How To: Cover Your Tracks After Hacking a Wifi

Cover Your Tracks After Hacking a Wifi

Cover Your Tracks After Hacking a Wifi

Greetings null-bytians. Say you have been able to penetrate your neighbour's AP, and of course you had spoofed your MAC address. Now you go on and test to see with excitement if the password really works and the MAC is still spoofed. You login successfully and you browse the web forgetting to check what your current MAC is. Well, if you may do an ifconfig command, you will see that your permanent MAC is being used. Oh!! and guess what, ... your real MAC has been logged. Even though there is the nifty setting for spoofing your MAC in the network settings, once you had logged in the first time, your MAC has been logged.

Step 1: Create the AP with All the Settings Before Login

Firstly, before you connect to the AP, add the access point without making a successful login. We do that by selecting the AP on the networks list, input a wrong password, so that after it has tried to authenticate, the AP settings will be saved on your machine. To check if the AP is has been saved, goto to the network settings. In kali2.0 goto settings - network - wifi - History. The AP should be there.

Step 2: Setting Up the AP with a Fake MAC

Now that we have the AP settings, we will now select that AP and navigate to Identity. There you will find Cloned Address. Just type in a MAC address you want, 00:11:22:33:44:55 as an example. But I would suggest you use macchanger for maybe a known MAC. You can do that by entering

  • kali > macchanger -A wlan0

Now just copy that new MAC address and paste it on the Cloned Address. Save the settings and connect to the wifi.

But before that, there is a reason why I used the -A in the command for macchanger. As you would have seen, in parenthesis next to the MAC, there is a device name.

Step 3: Change Your Hostname to That Device Name

Well that is so easy. Just type nano /etc/hostname in a terminal. After that remove the text in there, and type in the device name. Save the file with Ctrl+X and press y.

Now you can connect to the access point and only your the spoofed MAC will be logged and the device name as the hostname. Now the logs will have something like Samsung XX:xx:xx:XX:xx:XX. So if your neighbour or somewhere you usually goto to access the wifi, sees that log, they will be diverted by the hostname: samsung, while you are using your HP, or Dell laptop, and well you won't be a suspect for a bit while, I hope.

Sorry there are no pictures/screenshots. Hope this will help.

-BlackErpeton

4 Comments

Good tutorial, something that many people don't think about is post exploitation yet its one on the steps were your the most vulnerable.

Cheers,
Washu

if we add the spoof command to rc.local, there is no need to repeat it after system login. I was using sproof hostname, but changing the mac i use ifconfig hw eth0

Truly appreciate it guys.

Remember to input the password, then save your settings, this is in under security.

Excellent info and food for thought. Much appreciated.

Share Your Thoughts

  • Hot
  • Latest