As Mike Kershaw said, it's not terribly practical, but there is indeed
a tool that will do it - MDK has an option that will do this for you.
See the writeup here:
It relies on a good dictionary file and a lot of patience..
Basically it will just probe the ESSID with the network name from the
dictionary file and try and get a response.
On Sun, Oct 11, 2009 at 4:54 PM, Rob Fuller <jd.mubix (at) gmail (dot) com [email concealed]> wrote:
> I don't know enough about the inner workings of 802.11 to know if this
> would work, but is there a tool out there that will do a dictionary
> attack on a non broadcasting AP by sending out probes?
>
> --
> Rob Fuller | Mubix
> Room362.com | Hak5.org | TheAcademyPro.com
>
a tool that will do it - MDK has an option that will do this for you.
See the writeup here:
http://forums.remote-exploit.org/backtrack3-howtos/15854-how-bruteforce-
hidden-essid-using-mdk3.html
It relies on a good dictionary file and a lot of patience..
Basically it will just probe the ESSID with the network name from the
dictionary file and try and get a response.
On Sun, Oct 11, 2009 at 4:54 PM, Rob Fuller <jd.mubix (at) gmail (dot) com [email concealed]> wrote:
> I don't know enough about the inner workings of 802.11 to know if this
> would work, but is there a tool out there that will do a dictionary
> attack on a non broadcasting AP by sending out probes?
>
> --
> Rob Fuller | Mubix
> Room362.com | Hak5.org | TheAcademyPro.com
>
[ reply ]