.

Finding hidden SSID

<<

millwalll

Post Wed Mar 16, 2011 11:46 am

Finding hidden SSID

Hi all,

How do you find a hidden ssid with the aircrack suit ?

Thanks
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Wed Mar 16, 2011 11:49 am

Re: Finding hidden SSID

I personally just fire up and use Kismet, first, and leave it running in the background, to watch things, while using aircrack suite for hacking wireless.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

millwalll

Post Wed Mar 16, 2011 12:11 pm

Re: Finding hidden SSID

is there anyway to do it with aircrack suit ?
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Wed Mar 16, 2011 1:55 pm

Re: Finding hidden SSID

Exerpt from:  http://www.aircrack-ng.org/doku.php?id=aireplay-ng

Hidden SSIDs "<length: ?>"

Many aireplay-ng commands require knowing the SSID. You will sometimes see ”<length: ?>” as the SSID on the airodump-ng display. This means the SSID is hidden. The ”?” is normally the length of the SSID. For example, if the SSID was “test123” then it would show up as ”<length: 7>” where 7 is the number of characters. When the length is 0 or 1, it means the AP does not reveal the actual length and the real length could be any value.

To obtain the hidden SSID there are a few options:

    *
      Wait for a wireless client to associate with the AP. When this happens, airodump-ng will capture and display the SSID.
    *
      Deauthenticate an existing wireless client to force it to associate again. The point above will apply.
    *
      Use a tool like mdk3 to bruteforce the SSID.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Wed Mar 16, 2011 7:48 pm

Re: Finding hidden SSID

Like Hayabusa said, aircrack an do it if you wait long enough, or make your attack known. Kismet isn't that hard to use. It's also useful for doing better wireless audits of the area around you.
OSWP, Sec+
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Wed Mar 16, 2011 8:37 pm

Re: Finding hidden SSID

;) <nods head in agreement>  Really, if you have tools available, why not use them.  If you're to be a good pentester, you can count on building a large tool library (or at least, knowledge thereof.)  No sense in re-inventing the wheel, sometimes, if a tool exists that will work, quickly.  

(That said, Kismet is doing the same thing that 'waiting' with airodump, etc, would do, in that ANY tool is only going to show you a non-broadcasting SSID when a client connects to it.  So, regardless, it's a matter of patience...)  But Kismet displays it all, nicely, once it sees it.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

WCNA

User avatar

Full Member
Full Member

Posts: 187

Joined: Wed Mar 02, 2011 8:05 am

Location: Florida

Post Wed Mar 16, 2011 9:47 pm

Re: Finding hidden SSID

Speaking of good tools, Colasoft's CAPSA wireless tool just came out. It's a nice alternative to AirPcap (monitor mode), lots of cool features.
ISC2 Associate, WCNA, CWNA, OSCP, Network+
<<

TheXero

User avatar

Full Member
Full Member

Posts: 112

Joined: Tue Dec 07, 2010 12:24 pm

Post Thu Mar 17, 2011 6:04 am

Re: Finding hidden SSID

Dude you're in luck :)

Check out this video on my website http://www.thexero.co.uk/?p=48

In that video I find a hidden network and use the aireplay module to discover the SSId for the network by de-authenticating a client.

~TheXero
<<

albatr0ss

Newbie
Newbie

Posts: 12

Joined: Mon Oct 10, 2011 2:30 am

Post Thu Nov 17, 2011 7:16 am

Re: Finding hidden SSID

I wrote a script to try to bruteforce hidden ssids even when no clients are connected.

http://www.albatr0ss.it/2011/10/28/iden ... den-ssids/

In the post you'll find a video demoing the usage of the script.
OSWP

Return to Wireless

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software