Question How to Hack a Hidden Network? <BSSID>

Discussion in 'Xiaopan Support' started by ktgoh, 24 Jun 2012.

  1. ktgoh

    ktgoh Active Member

    Joined:
    19 Jun 2012
    Messages:
    27
    Likes Received:
    2
    is it possible to launch an attack on a hidden network by using reaver or feeding bottles??
     
  2. Mr. Penguin

    Mr. Penguin Administrator
    Staff Member Admin Moderator VIP

    Joined:
    18 May 2012
    Messages:
    3,096
    Likes Received:
    1,195
    Have you researched this before asking that question? what information did you find?
     
  3. ktgoh

    ktgoh Active Member

    Joined:
    19 Jun 2012
    Messages:
    27
    Likes Received:
    2
    i have try but not success, is it possible??
    sorry if i have posted a newbie question.
     
  4. Pascal

    Pascal Wifi Sniffer
    Staff Member Moderator VIP

    Joined:
    6 Jun 2012
    Messages:
    211
    Likes Received:
    89
    Yes, if you use backtrack with Kismet ;)
     
  5. ktgoh

    ktgoh Active Member

    Joined:
    19 Jun 2012
    Messages:
    27
    Likes Received:
    2
    thanks pascal for the info, will try bt5 then.
     
  6. Pascal

    Pascal Wifi Sniffer
    Staff Member Moderator VIP

    Joined:
    6 Jun 2012
    Messages:
    211
    Likes Received:
    89
    Kismet will not allow you to find a hidden SSID. Or more precisely if, but only if it is listening for a client to connect to the network in question. But it, also knows how Airodump;) So either you wait for a client to connect, or you force a client disconnected (aireplay-ng -0) and wait it reconnects.
    You can also use MDK3 to try to bruteforce the SSID, but it's longer and less certain.


    Example :


    aireplay-ng -0 5 -a 00:15:8G:8E:24:78 -c 00:4F:H5:33:45:12 ath0

    AND

    Meanwhile, in another console, you must run an airodump keyed on the right channel, so for example:
    airodump-ng -c <canal> ath0



    It is not necessarily required to have Backtrack, but only to disconnect the station PA;) After Airodump, read the BSSID in your authentication request;)
     
  7. ktgoh

    ktgoh Active Member

    Joined:
    19 Jun 2012
    Messages:
    27
    Likes Received:
    2

    thanks pascal, will try when i fin bt5r2
     
  8. Alessio

    Alessio Active Member

    Joined:
    28 May 2012
    Messages:
    19
    Likes Received:
    1
    I tried using a hidden network, of which I know the SSID ... I try to put it in quotes but is completely blocked. Why?
    P. S. I tried the mac macchanger but the only change in the window ... appears when I connect the real one. why?
     
  9. Pascal

    Pascal Wifi Sniffer
    Staff Member Moderator VIP

    Joined:
    6 Jun 2012
    Messages:
    211
    Likes Received:
    89


    Hello Alessio;)

    If you want to tackle a hidden network, you need desauthentifier the client station. At its next re-connection, Kismet will give you the SSID.

    Airodump more logically should be able to see at the same time as Kismet ..


    For your problem, if you know the SSID (this is you sure?), Logically you try to copy the MAC address of the client that connects to the station?

    NO, NO and NO ... If the station has a MAC address filtering, you need two cards ...

    1 / the first card will be used to send requests to deauthentification between the station and the client so as not to allow the client to connect.

    2 / the second card will be used to create an identical station (with dhcp server) (then a mac address identical to the latter)


    In operation, the first prevents the client from connecting to the station, with the second you simulated the originating station and as the client can not be connected to it (because of the requests for deauthentification), it'll connect to the fake access point you have created and thus recover the key. ;)
     
  10. Alessio

    Alessio Active Member

    Joined:
    28 May 2012
    Messages:
    19
    Likes Received:
    1
    Thanks very much.
    I can not change mac with XiaoPan ...
    Even if I write
    ifconfig wlan1
    macchanger-r wlan1
    ifconfig wlan1 up
    ... when I analyze the network with airodump-ng with another card, the MAC associated is the original not spoofed.
    However when the SSID was visible, I managed to find the PIN in a second. Now that is hidden I can not grind a pin. Seems it can join but instead stays on the first pin.
    I think that the SSID is not changed because with WinXP I can associate myself with the old SSID, but once it disconnect, as when the password is wrong.
     
  11. Pascal

    Pascal Wifi Sniffer
    Staff Member Moderator VIP

    Joined:
    6 Jun 2012
    Messages:
    211
    Likes Received:
    89
    You can have a PIN as an alternative algorithm provides during installation of the router ... (protection by the access provider is distributed with the CD drivers from the router) ... To change the MAC address, it is possible that your card does not accept it but this seems doubtful if you switch to the monitor .. Try in privileging the wlan0 and giving us the make and model of your card because the worries may be due to bad drivers ...
     
  12. Alessio

    Alessio Active Member

    Joined:
    28 May 2012
    Messages:
    19
    Likes Received:
    1
    I use Alfa awus036h 1w
     
  13. Mr. Penguin

    Mr. Penguin Administrator
    Staff Member Admin Moderator VIP

    Joined:
    18 May 2012
    Messages:
    3,096
    Likes Received:
    1,195
Loading...
  • About Us

    We are a community mixed with professionals and beginners with an interest in wireless security, auditing and pentesting. Feel free to check out and upload resources.


    You can also find us on: Twitter and Facebook

  • Donate to Us

    Did you find our forums useful? Feel free to donate Bitcoin to us using the form below. Those who donate the equivlent of $10 USD or more will be upgraded to VIP membership. Don't have Bitcoin? Use your credit card to GO VIP here. Don't want to fork out some coin? There are other ways to GO VIP. Bitcoin: 1LMTGSoTyJWXuy2mQkHfgMzD7ez74x1Z8K