Thanks everyone who has responded, I will definitely be checking out
MDK3 in the not so distant future. I do have one question though, a
bunch of you have said that doing this isn't really useful or
practical. I'm wondering why? If I'm doing a PenTest when there isn't
any hosts connected to the client's wifi AP and it's 'cloaked', I
could be missing an attack vector. I'm probably missing something so
please let me know if I've overlooked something.
--
Rob Fuller | Mubix
Room362.com | Hak5.org | TheAcademyPro.com
On Mon, Oct 12, 2009 at 10:40 AM, Jon Janego <jonjanego (at) gmail (dot) com [email concealed]> wrote:
> As Mike Kershaw said, it's not terribly practical, but there is indeed
> a tool that will do it - MDK has an option that will do this for you.
> See the writeup here:
>
> http://forums.remote-exploit.org/backtrack3-howtos/15854-how-bruteforce-
hidden-essid-using-mdk3.html
>
> It relies on a good dictionary file and a lot of patience..
>
> Basically it will just probe the ESSID with the network name from the
> dictionary file and try and get a response.
>
> On Sun, Oct 11, 2009 at 4:54 PM, Rob Fuller <jd.mubix (at) gmail (dot) com [email concealed]> wrote:
>> I don't know enough about the inner workings of 802.11 to know if this
>> would work, but is there a tool out there that will do a dictionary
>> attack on a non broadcasting AP by sending out probes?
>>
>> --
>> Rob Fuller | Mubix
>> Room362.com | Hak5.org | TheAcademyPro.com
>>
>
MDK3 in the not so distant future. I do have one question though, a
bunch of you have said that doing this isn't really useful or
practical. I'm wondering why? If I'm doing a PenTest when there isn't
any hosts connected to the client's wifi AP and it's 'cloaked', I
could be missing an attack vector. I'm probably missing something so
please let me know if I've overlooked something.
--
Rob Fuller | Mubix
Room362.com | Hak5.org | TheAcademyPro.com
On Mon, Oct 12, 2009 at 10:40 AM, Jon Janego <jonjanego (at) gmail (dot) com [email concealed]> wrote:
> As Mike Kershaw said, it's not terribly practical, but there is indeed
> a tool that will do it - MDK has an option that will do this for you.
> See the writeup here:
>
> http://forums.remote-exploit.org/backtrack3-howtos/15854-how-bruteforce-
hidden-essid-using-mdk3.html
>
> It relies on a good dictionary file and a lot of patience..
>
> Basically it will just probe the ESSID with the network name from the
> dictionary file and try and get a response.
>
> On Sun, Oct 11, 2009 at 4:54 PM, Rob Fuller <jd.mubix (at) gmail (dot) com [email concealed]> wrote:
>> I don't know enough about the inner workings of 802.11 to know if this
>> would work, but is there a tool out there that will do a dictionary
>> attack on a non broadcasting AP by sending out probes?
>>
>> --
>> Rob Fuller | Mubix
>> Room362.com | Hak5.org | TheAcademyPro.com
>>
>
[ reply ]