Description: Welcome to Part 7 of the WLAN Security Megaprimer! Please start this series by watching Part 1 http://www.securitytube.net/video/1756, if you have not done so already.
In this video, we will look at how to bypass MAC based filters applied on access points. It is to be noted that MAC filters are a network access filter added by the AP software and are not really present in the 802.11's security standard.
We will learn how to find if a MAC based filter is present on the access point, how to find an authorized client's MAC address and finally how to emulate an authorized Client MAC to successfully Authenticate and Associate with the Access Point!
Please leave your comments behind!
Tags: 802.11 , security , mac filter , authenticate , associate , bypass , MAC ,
tnx my friend :)
on last video i was a bit confused as i vaguely rememberd unhiding hidden ssid's by spoofing mac adresses (also bybassing mac filters in the process) im not sure as then i was only copying some youtube videos and didn't knew what i was doing:D
@behrouz Thanks!
@zendar Hope things are clear now :) after the video. Let me know if you have any doubts.
Great video man. Your tutorials are the best on the net. thanks :)
You are THE GREAT......Can u share ur college time work & research paper with me????
Thanks again & again Vivek !!
I'm waiting to finish this megaprimer and start with a new one :) like Reverse Engineering ? would be more than great.
thx again
I think so..at that time i tried cracking wpa but without wireshark with aircrack/mon.. and remember using using the ssid mac adress from captured packets, instead of the name to bypass not knowing the ssid name?
(This was a long time ago so hope im making any sense at all, if not I will try to forget all this ;)
I failed at injecting packages (although my ralink based card supports it).
So it's great to have all these factors explained :)
GREAT ,, LENGEND !
haha, would have loved to see what you could get on that random person that connected to you.
Big Thanks , GOD bless you brother
@Acebond, Vishal, m0ei, hugol, KsA.HaCkEr, ahmadqdemat Thanks a ton guys! Your encouraging comments is like Red Bull to me :)
@zender I am happy to see you feel so. Also, now that you are aware of various factors and circumstances affecting the hack, even if something goes wrong with the tool, you will be able to figure things out.
@NavS haha :) No comments on this one :)
Brilliant Video again Vivek! I sooooo would *not* want to be that script kiddie trying to hook into your dlink! Hey, perhaps he will visit security tube sometime and recognise you!
In the words of Homer Simpson.... "Doh!"
@Blackmarketeer Thanks :) hehe :) I just disconnected the poor dude from my AP, would be funny if someday he sees him MAC on one of my videos :) and your comment below :)
tHAT WAS SO FUNNY!!! ''he has just landed on the worst access point possible, i may just fire metasploit right now" lol... hilarious. Great video Vivek.
clear, helpfull, thoughtfull lessons. thanks :)
Another great lesson...
Nice to know all of the router's built-in security features are useless :)
Please notice, the audio of the video doesn't sync properly with the video (at least for me...)
after we spoof our mac. does this allow us to connect to the AP directly. or do we have to change our mac completely with macchanger ? to gain access
by the way, awesome tutorial, thanks alot. i love the megaprimer series. very cool stuff
@jazzman I 2nd that. The video and audio came out of sync. That's the 1st time that's happened in 7 tutorials though, and being that he's still talking with his hands you can still follow along with no problem.
Vivek... great tutorials. These are setup and presented much better than most tutorials I've seen on this topic. Most are crap someone did spur of the moment and posted on youtube. Keep going.
You know of course that the mac address 3d:be:93 was your alfa card and not your neighbor. :o)
No big deal. I'm still learning. And the rest of these videos look like they have a breadth of knowledge to consume.
Definitely the best 19 minutes spent this day :)
Hello Vivek, First off Thanks so much for doing such a great job.
You demonstrated fakeauth helps determine if the AP has MAC filter enabled. However my question is, Whats the purpose of faking an authentication? Is it just to see if the AP is Mac filtered? Or does its serve other purposes?
Ok, i just watched part 8 and got my answer :) Thanks so much Viek
good job vivek, i'm becoming addicted to your videos.
thank again...
excellent video, vivek! thanks again! I had already figured this out one time when I was just being a young deviant, but I was very unsure if what I was doing was the right thing, or it was a coincidence. Thanks for giving me renewed confidence and knowledge. Keep up the good work :)
I have a question though. Why not take down the ifconfig and use macchanger? And also another question, if you aren't too busy. Suppose someone was hacking a wireless network and I was injecting packets and such from an alfa card. Should they spoof the mac address of both mon0 and wlan0? I would do both, just to be safe, but is it really necessary to spoof the wlan0 mac as well?
Another great video! Thanks!
Thanks a million.
I cracked up when you mentioned the unknown client on your AP, humor makes the videos that much better.
If you wanted to actually connect to this network you would have to do it on wlan0 correct?
Hi !
First of all, I wanted to thank you for those videos, I used to play a little bit with aircrack suite and such for entertainment and learning, but I did not -really- understand how everything works. (hm, you could probably call me a scriptkiddie, haha)
Your videos step by step make everything more clear and understandable !
I have a really basic question regarding this particular video, you said that hotspots(in airports, etc), when authenticated trough the web interface, sometimes use the mac address to know wich stations can access the internet.
Then a question pops in my mind: What will happen if two different wireless devices try to connect at the same time to the same hotspot using the same mac address. Will everything works fine for both of the users, or will things become messy there ?
Thank you, keep up the awesome work ! I will continue to learns lots of things with your others videos !
Cheers from a little belgian noobie.
When using aireplay-ng --fakeauth, I am getting the following output:
14:35:27 Sending Authentication Request (Open System) [ACK]
14:35:27 Authentication successful
14:35:27 Sending Association Request [ACK]
14:35:27 Association denied (code 13)
Code 13 being: "Responding STA doesn’t support the specified auth algorithm"
How is it my station doesn't support the authorization algorithm? I'm connected to my network on the machine (outside of the Virtualization).
It's an Open Authentication using WPA-Personal TKIP. What am I doing wrong?
LEGEND!!!! You truly are!
Great Videos please keep it up
Hi, here are my notes on this part: http://41j.com/blog/2011/10/securitytube-wireless-lan-security-megaprimer-notes-part-7-mac-filtering/
Vivek you are so pro.. And also very funny.. Gj anyway!!
Hi Vivik,
I tried it on my own network, put the mac filter and put the exact command as you did on the aireplay-ng. It gave me nothing...
Could it be because it's a closed network (wpa2)?
Thanks friend
Enjoyable video as usual.
same question as an.ankini.
What will happen if two different wireless devices try to connect at the same time to the same hotspot using the same mac address. Will everything works fine for both of the users, or will things become messy there ???
??
hi vivek it's really a great job of educating all of us in the field of computer security...
i had a doubt regarding mac spoofing espicially in windows7...i already tried out mac spoof on other platforms like xp,ubuntu,rhel,fedora,opensuse etc...however in xp i had used registry editor method as well as i had used TMAC software and in all linux platforms by using macchange i am successfully spoofing the mac id as per my network requirement(my network is using mac filtering)..but in case of windows 7 i am unable to spoof my mac id by registry editor method and not only that i had tried out various mac spoof softwares like TMAC,SMAC all were failed to prove mac id change.....will you offer me any solution to get rid of this problem?
Great video. I have a question. In this video, your router is using MAC filter, but there is an anonymous client connecting to your router. What is the MAC address of that client? Is that MAC in your router's white list? Really appreciate your sharing.
Another Great video sir.
Very much appreciated.
Hahaha excelent :). Firing up metasploit against your own Alpha Card (11:45) may not be a good idea. Your videos are great!
sir a little question .. why we actually require to do fakeauth ? also after getting success doing this ..can we access the web ? .. please reply ...
Thank you!
I am still laughing on the MAC Filters..
i don't want to be your neighbour man :D
Question: My AP don't reply with Auth response if my Mac is not added in the white list .. therefore i get just a single line on aireplay-ng for example:
# aireplay-ng --fakeauth 10 -e SecurityTube mon0
it says
15:56:32 Sending Authentication Request (Open System) [ACK]
15:56:32 Sending Authentication Request (Open System) [ACK]
15:56:32 Sending Authentication Request (Open System) [ACK]
is that fine, why this is happening ?? really confused about this ..!
Enjoyed the video. Made me realize how my friends manager left his AP open but we were not able to access it. I didnt think people would use this much but now I know that if they are using open authentication this may be the case. Thanks for this
Hi i am beginner and i start to watch your video series that's very perfect for me and i enjoy from your video and i have a request than you if you add subtitle to your video i think that's better.
I really enjoyed your explanation of mac filtering. I've used macchanger in the past for some spoofing but it's nice to hear the concepts explained clearly. Thanks again!
Another awesome video vivek. I literally havent had any questions because you explain it so well. thanks
Really enjoy d user-freindly way u explain d things. U r way of explaining things makes ur videos highly addictive. Thanxx a ton sir, for d knowledge share.
Another great video, thanks
Great video Vivek ! Sad that I don't have more time to watch another one ...
I have a question, how exactly does it work when 2 clients try to authenticate with the same mac address. Scenario being, the legitimate owner of the AP wants to connect, but you with are trying to connect with the spoofed address. Do the clients disassociate one another and in the end no one is connected, or how exactly does this work ?
Thanks so much !
Simply amazong, thank you so much vivek for these enlightening and fruitful videos
You know the reverse story ? When in some airports you get 15 min free WiFi ? Ok...and...after those 15 mins you change MAC address and you restart...hahahaha, time to laugh. Yes, I'm a little OOT but we're talking about the simplicity of spoofing...great teaching Vivek, thanks !
what is difference between beacon and probe response packet
what is difference between beacon and probe response packet
Thanks for another enlightening video. I seem to be going through these about one a day so even if it takes me some time to get through all of the videos I will reach one of my goals.
Thank you Vivek! I have learned a lot from watching these videos. You're a boss
If I want to use the Internet on an AP that's using MAC filtering only (like at an airport), would I just leave airreplay running with the -h parameter set (with the MAC of an associated client)?