Description: In this video I show you how to use a little python script I created to attempt to “brute force” the (E)SSID name of Access Points that are configured to hide its SSID.
The script can be downloaded at http://www.albatr0ss.it/en/wp-content/uploads/2011/03/hidden_ssid.tar.gz and the blog post can be found at http://www.albatr0ss.it/en/2011/10/identifying-hidden-ssids/
This script was written mainly as PoC for the Securitytube Wireless Security Expert certification, please don't abuse it and use it only on APs you got permission to do a pentest.
Tags: hidden ssid , ssid , wifi , access point ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Nice! :)
Nice music too ;)
Nicely done my friend! You are on the way to becoming a Wi-Fi Ninja :) Fantastic, keep it up.
Nice PoC friend :) This makes me want to make a own video too when im free :)
Nice music buddy....Thanks for making it and uploading it so soon...Keep up the good work...expecting more videos, but with narration. :-P
anyone that's interested in the awesome soundtrack: http://www.youtube.com/watch?v=54VJWHL2K3I
Thanks to all for the kind words, viewing the ..... views counter will surely make more but don't expect narration only good music ;-)
@Andrew Yep, the music comes directly from the CTF room at Defcon 19 in LV the video rolled on the big screen during the sessions :-D
Thanks Vivek for the opportunity
Good ! Having programming skills is always a plus. There is another possibility too, by taking the vendor part of the MAC. Many people NEVER change the factory essid of what they have. War Driving show that fact, so you can earn a lot of time by making a database with bssid=essid. It is like a WHOIS for AP. If I am wrong, tell me. Always happy to learn.
@dge yes you are right..for example in Italy this works with Vodafone, Alice and Fastweb APs..
@dge yes I understand what you mean, you could make a simple lookup table to search the OUI of the mac address and match the corresponding default ssid name. Nice idea!!
@fabiothebest what you are saying is a little bit different in Alice and Fastweb APs, at least on earlier ones, the WEP/WPA key was generated from a combination of essid and mac address and by reverse engineering you could arrive to small set of WEP/WPA key to try against the AP
thats a good job albatr0ss...just found your blog...interesting....Vp
Thanks Vp :)