Jump to content


Photo
- - - - -

Is there a way to get a hidden SSID without...


  • Please log in to reply
23 replies to this topic

#21 tekio

tekio

    5(R1P7 |<1DD13

  • Binrev Financier
  • 1,095 posts
  • Gender:Male
  • Location:The Blue Nowhere

Posted 27 September 2009 - 11:29 AM

yea but that would need a client to spoof and that would still kinda rule out the whole no clients thing. But if you were to brute force a mac. That would be kinda cool but still you would be brute forcing. My whole reason for the post honestly was to find a way without deauthing or brute forcing. Maybe some sort of packet decryption method. Where you could use your data packets to crack the actually SSID. I know it sounds dumb but it was just an idea. You would think it is impossible but look how far technology and security has come. You can crack into a network wirelessly. Seems like 10 or less years ago you had to use a phone line to get on the internet.


If the key is obtained you should be able capture decrypted packets in Wireshark. Still, there would need be traffic with the SSID though....

EDIT: forgot to add there is a vulnerability of the Nesses Datacom Algorithm where it is easy do decrypt because there are so many collisions. All WRT-54Gs that I've seen use this to generate WEP keys.

Edited by tekio, 27 September 2009 - 02:00 PM.


#22 unsupported

unsupported

    mad 1337

  • Members
  • 143 posts
  • Location:407

Posted 08 October 2009 - 09:59 PM

Wellenriter would discover a cloaked SSID. It is a passive sniffer that reads the packets to decode the SSID, rather than Netstumbler which sends beacon packets out looking for responses, aka "CAN YOU HEAR ME NOW? CAN YOU HEAR ME NOW? CAN YOU HEAR ME NOW?...".

Hope this helps.

#23 tekio

tekio

    5(R1P7 |<1DD13

  • Binrev Financier
  • 1,095 posts
  • Gender:Male
  • Location:The Blue Nowhere

Posted 24 October 2009 - 10:28 PM

I know Qwest, in my area uses Actiontec and will always deploy on the same channel: 9; but, will number the SSID according to ownership in the signal area.. For example the second household that can detect Actiontec will be named Actiotec1, the third Actiontec2, and so on.

Default SSID on my routers:
WRT-54G == linksys
Belkin N Wireless Router == Belkin
Apple Gigabit Airport Extreme == Apple

One new thing that I've discovered about the Qwest Actiontec wifi/modems is that EVERY single one in my area was deployed using only 60bit (really 40) encryption. Weird. Anyone else had any experiences with the Qwest Actiontec wifi/modems?

#24 Kool-Aide

Kool-Aide

    SCRiPT KiDDie

  • Members
  • 25 posts
  • Gender:Male
  • Location:Arkansizzle

Posted 25 October 2009 - 12:27 AM

[quote name='tekio' date='24 October 2009 - 10:28 PM' timestamp='1256441311' post='346604']
[quote name='tekio' date='22 September 2009 - 06:29 PM' timestamp='1253658598' post='345501']
I know Qwest, in my area uses Actiontec and will always deploy on the same channel: 9; but, will number the SSID according to ownership in the signal area.. For example the second household that can detect Actiontec will be named Actiotec1, the third Actiontec2, and so on.

Never even heard of Actiontec all my friends have quest here they are setup with 2wire routers.




BinRev is hosted by the great people at Lunarpages!