Results 1 to 7 of 7

Thread: how to "decloaked" hidden ESSID.

  1. #1
    Just burned his ISO
    Join Date
    Dec 2007
    Posts
    9

    Smile how to "decloaked" hidden ESSID.

    Hi, I have try to configure my WIFI AP to enable the ESSID not been broadcast so when i using my wifi adaptor to scan the available WIFI AP, i just can saw my this AP(enable ESSID not been broadcast) BSSID(MAC address) so how to "Decloaked" This hidden ESSID from my wifi adaptor, i have try using BT3 inside the software kismet to scan, ya i have see only this AP BSSID cannot see this AP ESSID, is it kismet can "decloaked" hidden ESSID? i also have try to use airodump-ng -w cap eth0 to capture the signal, i only can see that AP BSSID than the ESSID only show length 9. I using airmagnet but this software dont have driver for my wifi adaptor. What tools can be use to detect the hidden ESSID and "decloaked" the ESSID. Thank you.

  2. #2
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    You can use mdk3. There is a option to either brute force or use a .txt file against a essid.

    like this....

    mdk3 <interface> p -f /root/essid.txt

  3. #3
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Another option would be to simply lock down either airodump-ng or kismet to the channel the AP is broadcasting on. When a client connects to the AP the ESSID is transmitted in clear-text and will be intercepted by the program, providing a strong enough signal.
    -Monkeys are like nature's humans.

  4. #4

    Default

    you can see in this video
    http://forums.remote-exploit.org/sho...t=12588&page=3

    I've demonstrated doing this, also read thoughts & comments from other members. I do not know how long it takes for it to reveal its ESSID, but as far as Im aware as soon as the other client tries to make a connetion, (handshake) it reveals it, so no matter how long you have airodump running for, it won't dump it.

    Enjoy the video

  5. #5
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by samsung View Post
    ...so no matter how long you have airodump running for, it won't dump it.
    Unless a client connects to the AP that is.
    -Monkeys are like nature's humans.

  6. #6
    Senior Member secure_it's Avatar
    Join Date
    Feb 2010
    Location
    在這兩者之間 BackTrack是4 FwdTrack4
    Posts
    854

    Default

    when a clients try to associate with AP automatically the airodump windows will change the hidden ESSID to the showed on or use wireshark to capture the frame on monitor interface then you would be easily able to get the hidden ESSID.while monitoring the network the essid length 9 indicates that the length of ESSID is 9 chars long.

  7. #7

    Default

    1. Fire up airodump-ng, lock to the channel that has the network AP you are interested in.
    2. Note the BSSID of the AP and the MAC of a connected client.
    3. Use aireplay-ng to force a deauth. Since Association and Re-Association packets contain the SSID whether hidden or not, when the client reconnects, your airodump-ng session should capture the SSID and report that in your session window.
    Basic syntax is:
    aireplay-ng -0 3 -a $BSSID -c $CLIENTMAC $INTERFACE

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •