Cover Your Tracks After Hacking a Wifi
Greetings null-bytians. Say you have been able to penetrate your neighbour's AP, and of course you had spoofed your MAC address. Now you go on and test to see with excitement if the password really works and the MAC is still spoofed. You login successfully and you browse the web forgetting to check what your current MAC is. Well, if you may do an ifconfig command, you will see that your permanent MAC is being used. Oh!! and guess what, ... your real MAC has been logged. Even though there is the nifty setting for spoofing your MAC in the network settings, once you had logged in the first time, your MAC has been logged.
Firstly, before you connect to the AP, add the access point without making a successful login. We do that by selecting the AP on the networks list, input a wrong password, so that after it has tried to authenticate, the AP settings will be saved on your machine. To check if the AP is has been saved, goto to the network settings. In kali2.0 goto settings - network - wifi - History. The AP should be there.
Now that we have the AP settings, we will now select that AP and navigate to Identity. There you will find Cloned Address. Just type in a MAC address you want, 00:11:22:33:44:55 as an example. But I would suggest you use macchanger for maybe a known MAC. You can do that by entering
- kali > macchanger -A wlan0
Now just copy that new MAC address and paste it on the Cloned Address. Save the settings and connect to the wifi.
But before that, there is a reason why I used the -A in the command for macchanger. As you would have seen, in parenthesis next to the MAC, there is a device name.
Well that is so easy. Just type nano /etc/hostname in a terminal. After that remove the text in there, and type in the device name. Save the file with Ctrl+X and press y.
Now you can connect to the access point and only your the spoofed MAC will be logged and the device name as the hostname. Now the logs will have something like Samsung XX:xx:xx:XX:xx:XX. So if your neighbour or somewhere you usually goto to access the wifi, sees that log, they will be diverted by the hostname: samsung, while you are using your HP, or Dell laptop, and well you won't be a suspect for a bit while, I hope.
Sorry there are no pictures/screenshots. Hope this will help.