visit
Really, asshole? Curry again?
That means that users who need to use the network will be required to provide the SSID and password in order to establish a connection. This touches on the concept of security through obscurity and greatly reduces the chances of an attack.
With this brief intro, let's design an attack to uncover a hidden SSID as a penetration tester would.Disclaimer: The following content requires you to have basic knowledge of Kali Linux or Backtrack, but feel free to go ahead as I will be covering those topics on hackernoon, my website and youtube.I hope you are still with me because now it starts to get fun. There are basically 3 things that we need to do:
In order to encourage best practices let's perform an ifconfig and check our settings to see what interfaces we have to deal with.
et0 is the lan (ethernet connection wired)
lo loop-back interface
W0 is the wireless lan interface
Next, let's run airmon-ng without any parameters just to verify that it is able and willing to recognize the wireless card.
The command is: airmon-ng start wlan0
Now we have this new logical interface called mon0 ready for us to start listening on. As good practice we should launch airmon-ng one more time just to verify the mon0 is now recognized, as we can see it is.
The next step is to launch airodump-ng mon0 to start our backtrack (or kali linux) machine to listen to the activity going on. It's important to remember that we added mon0 because that is the logical interface that we want to listen to.
This will cause the logical interface to listen to all the activity going on. You will be able to see that backtrack is cycling through all the channels searching for all the interfaces it can find on the top left corner of the screen. What we need to do is look at the upper right side and look for interfaces that are not displaying SSIDs such as <length: 0>, which in this case is our hidden SSID.
At this point we have harvested a lot of information. We know the hidden SSID channel (CH), MAC address and we also know that it does not use any kind of encryption. Since we now have a good idea of our target we can use some commands to narrow down our results (this is especially good when dealing with multiple access points).Since we know this hidden SSID is running on channel 1 we will save some screen real estate and run airodump-np -c 1mon0 to listen only to channel 1.
Now we are only listening to channel 1 as you can see on the top left corner. We now just need to wait long enough for someone to connect to the SSID and the name will be revealed. In our case, the hidden SSID which you can verify in the screenshot below.Sneaky-SSID
Disclaimer: This ethical hacking tutorial is against misuse of the information and I strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking without written permission in general.