Let's follow the instructions to get started:
- Let's first configure our access point to use MAC filtering and then add the client MAC address of the victim laptop. The settings pages on my router looks as follows:
- Once MAC filtering is enabled, only the allowed MAC address will be able to successfully authenticate with the access point. If we try to connect to the access point from a machine with a non-whitelisted MAC address, the connection will fail.
- Behind the scenes, the access point is sending authentication failure messages to the client. The packet trace resembles the following:
- In order to beat MAC filters, we can use
airodump-ngto find the MAC addresses of clients connected to the access point. We can do this by issuing theairodump-ng -c 10 -a --bssid <mac> wlan0moncommand. By specifying thebssidcommand, we will only monitor the access point, which is of interest to us. The-c 10command sets the channel to10, where the access point is. The-acommand ensures that, in the client section of theairodump-ngoutput, only clients associated and connected to an access point are shown. This will show us all the client MAC addresses associated with the access point:
- Once we find a whitelisted client's MAC address, we can spoof the MAC address of the client using the
macchangerutility, which ships with Kali. You can use themacchanger –m <mac> wlan0moncommand to get this done. The MAC address you specify with the-mcommand option is the new spoofed MAC address for thewlan0moninterface:
- As you can clearly see, we are now able to connect to the access point after spoofing the MAC address of a whitelisted client.
We monitored the air using airodump-ng and found the MAC address of legitimate clients connected to the wireless network. We then used the macchanger utility to change our wireless card's MAC address to match the client's. This fooled the access point into believing that we were the legitimate client, and it allowed us access to its wireless network.
You are encouraged to explore the different options of the airodump-ng utility by going through the documentation on their website at http://www.aircrack-ng.org/doku.php?id=airodump-ng.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.