Known as security though obscurity many people may hide there ssid's from broadcasting. Just like mac address blocking this is a worthless form of protection.
Having a hidden ssid less secure then many think. Its like the wizard hiding behind the curtain.
It just does not add any value to your security and like mac address blocking it adds complication with no reward.
Today I am going to show you how easy it is to reveal and find a hidden network using Kali Linux. First things first. Hidden SSIDs
You will sometimes see as the SSID on the airodump-ng display. This means the SSID is hidden. The “?” is normally the length of the SSID.
For example, if the SSID was “test123” then it would show up as where 7 is the number of characters. When the hidden ssid length 0 or hidden ssid length 1, it means the AP does not reveal the actual length and the real length could be any value.
You will need a Compatible Wireless card i recommend these Compatible Wireless Cards:
Alfa Networks AWUS036H
TP-LINK TL-WN722N
Let's get started!
Let's see what wireless cards are connected to our device using the following command:
iwconfig
Now we run the following command to find to find hidden networks around us.
airodump-ng wlan0
As you can see from the devices found we have one with a hidden SSID. This hidden SSID is depicted as
airodump-ng -c 5 --bssid BC:F6:85:BF:4F:70 mon0
Explanation of the switches are:
-c = channel of target access point.
--bssid = MAC address from the target access point.
Target Hidden SSID
Here we can see the target access point with one client attached. We now need to de-authenticate this client and see if we can get the SSID during the re authentication.Connected Client to AP
Now open a new terminal window and leave airodump-ng running.Run the following command in the new terminal.
This switches to this command are as follows:
-0 = Attack mode 0= de-authentication (The number following this indicates the number of deauth packets.)
-a = Target access point mac address
-c = Target client mac address
Now switch back to the original terminal window that still has airodump-ng running.
This is what it should now look like.
As you can see we now know that the SSID for the target router is "The Interweb"
Unable to Reveal Hidden SSID name?
If it does not work the first time try aireplay-ng again until it works however it is very possible the target Client might reconnect to another Access Point nearby if it doesn't reconnect.Trouble shooting issues
BSSID PWR is -1
If the BSSID PWR is -1, then the driver doesn't support signal level reporting.If the PWR is -1 for a limited number of stations then this is for a packet which came from the AP to the client but the client transmissions are out of range for your card. Meaning you are hearing only 1/2 of the communication. If all clients have PWR as -1 then the driver doesn't support signal level reporting.
NOTIHING UNDER STATION
If nothing shows up under the station just means no devices are connected over wireless this attack requires a device to be connected over wireless to work sadly you will need to wait for a device to connect. Ethernet devices do not count.
Source and Credits to :matthewhknight.com
SERIOUS MINDED PEOPLE SHOULD CONTACT
ReplyDeleteNeed a hacker?was in a bit of some really embarrassing cyber issues which led me to meeting some scammers as well but my will to solve my issue eventually paid off when i met Cryto Cyber Hacker,his work rate,professionalism and discretion is top-class. Hit him up at cryptocyberhacker@gmail.com, whatsapp: +15188160274. he's kinda picky though so make mention of the reference. Tell him i referred you. You're welcome.