Sunday, June 26, 2016

Bypassing MAC Filters on Wireless Networks -LanwilDS

Apart from hiding the SSID, it’s also a common practice for network administrators to apply
MAC filtering on the access point so that only white-listed hosts with MAC addresses would be
able to connect to the access point. This is done in colleges and universities where they only want
registered students to have access to the Internet. MAC filtering is also a part of low-level security
along with hiding the SSID; however, just like the hidden SSID, this security measure terribly fails
in the real world, since an attacker can spoof a legitimate MAC address to connect to the access
point. Here is how this attack would be carried out:
1. The attacker would scan the access point for the hosts that are already connected to the
access point.
2. Next, the attacker would note down the MAC address of the legitimate client that is connected
to the access point and spoof the MAC address to get into the white list and would
be able to connect and use the access point.
So here is how we would combine airodump-ng and macchanger to bypass MAC filtering
restrictions:
Note: Make sure that you already have monitor mode enabled before performing the following
steps.
Step 1—The first command we would use is “airodump-ng” to scan for all the neighbor networks.
To demonstrate this attack, we would assume that the access point with ESSID
“ROMEO” having a BSSID of “F4:3E:61:9c:77:3B” has enabled MAC filtering and only a
set of allowed MAC addresses are able to connect to this access point.

Step 2—The next step would be to find a client that is already associated with the access point.
We will use airodump to find it for us.
Command:
airodump-ng –c 1 –a –bssid F4:3E:61:9C:77:3B mon0
Since the access point is on channel 1, we would type –c 1; the “–a” parameter would display
clients that are currently associated with the access point.

Next, we would use the following command to spoof our current MAC address.
macchanger –m B0:D0:9C:5C:EF:86 wlan0

The MAC address of the client, B0:D0:9C:5C:EF:86, is already associated with the access
point. Finally, we would issue the following command to bring the wlan0 interface up.
Command:
ifconfig wlan0 up
We can verify that our MAC address has been spoofed by executing “iwconfig” command
and matching the HWaddr field.

NOTE:THIS IS FOR EDUCATIONAL PURPOSE ONLY
WE ARE NOT RESPONSIBLE FOR ANY UNAUTHORIZED ATTACKS OR MISSUSE
THANK YOU We Love Comments  

2 comments:

Whatsapp Button works on Mobile Device only

Start typing and press Enter to search