Suppose you have a device that communicates using wifi, and you already know the password, but you can’t find the SSID name on your phone or computer. How can you connect? In this post, I will show you how to find and connect to the hidden network using Kali Linux.
- Kali Linux
- Wifi adapter that supports monitor mode
Getting SSID Name
Make sure you have the wifi adapter that supports monitor mode. Alfa wifi adapter is well known for this feature. For 2.4 GHz, you can get AWUS036NH, and for 5 GHz, you can get AWUS036ACH.
Plug it in and set it to monitor mode. Change the
wlan0 to your own wifi interface name.
ifconfig wlan0 down && iwconfig wlan0 mode monitor && ifconfig wlan0 up
Now on the list, you will find some hidden network with hidden SSID that tells you how much character it is. There are two ways to gather the name of SSID, first is the passive way; you wait for the client to connect, which will take time and does not always work.
Or, the aggressive way, you just kick the client out of that network so they will reconnect again. Client connection will reveal the SSID name and will be saved by
Now focus on which network you want to connect. Find the channel and restart
airodump-ng with only scanning that specific channel
airodump-ng wlan0 --channel 1
Now let that scanning runs, and we will open the new terminal. Let’s start a de-authentication attack to kick out the clients on the network.
aireplay-ng -0 5 -a XX:XX:XX:XX:XX:XX wlan0
The parameter -0 means the de-authentication attack and 5 is the packet counts. While -a is the parameter for network BSSID that you want to de-auth while wlan0 is the network interface.
Once you launch the attack, the clients will be kicked out and reconnected, and the terminal with
airodump-ng will reveal the name of the network SSID.
Remember, this attack does not work if no client is connected on the network.
Connecting to Hidden Network
Now we got the SSID name, we will just connect to it. Here I am using
nmcli , and the network uses WEP. The password is already known.
nmcli c add type wifi con-name <conname> ifname wlan0 ssid <ssidname>
nmcli con modify <conname> wifi-sec.key-mgmt none
sudo nmcli c up <conname> --ask
I will post how I got the WEP password later when I have time. Have a nice connection! 🙂