Uncovering Hidden SSID

Here we go again, still on the attacking side. maybe when you go to whatever public places you will find some wifi access right? but some people decided to hide their SSID for some security reason, and usually they think that only hiding SSID and left it without password encyption is secure enough for not being access by unauthorized user. And I will show you how to be an unauthorized user for dat situation. B)

Let’s  begin. Now I just setup my Access Point with hidden SSID, Then I boot up my kali, get into my system, First check your wireless card, and from the information below i’ve got “wlan0” as my wireless interface.

1.png

 

Then you need to turn your wireless interface into monitoring mode with command below, after that check your interface again to make sure that now you have similar information like this. But, on my device it says “wlan0mon” or whatever appear with monitoring function usually it will be “mon0” by default.

2.png

 

Then run this command “airodump-ng wlan0mon”  Then you’ll feel like an hax0r on movies lol :v

From this we can specify which AP to attack, as you can see, we’ve got bssid, channel, type encyption, and essid from our AP target. And there is a station information too, from that info you can monitor how many people using your network. to make it more specific you need to run this command. for more read the manual usage.

3.png

And this is what should appear on your terminal after insert that command, some of you would say why you blocked all the mac address that appears? Because I do it in real life, not virtual anymore, it could be privacy by the person who has that mac address, so I’m sorry for that. But why there is nobody connected? Because I don’t connect any device yet to my AP, and to see the change, and understanding the flow I highly recommended to stop your monitoring for a while, because now we’re trying to connect :p4.png

Connecting to AP test with my phone

5

6

 

Then let’s take a look to our terminal again and run the monitor. Tadaaa, That station is my phone.7.png

How can I get my SSID? We need to do something evil here, now we’re going to cut off the connection between AP and my phone. O really? can we do that? even we’re not connected yet? Ofcourse, why not :p

Run this evil command, once again for understanding how this command works just learn from the manual tools, because I’m not gonna discuss it here. Okay, what I’m going to tell you is, This attack called Deauthentication Attack, that will makes station cutted off from AP. And this type of attack is very hard to prevent. Why? find it yourself.

8.png

After you launch the deauth attack you better to keep monitoring that AP to see the changes, because usually client will do reauthenticate and gives us information about dat SSID :p

And this is what happen to my phone, my phone just disconnected from my AP by me, lol.

9

And meanwhile we get back to our monitor, boom, I’ve got the SSID.

10.png

And that’s it, now I can connect to that network with SSID Nabil-Abdat, I do this for pentesting only. Don’t try this at home public place.

DWYOR, I’m not responsible with your action. Please, Do it wisely for pentesting concern only (DO IT LOCALLY)