Discussion in 'Xiaopan Support' started by ktgoh, 24 Jun 2012.
is it possible to launch an attack on a hidden network by using reaver or feeding bottles??
Have you researched this before asking that question? what information did you find?
i have try but not success, is it possible??
sorry if i have posted a newbie question.
Yes, if you use backtrack with Kismet
thanks pascal for the info, will try bt5 then.
Kismet will not allow you to find a hidden SSID. Or more precisely if, but only if it is listening for a client to connect to the network in question. But it, also knows how Airodump So either you wait for a client to connect, or you force a client disconnected (aireplay-ng -0) and wait it reconnects.
You can also use MDK3 to try to bruteforce the SSID, but it's longer and less certain.
aireplay-ng -0 5 -a 00:15:8G:8E:24:78 -c 00:4F:H5:33:45:12 ath0
Meanwhile, in another console, you must run an airodump keyed on the right channel, so for example:
airodump-ng -c <canal> ath0
It is not necessarily required to have Backtrack, but only to disconnect the station PA After Airodump, read the BSSID in your authentication request
thanks pascal, will try when i fin bt5r2
I tried using a hidden network, of which I know the SSID ... I try to put it in quotes but is completely blocked. Why?
P. S. I tried the mac macchanger but the only change in the window ... appears when I connect the real one. why?
If you want to tackle a hidden network, you need desauthentifier the client station. At its next re-connection, Kismet will give you the SSID.
Airodump more logically should be able to see at the same time as Kismet ..
For your problem, if you know the SSID (this is you sure?), Logically you try to copy the MAC address of the client that connects to the station?
NO, NO and NO ... If the station has a MAC address filtering, you need two cards ...
1 / the first card will be used to send requests to deauthentification between the station and the client so as not to allow the client to connect.
2 / the second card will be used to create an identical station (with dhcp server) (then a mac address identical to the latter)
In operation, the first prevents the client from connecting to the station, with the second you simulated the originating station and as the client can not be connected to it (because of the requests for deauthentification), it'll connect to the fake access point you have created and thus recover the key.
Thanks very much.
I can not change mac with XiaoPan ...
Even if I write
ifconfig wlan1 up
... when I analyze the network with airodump-ng with another card, the MAC associated is the original not spoofed.
However when the SSID was visible, I managed to find the PIN in a second. Now that is hidden I can not grind a pin. Seems it can join but instead stays on the first pin.
I think that the SSID is not changed because with WinXP I can associate myself with the old SSID, but once it disconnect, as when the password is wrong.
You can have a PIN as an alternative algorithm provides during installation of the router ... (protection by the access provider is distributed with the CD drivers from the router) ... To change the MAC address, it is possible that your card does not accept it but this seems doubtful if you switch to the monitor .. Try in privileging the wlan0 and giving us the make and model of your card because the worries may be due to bad drivers ...
I use Alfa awus036h 1w
I can change the MAC address in Xiaopan, last time I checked: http://dishingtech.blogspot.com/2012/05/useful-xiaopan-terminal-commands.html