Wifi Hacking - Getting even harder -_-
Earlier I posted a topic titled "Help with Wifi Hacking". Summary = I hacked a WEP Key wireless network. But now I am trying more and more, and one day I decided to open up kismet and search for some networks. I found quite a bit (about 6, to be exact) of networks that weren't broadcasting their network name (essid). After searching the internet many times, the only thing I've found is to let kismet run and find the names. After letting it run for a few hours, it returned nothing. The names werent found. Is there any (preferably quicker) way to get the name of a network that isn't broadcasting it?
Unfortunately, you are in need of clients. Even though they do not broadcast their essids, they still send that information through certain packets. So start keeping a log on the ap, wait until you get some packets and dump them into something that can read those packets, wireshark is nice. Then, all you need to do is find the right auth packet that will show you the essid.
I have also heard of a mass deauthorization, which is supposed to forcefully disconnect all wireless clients of a specific network and force them to reconnect. If I could learn how to do that, would that help me in any way? I am looking for some way to do this that takes minutes, not hours of monitoring. Like the difference in BT3 of wesside-ng and aircrack's tools. Took me about an hour with aircrack's tools, and using wesside-ng took me 7 mins.
Yeah, but wesside-ng is skript kiddie central, unless you have learnt the manual way to do it, and you are comfortable with all the concepts relating to WEP hacking. Kismet sometimes throws up hidden access points, in which case, get the MAC address, whip out wireshark and learn the filter syntax to watch packets to that MAC. You could run a deauth once you start sniffing the network, this should (in theory) make everyone reconnect. Use aireplay-ng for this, and dont flood the network with deauths, thats DOS and its pointless.
jjbutler88 wrote: Yeah, but wesside-ng is skript kiddie central, unless you have learnt the manual way to do it, and you are comfortable with all the concepts relating to WEP hacking. Kismet sometimes throws up hidden access points, in which case, get the MAC address, whip out wireshark and learn the filter syntax to watch packets to that MAC. You could run a deauth once you start sniffing the network, this should (in theory) make everyone reconnect. Use aireplay-ng for this, and dont flood the network with deauths, thats DOS and its pointless.
Pretty much exact process you should do. I just switch up kismet with airodump-ng for finding bssid (MAC address), but that's just personal preference.
Should not take hours if you know what you're doing.
jjbutler88 wrote: Yeah, but wesside-ng is skript kiddie central, unless you have learnt the manual way to do it, and you are comfortable with all the concepts relating to WEP hacking. Kismet sometimes throws up hidden access points, in which case, get the MAC address, whip out wireshark and learn the filter syntax to watch packets to that MAC. You could run a deauth once you start sniffing the network, this should (in theory) make everyone reconnect. Use aireplay-ng for this, and dont flood the network with deauths, thats DOS and its pointless.
Yeah, I realized it was the way of the skids :D But if you are going to learn to do something then you might as well learn all ways of doing it. Thanks for all the help, I guess I'm going to go learn how to use wireshark now
gamecheater wrote: Wireshark didnt help -_- Although I did find a nice little article in the BT3 forums on how to brute force an ESSID or use a wordlist to find it. I guess that's what I'm gonna try next, and I'll post my results.
What did you do? What steps did you take? Where there any clients connected? Did you get a single packet from the ap?