Welcome to HackeRoyale.

WiFi Hacking Techniques IEEE 802.11 Vulnarability

WiFi Hacking Techniques IEEE 802.11 Vulnarability

In this Article we’ll be discussing about hacking WiFi and different types of WiFi hacking techniques

After reading this article you’ll be knowing about



Rouge Access-point

MAC Spoofing


Download AirCrack-ng from this site

The Caffe-Latte Attack:

The Cafe Latte attack allows you to obtain a WEP key from a client system.

Briefly, this is done by capturing an ARP packet from the client, manipulating it and then send it back to the client.

The client in turn generates packets which can be captured by airodump-ng. Subsequently,
aircrack-ng can be used to determine the WEP key.


aireplay-ng -6 -h 00:09:5B:EC:EE:F2 -b 00:13:10:30:24:9C -D rausb0

-6 means Cafe-Latte attack

-h 00:09:5B:EC:EE:F2 is our card MAC address

-b 00:13:10:30:24:9C is the Access Point MAC (any valid MAC should work)

-D disables AP detection.

rausb0 is the wireless interface name

Evil-Twin Attack with rouge Hotspot:

An evil twin attack is a very popular type of social engineering attack against the client.

The idea behind this attack is to create an access point with a name similar to what our victim’s and cause denial of service to the original access point.

This would make our victim connect to our fake access point thinking that it’s the original.

Furthermore an attacker would also spoof the MAC address of his interface to exactly match the MAC address of the real access point, so that it becomes much more difficult to detect. Let’s see how we would perform this attack in the real world:

1. We would use airodump-ng to scan for all neighboring access points.

2. We would note down the BSSID and change the MAC address of our interface to exactly match the BSSID of the real access point.

3. Then we would launch a fake access point with the same name as the original one.

4. Finally we would perform a De-authentication attack with mk3 or aireplay.

MAC Spoofing in Linux:

MAC Spoofing Spoofing the MAC The next task would be to spoof our MAC address with the MAC address (BSSID) of the victim’s access point.
We can easily do this by using the macchanger, for which we would need to bring wlan0 interface down and then use the –m parameter to set our MAC address and then bring it up.
This is discussed in more detail in the “Bypassing MAC filtering” section in this chapter.
ifconfig wlan0 down - - Bringing the interfaces down so we can spoof the mac. 
macchanger –m 20:10:74:c6:49:df mon0 – Changing with our desired mac addresses. 
ifconfig mon0 up

Thanks for reading this article!


featured posts


Get weekly updates by subscribing to our newsletter.