Sign in to follow this  
bombshop

Wireless: Bypassing Mac Filtering Tutorial

Recommended Posts

Sometimes you scan the neighborhood for the wireless connections, you see open connections but can not connect to them. Well this is possible because they use MAC filtering to secure up their network.I will try to explain how to bypass this protectionNOTE: This is for EDUCATION purpose only to show you it is possible to bypass this security. I am not responsible for unauthorized use of these information.Requirements :1- You need some tool for sniffing the traffic. I suggest using Aircrack-ng (http://www.aircrack-ng.org/)2- You need some tool to change your MAC address. I use MacMakeUp (http://forums.xisto.com/no_longer_exists/)Action On Windows:First you need to sniff the traffic around you. Open Airodump read the screen and make your selectionsFor me it is : Interface = 4 Intel Pro® Wireless 2200bg, Interface type =a , Channels=0 (if you want to sniff the traffic in all channels) , Output file prefix : Up to you!, Only Write wep IV's : y (This will save you some space) then proceedEdit: ipw2200 will not work under windows, i used an USR usb stick to capture traffic around.You should see something like this on your screen:BSSID, First time seen, Last time seen, Channel, Speed, Privacy, Power, # beacons, # data, LAN IP, ESSID00:**:BF:53:**:**, 2006-12-09 21:29:36, 2006-12-09 21:35:54, 6, 54, OPN , 13, 224, 62, 192.168. 2. 2, AIRTIESStation MAC, First time seen, Last time seen, Power, # packets, BSSID, ESSID00:**:F0:BF:**:**, 2006-12-09 21:29:39, 2006-12-09 21:35:40, 16, 79, 00:**:BF:53:**:**, AIRTIES It also logs the details to a text file in the same directory.This tells you that 00:**:F0:BF:**:** is the client connecting to that network so you can confidently assume that it is added on the Allow list. So open MacMakeUp, select your interface and enter this mac adress without the colons. click press and it will cycle your interface.Next time you try to connect to that network ends up with success :)In linux you can useairodump-ng -c 0 -w Prefix eth1this tells you to monitor all channels on interface eth1 and log them to a file with the Prefix after -wif you don't know your wireless cards interface type iwconfig or ifconfig -aConclusion :As you see it is possible to bypass this security precaution. And more important if someone monitors your connection they may be able to get crucial information about you. For example i can see what sites the network clients has been surfing around. MAC filtering must not be trusted for securing your network. You must use password protection in order to secure your network (preferable WPA not WEP, i will explain it in another article). So thats all for today.Can ISIKLI (bombshop)

Edited by bombshop

Share this post


Link to post
Share on other sites

as you can tell unauthorized users using your connection is not the only problem here. For example if you choose capturing all the traffic (not only IV's) they can tell what sites you have been visiting. And as they capture all the traffic they can sniff your passwords or so.So be aware :)

Share this post


Link to post
Share on other sites

Encrypting your folders and files is one thing but encrypting your wireless network connection is for sure another thing. Let me tell you one thing. Just listening to the network traffic i have one of my friends mail box and password INDEED OPEN!!! You know what that means? it means that i have an UNRESTRICTED ACCESS on the e-mail account that has been compromised! And let me add, i can read google mails that has been read by the "victim". just beware. And also i took me 31 seconds to crack a 64 bit wep key with nearly 300,000 iv's.For your attention..

Edited by bombshop

Share this post


Link to post
Share on other sites

explain to me how to by-pass a wireless connection

Wireless: Bypassing Mac Filtering

 

Replying to bombshophello I am really impress by your knowlege I knew computer but not as good as you,I have a wireless toshiba computer a pentium M,and the is a wirless internate connection in my area it always indicate to me that I should put the network key,so teach me like a small child the step explain to me every step you mention in details.I am really waiting to here you reply through my yahoomail.XXXXX@yahoo.Com.Thanks me pls reply me.

 

 

 

-mado

 

 

 

--------------

 

Edit : mado, do not put your E-mail address here, it's safer to use our PM system.

Share this post


Link to post
Share on other sites

Valid MAC from AP without any traffic?

Wireless: Bypassing Mac Filtering

 

 

Okay I am at a standstill with this wireless AP with MAC filtering...

 

The thing has NO TRAFFIC. I have been scanning for days and days and days.

 

Is there any way to somehow obtain or brute force(ish) for a authenticated MAC address when there no traffic (except broadcasts) to use?

 

Anyone have any idea?

Thanks,

Anne

Share this post


Link to post
Share on other sites

Generating traffic on NUL wi-fi

Wireless: Bypassing Mac Filtering

 

Replying to iGuest

 

I ran into something similar the other day while conducting a little field reconnaissance. My solution was to have Aireplay-ng fake an authentication to the AP, this resulted in receiving an ARP packet which I later re-injected back at the router in order to obtain more data/IV packets. FTR: My goal was to crack the WEP encryption, which when sufficient data was gathered my PC found the key in less then 5 seconds.

 

FTR: I was using the Aircrack-ng within the Backtrack 3 security suite.

 

 

-reply by Skydiver069

Share this post


Link to post
Share on other sites

This trick also works for using wireless internet for free in airports. Find a MAC address of someone who has actual web browsing traffic working, and borrow it, and you can use the wi-fi for as long as they can. It's technically theft of services though.

Share this post


Link to post
Share on other sites

as you can tell unauthorized users using your connection is not the only problem here. For example if you choose capturing all the traffic (not only IV's) they can tell what sites you have been visiting. And as they capture all the traffic they can sniff your passwords or so.So be aware :P


I cant open airodump-ng (win7)... HELP?? :/

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this