Objective

Spoof a MAC address to gain access to MAC whitelisted network.

Distributions

It's recommended that you use Kali Linux, but you can install the required programs on any distribution.

Requirements

A working Linux install with root privileges and a wireless adapter. You should also have a router that you can set up with a MAC whitelist to test.

Difficulty

Easy

Conventions

  • # - requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
  • $ - requires given linux commands to be executed as a regular non-privileged user

Introduction

MAC address whitelisting sounds like a great way to prevent unauthorized access to your wireless network, but it doesn't work. The purpose of this guide is to demonstrate exactly how easy it is to spoof a whitelisted MAC address and gain access to a restricted network.

This guide is purely for educational purposes. DO NOT attempt this on a network that you do not own.

Install Aircrack-ng and Macchanger

If you're using Kali, don't worry about this part. You already have what you need. If you're on a different distribution, you need to install aircrack-ng and, if you'd prefer it to ip, macchanger. Chances are, they're both readily available in your distro's repos, so install them.
$ sudo apt install aircrack-ng macchanger

Find A Valid MAC Address

Before you spoof a MAC address, you need one to duplicate. Assuming that only whitelisted addresses can access the network, you need to find the MAC address of a connected device. The best way to do this is by listening to traffic with Aircrack.

Run ip a to find the interface of your wireless interface. When you have it, use Aircrack to create a new virtual monitoring interface.
$ sudo airmon-ng start wlan0
Take a look at the message in the terminal. It contains the name of the virtual interface. It's usually mon0.
$ sudo airodump-ng mon0
. You'll see a table of date about the wireless networks in your area. Find the one that you're trying to connect to, and note the BSSID and channel. When you have them, cancel that command.

Rerun airodump-ng, specifying the BSSID and channel. This will narrow your results and make the clients easier to pick out.
$ sudo airodump-ng -c 1 --bssid XX:XX:XX:XX:XX:XX mon0
At the bottom of these new results, you'll see a second table. That table contains information about client connections. To the right, you'll see the MAC address of the network followed by the MAC of client. Pick one, and notate it. That's what you'll be spoofing.

Spoof The MAC

If you haven't, you can close out of Aircrack now. Your new MAC address can be set with a simple command.
$ sudo ip link set dev wlan0 down
$ sudo ip link set dev wlan0 address XX:XX:XX:XX:XX:XX
$ sudo ip link set dev wlan0 up
Or
$ sudo macchanger -m XX:XX:XX:XX:XX:XX
Obviously, plug in the MAC of the connected client.

Connect

You can now connect to your network like you normally would. Open up your favorite GUI network management tool use the CLI. The network doesn't care about your computer, other than that MAC address. It'll even assign it a separate IP with DHCP.

Closing Thoughts

It really is that painfully easy to spoof a MAC address and gain access to a restricted network. Again, this is purely to illustrate that restricting MAC addresses on your home network will not prevent attackers from connecting.
ARE YOU LOOKING FOR A LINUX JOB?
Submit your RESUME, create a JOB ALERT or subscribe to RSS feed on LinuxCareers.com.
LINUX CAREER NEWSLETTER
Subscribe to NEWSLETTER and receive latest news, jobs, career advice and tutorials.
DO YOU NEED ADDITIONAL HELP?
Get extra help by visiting our LINUX FORUM or simply use comments below.

You may also be interested in: