebook Page
Don't forget to View my facebook page: https://facebook.com/fookash

Thank You!

11 comments:

  1. in step h. which MAC address of access point u r referring to.? is it the MAC address of the pc m running backtrack from ?

    ReplyDelete
    Replies
    1. No, its not the MAC address of your PC. Its MAC address of the access point (MAC address of device which broadcasts the WiFi network).
      In this step you take address from 'source' column shown in first or second figure than supply it.

      Thank You for your Query.

      Delete
  2. Hi enjoythecode,love the tutorial ,it's very nub-friendly.I'm using minidwep,and there on airdump-ng window I see stuff like power -1 ,channel 133,ssid .Now I am able to see client connected and the name of the probe for that router,now the question is:Is the name of the probe actually the ssid of router??And also what's with the 133 channel,it makes no seance,it also says it's open,should I trust that since the 133 channel it's not trustworthy?

    ReplyDelete
    Replies
    1. Minidwep is easy way to scan and hack WEP networks. But its not the fastest and reliable always. You must consider this.
      If its showing Channel 133 than that channel is of 3.6 GHz and is only being allowed as a licensed band in the United States. If you are from United States than you can go on (I don't know if that channel is allowed in other countries)
      I have a video for you from YouTube watch it. It will help you somehow. http://www.youtube.com/watch?feature=player_embedded&v=pQVn7yjr-bM#at=60

      Delete
  3. Hi...enjoythecode, need your assitance concerning this topic! Can i use external wi-fi station Nanostatin 2 (connected through the lan cable) to search all available wi-fi networks...instead of my internal wi-fi card? And how?

    ReplyDelete
    Replies
    1. You might have got the user manual of the Nanostation2 when you purchased it. If you haven't you can download from its site. Download Nano_Quick_Set-up.pdf file. There is your solution. You can download it by searching in google also. Search Term:- "Beginner's SETUP GUIDE for NANOSTATION-2 as receiver" on google search or search for pdf file itself.
      Thank You!

      Delete
  4. hello, after i found the SSID (the AP has an OPEN authentif. ) how i can connect to it , there is another AP with WEP security , can u explain :D thanks ?

    ReplyDelete
    Replies
    1. Sorry for late reply.
      In windows OS there will be two Hidden network notifications. One showing Open Hidden network and other closed/password protected hidden network. Even you have the same name you can connect to whichever you want to connect to.
      For connecting to open AP go through Open hidden Network and to connect to AP with WEP security go through closed/password protected Hidden Network.
      .
      In Linux (GUI) you can add network in wifi network, there leave write the AP name and in security select NONE or No Authentication. :P

      Delete
  5. can you also write about how to secure wifi ? thanks.

    ReplyDelete
  6. Bonjour à tous je partage mes dernier code Free Wifi ︻̷̿┻̿═━一 https://code-freewifi.com/

    CODE FREE WIFI 2016 ID 41010

    ReplyDelete
  7. bonjour Je vous partage mon site ou je partage des codes free wifi pour tous et fonctionnel free wifi code

    ReplyDelete