No ESSID

[victor.hatley]

Sorry to bother, but my neighborhood assn. has requested that I (a VERY amateur) test the security, due to recent break ins. Okay, with that said...

I'm using a ralink rt 73xx using windows xp, virtual box(newest) and Bt4 final. I know this can be done, but my problem is finding the ESSID's on some of the AP's, getting deauthentications, and associating with WEP's.

Hidden ESSID, about this I find very little as to how to reveal them, the other probs I would venture to say distance is an issue, matbe. Any help or links would be appreciated, as these people have lost a little money due to the incursions, and they would like to know where their holes are.

I have advised these folks to use WPA2, as this is the most difficult to crack, and demonstrated that WEP is useless, but some believe that hiding the ESSID is the trick.

Thanks for all the help guys(and gals), my church will appreciate it

[lupin]

Read the aircrack-ng site, it has information on how to crack wireless networks.

The most effective and simple thing that these people can do to improve their wireless security is to use WPA2 with a strong non dictionary based password. Most of the other simple measures (MAC address filtering, SSID broadcast disabling, etc) are trivially bypassed and in my opinion are generally not worth the bother for most people. The other effective methods to improve wireless security that are commonly used in my experience is to use RADIUS WPA authentication or to establish a VPN over the wireless network, but neither of these options are really suitable for home or small business users.

[Snayler]

Hidden ESSID, about this I find very little as to how to reveal them, the other probs I would venture to say distance is an issue, maybe. Any help or links would be appreciated, as these people have lost a little money due to the incursions, and they would like to know where their holes are.

Some times, just running airodump-ng on AP's channel will reveal connected clients who will reveal the network's SSID (to be more specific, if a client is associating with the AP, he will broadcast AP's SSID). But when this is not the case, you can use a deauth attack to make the client re-associate, thus revealing the SSID.

Here is an excerpt from aircrack wiki:

Hidden SSIDs "<length: ?>"

Many aireplay-ng commands require knowing the SSID. You will sometimes see ”<length: ?>” as the SSID on the airodump-ng display. This means the SSID is hidden. The ”?” is normally the length of the SSID. For example, if the SSID was “test123” then it would show up as ”<length: 7>” where 7 is the number of characters. When the length is 0 or 1, it means the AP does not reveal the actual length and the real length could be any value.
To obtain the hidden SSID there are a few options:

• Wait for a wireless client to associate with the AP. When this happens, airodump-ng will capture and display the SSID.
• Deauthenticate an existing wireless client to force it to associate again. The point above will apply.
• Use a tool like mdk3 to bruteforce the SSID.

BTW, just typing "revealing hidden SSID" on google gave me lots of results on this. Maybe you should review your searching techniques.

[victor.hatley]

Thanks for the advice. And next time I guess I need to use my thesaurus. I kept asking for "find essid"

My bad I feel like an idiota