Ethical Hacking with Kali Linux - Part 3: Bypassing the MAC Address Filter - Cybrary

Ethical Hacking with Kali Linux - Part 3: Bypassing the MAC Address Filter

>> Welcome all, to this series of Kali Linux for Ethical Hacking. This is third part and I'll explain process of bypassing the MAC Address Filter on an AP (Access Point).

# 3 Basic Process:

- Finding the AP: airmon-ng & airodump-ng

- Finding an associated client: airodump-ng

- Finally, using the MACchanger

# . . . Let's Begin

- Before starting, make sure that you have eth0, lo, wlan0 in action. (Go to terminal and run ifconfig.)- Let's start to monitor on the wireless interface. Run:

airmon-ng start wlan0

- After executing above command, we must get new interface mon0 (Monitor mode enabled.)- Verify that both interfaces are up and running, run:


- Watch for wlan0 and mon0, run:

airodump-ng mon0

- For monitoring all the APs that Kali Linux OS can find out.- In the next step, you'll get BSSID and ESSID, channel, cipher. If there's any hidden SSID, then ESSID will be formatted like this: <length: 0> or with no SSID.Note: We saw in second part how to uncover this hidden SSID. But, here you can use any SSID with Open Encryption, or SSID with known password.- We will use the MAC address that was seen in part 2. i.e. 00:A1:B2:11:20:13:5T and channel '1' (Assume the MAC address filter is done in this system. Let's suppose it's SSID is nhc-BJ.)- Now, we try to find out the client and his MAC associated with this AP (nhc-BJ).- So we can use that MAC to bypass filter, run:

airodump-ng -c 1 -a --bssid 00:A1:B2:11:20:13:5T mon0

(-c is for channel, channel is 1 for BSSID; we're are trying to connect. -a is for showing only the client associated with this BSSID.)- You'll get the MAC address with the station associated with that AP, and this is the client's station. (Let's assume Mac = 00:C1:52:11:20:13:7D).- CTRL+C (press)- Run:

macchanger --help(notice, -m for setting mac)


macchanger -m 00:C1:52:11:20:13:7D wlan0

(If the device or resource busy, then run following command:)

airmon-ng stop wlan0

- Run:

macchanger -m 00:C1:52:11:20:13:7D wlan0

(If successful, you'll see a message like 'faked MAC')-Run:

ifconfig wlan0 down

ifconfig wlan0 up

(Let's see whether we can associate with the SSID now or not with this faked MAC)- Run:

iwconfig wlan0 essid nhc-BJ channel 1

(If not, run in Kali and run it in BackTrack. Or, see the updated version of Kali.)

iwconfig wlan0

(If successful, the Access Point will be associated.)

A quick note: This series is only for educational purpose. Practice this series in a lab, in a virtual/separate network and always avoid illegal activities. If you can, then support us in fighting the bad guys.

See the other posts in this series:

Ethical Hacking with Kali Linux – Part 1: Objective

Ethical Hacking with Kali Linux - Part 2: Finding Hidden SSIDS

Ethical Hacking with Kali Linux - Part 4: Breaking WPA2 Wireless

Ethical Hacking with Kali Linux - Part5: Rogue Wireless Access Points

Ethical Hacking with Kali Linux – Part 6: Nmap (Network Mapper)

By: BIJAY ACHARYA  (twitter : @acharya_bijay)

Start learning with Cybrary

Create a free account

Related Posts

All Blogs