4 – Bypassing Open Authentication

As from the previous lesson we uncovered a hidden SSID for an open network called “test” which had no encryption enabled and was well just invisible, for this lesson we will make the network visible and keep no authentication set in order to connect to the network via the terminal and thus bypass the open authentication of the access point.

Configure your router as follows:

1 - Router ConfigurationFirst make sure your interface is up before proceeding

ifconfig wlan0 up

then check it is up with

iwconfig wlan0

Connect to the access point with

iwconfig wlan0 essid “test”

Check you are connected with

iwconfig wlan0

2 - Connect to open access pointCongratulations you have connected to an open access point with no authentication, you can now browse to the access point management interface for example because you are connected or alternatively capture all the packets flowing through the network or even run a MITM attack.

Lesson Learned:

Don’t trust or use open wi-fi it’s just not safe and you don’t know what is actually going on when connected, it would be extremely easy for an attacker to steal your credit card details or social networking user name and password. This is like receiving a postcard from someone, anyone can read your message.

 

3 thoughts on “4 – Bypassing Open Authentication

  1. Hi!

    I wonder what is the purpose of bypassing open auth. Does your trick means that even the AP doesn’t know you’re connected to it?

    Thanks,

    btw, I love your blog !

    1. Hey,

      Thanks for the comment.

      The access point knows you are connected, even if you login to your AP you will see your MAC is associated.

      Anybody can connect to an AP with Open Authentication. The purpose of the lesson is to see how easy it is to do, if you connect to an AP like this somebody could Man in the Middle (MITM) you for example and steal your identity or even compromise your device and you shouldn’t use an AP that is wide open like this.

      During these lessons you should understand that we are learning in most cases about what not to do as these attacks are trivial to carry out, the aim is to make you think more securely by seeing how being insecure can get you into trouble.

      Open Authentication in this case also requires no password and that is how we are connecting to it so easily.

      Lesson learned in this scenario is that you should use a password at the very least!

Leave a Reply