Episode Details

Back to Episodes
Course 14 - Wi-Fi Pentesting | Episode 3: Targeted Wireless Network Discovery and Pre-Connection Bypasses

Course 14 - Wi-Fi Pentesting | Episode 3: Targeted Wireless Network Discovery and Pre-Connection Bypasses

Published 5 months, 1 week ago
Description
In this lesson, you’ll learn about:
  • Sniffing wireless networks on both 2.4 GHz and 5 GHz bands
  • Performing targeted packet capture on a specific access point
  • Saving and analyzing captured wireless traffic
  • Executing deauthentication attacks without knowing the password
  • Discovering the names of hidden wireless networks
  • Reconnecting to hidden networks after revealing their SSIDs
  • How MAC filtering works and how it is bypassed
Targeted Wireless Discovery & Pre-Connection Access Wireless Band Sniffing (2.4 GHz & 5 GHz) Wireless networks broadcast on two main frequency bands:
  • 2.4 GHz
  • 5 GHz
Key points:
  • By default, airodump-ng only sniffs the 2.4 GHz band
  • To sniff 5 GHz, you must use:
    • --band A
  • To sniff both at once:
    • --band ABG
  • Sniffing both bands:
    • Requires a powerful wireless adapter
    • Is usually slower
  • The adapter must support 5 GHz, otherwise no data will be captured from that band
Targeted Sniffing & Data Capture Instead of capturing all networks, you can focus on:
  • One specific target network
This is done by specifying:
  • BSSID: Target network MAC address
  • Channel: Operating channel
Targeted capture allows you to:
  • View only:
    • The target access point
    • Connected clients (stations)
  • Save captured packets to files:
    • .cap files
  • Even though all packets are captured:
    • If the network uses WPA/WPA2
    • The data appears encrypted and unreadable
    • Wireshark will display it as gibberish without the key
The Deauthentication Attack A deauthentication attack allows you to:
  • Disconnect any connected device
  • Without:
    • Knowing the Wi-Fi password
    • Being connected to the network
How it works:
  • The attacker pretends to be:
    • The router when talking to the client
    • The client when talking to the router
  • This forces the device to disconnect
Tool used:
  • aireplay-ng
Discovering Hidden Networks Hidden networks:
  • Do not broadcast their SSID (name)
  • Still broadcast:
    • MAC address
    • Channel
    • Encryption type
Steps to reveal a hidden SSID:
  1. Run airodump-ng against the hidden network only
  2. If a client is connected:
    • Launch a deauthentication attack
    • Send a small number of packets (e.g., 4)
  3. When the client reconnects:
    • It sends the network name in the air
  4. Airodump-ng captures:
    • The previously hidden SSID
Connecting to Hidden Networks After discovering the SSID:
  • The wireless card must return to:
    • Managed mode
This can be done by:
  • airmon-ng stop
  • Or by:
    • Disconnecting and reconnecting the wireless adapter
If the network manager service is stopped:
  • Restart it using:
    • service network-manager start
Once restored:
  • Manually enter:
    • The discovered SSID
    • The correct security type
  • Then connect normally
Bypassing MAC Filtering MAC filtering c
Listen Now

Love PodBriefly?

If you like Podbriefly.com, please consider donating to support the ongoing development.

Support Us