MAC address spoofing is a approach for quickly altering your Media Obtain Command (MAC) address on a community machine. A MAC Tackle is a exclusive and hardcoded address programmed into network equipment which simply cannot be altered forever. The MAC address is in the 2nd OSI layer and should be seen as the bodily address of your interface. Macchanger is a software that is bundled with any variation of Kali Linux which includes the 2016 rolling edition and can modify the MAC address to any sought after address until the next reboot. In this tutorial we will be spoofing the MAC address of our wireless adapter with a random MAC address produced by Macchanger on Kali Linux.
MAC Tackle Spoofing
First we need to have to just take down the community adapter in purchase to change the MAC address. This can be done using the following command:
ifconfig wlan1 down
Switch wlan1 with your own network interface.
Now use the following command to modify your MAC address to a new random MAC Tackle:
macchanger -r wlan1
As revealed on the screenshot, Macchanger will exhibit you the everlasting, current and altered MAC address. The everlasting MAC Tackle will be restored to your community adapter right after a reboot or you can reset your community adapters MAC address manually. Use the following command to restore the everlasting MAC address to your community adapter manually:
macchanger –permanent wlan1
You can also spoof a specific MAC address working with the following command:
macchanger -m [Spoofing MAC Tackle] wlan1
macchanger -m XX:XX:XX:XX:XX:XX wlan1
If you obtain the following mistake you need to have to just take down the community interface 1st ahead of altering the MAC Tackle (Command: ifconfig wlan1 down):
Mistake: Cannot modify MAC: interface up or not authorization: Simply cannot assign asked for address
Use the following command to convey up your community adapter with the new MAC address:
ifconfig wlan1 up
Use the following command to exhibit the current MAC address:
macchanger –show wlan1
MAC address spoofing Online video Tutorial
Thanks for viewing and please subscribe to my YouTube channel for extra hacking tutorials 🙂
In this tutorial we will exhibit you how to hack a TP link WR841N router wi-fi community with the default wifi password working with Kali Linux. TP Website link routers use the default WPS PIN as wifi password out of the box Which consists of eight characters. We will attempt the following strategies to hack a TP link WR841N router wi-fi community:
one. Very first we attempt to get the password working with Reaver one.5.2 with Pixiedust WPS and the Aircrack-ng suite. 2. Than we attempt to get the WPS PIN working with Reaver. three. The last process is capturing a 4-way handshake working with Airodump-ng, crank out a default password record with Crunch and bruteforce it with oclHashcat.
one. Pixie Dust WPS Assault with Reaver
Let us place the wifi interface in monitoring manner working with: airmon-ng commence wlan0
For anyone obtaining the following error in Kali Linux 2. Sana:
[X] Mistake: Failed to open ‘wlan0mon’ for capturing
attempt this as a option:
one. Put the device in Monitor manner Airmon-ng commence wlan0 2. A monitoring interface will be commenced on wlan0mon three. Use iwconfig to verify if the interface Method is in managed manner, if so then change it to keep track of rather of managed with the following instructions: ifconfig wlan0mon down iwconfig wlan0mon manner keep track of ifconfig wlan0mon up 4. iwconfig verify if the manner is monitoring manner now 5. airodump-ng wlan0mon
If vital kill the processes Kali is complaining about:
Begin airodump-ng to get the BSSID, MAC address and channel of our focus on.
airodump-ng -i wlan0mon
Now select your focus on and use the BSSID and the channel for Reaver:
We will need the PKE, PKR, e-hash one&2, E/R-nonce and the authkey from Reaver to use for pixiewps.
Now commence pixiewps with the following arguments:
Components: –E-Hash1 is a hash in which we brute drive the very first 50 % of the PIN. –E-Hash2 is a hash in which we brute drive the 2nd 50 % of the PIN. –HMAC is a operate that hashes all the information in parenthesis. The operate is HMAC-SHA-256. –PSK1 is the very first 50 % of the router’s PIN (ten,000 possibilities) –PSK2 is the 2nd 50 % of the router’s PIN (one,000 or ten,000 possibilities depending if we want to compute the checksum. We just do ten,000 mainly because it tends to make no time variance and it’s just simpler.) –PKE is the Community Important of the Enrollee (applied to validate the legitimacy of a WPS exchange and prevent replays.) –PKR is the Community Important of the Registrar (applied to validate the legitimacy of a WPS exchange and prevent replays.)
This router is not vulnerable to Pixie Dust WPS Assault.
2. Reaver WPS PIN Assault
Let us attempt to hack this router working with Reaver. Begin Reaver with 5 seconds hold off and imitating a win7 Personal computer:
reaver -i wlan0mon -b [BSSID] -vv -c one -d 5 -w
However the routers AP level limiting kicks in and locks itself following 6 tries and has to be unlocked manually. As an substitute you can attempt to DOS the router with MDK3 to drive a reboot which also unlocks the router.
three. Brute forcing the router with oclHashcat
Let us see if we can get the password by capturing a 4-way handshake and an offline bruteforce attack with a default router password record. We will be working with the following applications:
one. Crunch to crank out the password record. 2. Airodump-ng to seize the 4-way handshake. three. airplay-ng to drive de-auth linked clientele. 4. oclHashcat GPU on Home windows.
Let us commence Crunch with the following command: crunch eight eight 1234567890 -o /root/Desktop/88numlist.txt
This may possibly acquire a minor though, the final result is a 900 MB wordlist containing all attainable combinations of eight digits. This wordlist will hack a TP link WR841N router wi-fi community with one hundred% certainty.
Let us seize the handshake with Airodump-ng and Aireplay-ng and commence Airodump-ng to uncover our focus on with the following command: airodump-ng wlan0mon
Now select your target’s BSSID and channel and restart Airodump-ng with the following command and appear for a linked consumer:
airodump-ng –bssid [BSSID] -c [channel]-w [filepath to store .cap]wlan0mon
Now de-auth the linked consumer working with Aireplay-ng in a new terminal.
aireplay-ng – 2 -a [BSSID] -c [Client MAC] wlan0mon
De-auth succesful and the 4 way handshake is captured!
Step three: Bruteforce with default router password record We’ll use oclHashcat GPU on Home windows to crack the WiFi password working with the passwordlist we developed before.
We have to transform the .cap file to a .hccap very first working with the following command: aircrack-ng -J [Filepath to save .hccap file] [Filepath to .cap file]