Sign up to save your podcasts
Or
Share Course 14 - Wi-Fi Pentesting | Episode 3: Targeted Wireless Network Discovery and Pre-Connection Bypasses
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Course 14 - Wi-Fi Pentesting | Episode 3: Targeted Wireless Network Discovery and Pre-Connection Bypasses
In this lesson, you’ll learn about:
You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
- Sniffing wireless networks on both 2.4 GHz and 5 GHz bands
- Performing targeted packet capture on a specific access point
- Saving and analyzing captured wireless traffic
- Executing deauthentication attacks without knowing the password
- Discovering the names of hidden wireless networks
- Reconnecting to hidden networks after revealing their SSIDs
- How MAC filtering works and how it is bypassed
- 2.4 GHz
- 5 GHz
- By default, airodump-ng only sniffs the 2.4 GHz band
- To sniff 5 GHz, you must use:
- --band A
- To sniff both at once:
- --band ABG
- Sniffing both bands:
- Requires a powerful wireless adapter
- Is usually slower
- The adapter must support 5 GHz, otherwise no data will be captured from that band
- One specific target network
- BSSID: Target network MAC address
- Channel: Operating channel
- View only:
- The target access point
- Connected clients (stations)
- Save captured packets to files:
- .cap files
- Even though all packets are captured:
- If the network uses WPA/WPA2
- The data appears encrypted and unreadable
- Wireshark will display it as gibberish without the key
- Disconnect any connected device
- Without:
- Knowing the Wi-Fi password
- Being connected to the network
- The attacker pretends to be:
- The router when talking to the client
- The client when talking to the router
- This forces the device to disconnect
- aireplay-ng
- Do not broadcast their SSID (name)
- Still broadcast:
- MAC address
- Channel
- Encryption type
- Run airodump-ng against the hidden network only
- If a client is connected:
- Launch a deauthentication attack
- Send a small number of packets (e.g., 4)
- When the client reconnects:
- It sends the network name in the air
- Airodump-ng captures:
- The previously hidden SSID
- The wireless card must return to:
- Managed mode
- airmon-ng stop
- Or by:
- Disconnecting and reconnecting the wireless adapter
- Restart it using:
- service network-manager start
- Manually enter:
- The discovered SSID
- The correct security type
- Then connect normally
- Their MAC address
- Blocks specific MAC addresses
- Easily bypassed by:
- Changing your MAC address to a random one
- Only allows specific MAC addresses
- Harder to bypass, but still possible
- Use airodump-ng to detect:
- A client already connected to the target network
- That client’s MAC must be:
- On the whitelist
- Use macchanger with:
- -m to clone that MAC address
- Return to managed mode
- Connect to the network successfully using the spoofed MAC
You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
View all episodes
By CyberCode AcademyIn this lesson, you’ll learn about:
You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
- Sniffing wireless networks on both 2.4 GHz and 5 GHz bands
- Performing targeted packet capture on a specific access point
- Saving and analyzing captured wireless traffic
- Executing deauthentication attacks without knowing the password
- Discovering the names of hidden wireless networks
- Reconnecting to hidden networks after revealing their SSIDs
- How MAC filtering works and how it is bypassed
- 2.4 GHz
- 5 GHz
- By default, airodump-ng only sniffs the 2.4 GHz band
- To sniff 5 GHz, you must use:
- --band A
- To sniff both at once:
- --band ABG
- Sniffing both bands:
- Requires a powerful wireless adapter
- Is usually slower
- The adapter must support 5 GHz, otherwise no data will be captured from that band
- One specific target network
- BSSID: Target network MAC address
- Channel: Operating channel
- View only:
- The target access point
- Connected clients (stations)
- Save captured packets to files:
- .cap files
- Even though all packets are captured:
- If the network uses WPA/WPA2
- The data appears encrypted and unreadable
- Wireshark will display it as gibberish without the key
- Disconnect any connected device
- Without:
- Knowing the Wi-Fi password
- Being connected to the network
- The attacker pretends to be:
- The router when talking to the client
- The client when talking to the router
- This forces the device to disconnect
- aireplay-ng
- Do not broadcast their SSID (name)
- Still broadcast:
- MAC address
- Channel
- Encryption type
- Run airodump-ng against the hidden network only
- If a client is connected:
- Launch a deauthentication attack
- Send a small number of packets (e.g., 4)
- When the client reconnects:
- It sends the network name in the air
- Airodump-ng captures:
- The previously hidden SSID
- The wireless card must return to:
- Managed mode
- airmon-ng stop
- Or by:
- Disconnecting and reconnecting the wireless adapter
- Restart it using:
- service network-manager start
- Manually enter:
- The discovered SSID
- The correct security type
- Then connect normally
- Their MAC address
- Blocks specific MAC addresses
- Easily bypassed by:
- Changing your MAC address to a random one
- Only allows specific MAC addresses
- Harder to bypass, but still possible
- Use airodump-ng to detect:
- A client already connected to the target network
- That client’s MAC must be:
- On the whitelist
- Use macchanger with:
- -m to clone that MAC address
- Return to managed mode
- Connect to the network successfully using the spoofed MAC
You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy