Posted on

Learn Ethical Hacking Episode #22: Macchanger (Part 1)

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, we will discuss MAC addresses, what they are, how they can be used, and how you can change them in order to anonymize yourself.

So, what is a MAC address? A MAC address is a physical address for all of the individual network interface in your computer. All of your network interfaces have a MAC address, be it a wireless or wired interface, it will have a mac address burned into it. As soon as you connect to a wireless network, or a LAN with a wired cable, that particular MAC address is used to identify you in combination with an IP address within that LAN. The MAC addresses do not go further, they do not go outside the LAN, they do not go outside the first jump from the first router. So, as soon as you go through the first router from your computer, your MAC address is no longer being shared. Anyway, let’s see what a MAC address looks like. So, what command do we use if we want to list our network interfaces? We will be using ifconfig. Press Enter, there we go. I have a loopback interface which I’m not really that interested in, I would like to remove it for the time being, ifconfig eth0, and there we go. I just wanted a listing for this particular interface, and this is your hardware address. Do not confuse it with the ipv6 address which is here. You can see that it is quite a bit lot longer, and it has far more characters than a MAC address. The first three sets of the MAC address are used to identify the manufacturer of the device. You can’t really utilize these last three sets because you don’t really know what the manufacturer has done with them. But, you can use the first three sets in order to figure out who has produced the device, and if you know which company has made has made the device, then you can research the possible vulnerabilities for that device. This is also one of the methods of foot printing, or figuring out a MAC address of a device. If you have a MAC address, you can conclude with reasonable safety who produced the device, and in doing so you will get a better idea of what you can do with the device, how you can exploit it, and so on. Let’s take a closer look here, ifconfig eth0, you can also do this. Let me show you an application of the grep command. You can use | grep, and you type in HWaddr, and there you go, this is a far better listing. It will list eth0, link encap:Ethernet, and HWaddr, so you can see clearly what is written here. I could use the awk command to filter this out, and leave only the MAC address to be printed out, but this provides a good overview as well. Keep in mind that other things can be listed here from one system to another, but you can always view it using the ifconfig command. Once you know how MAC addresses are written, when you know their formats, you will be able to recognize them even in a vast mass of information.

Since MAC addresses are used to identify you within a wireless network, if somebody actually checks the devices within the network they will know who you are, they will be able to kick you off the network, and we would like to protect ourselves from being identified. We want to be anonymous. One of the downsides of MAC addresses and them being used as means of identification, is that you can view the other MAC addresses on the same network. You can then copy those MAC addresses, use them as your own, perform some sort of shenanigans on the network, admins will notice that there is a problem, then they will permanently ban that MAC address. You have successfully performed a denial of service attack. I have seen this used at university multiple times. Basically, what people would do is figure out what the professor’s laptop MAC address is, they would then deliberately perform some kind of malicious activity such as attempting to login in to the router, the administrators would notice, and they would permanently ban that MAC address. This would effectively render the laptop useless for that lecture because that laptop could no longer connect to the wireless projectors where the presentations were being held. They eventually did get caught, and it was a pretty messy situation, but I’m just giving you an example of how these things can be used and abused. I am not suggesting that you should do this. Instead, use it for a benevolent purpose. Don’t use it for silly things that literally have no benefit.

In this particular tutorial I would like to introduce you to a tool called macchanger, so macchanger, press enter, and there you go. You can see it is installed by default with Kali. So, it says Usage: macchanger [options] and then device. I’m going to clear this and type macchanger – -help. Let’s see what kind of options we have with this tool. So, you see you have a few options, not many, it’s a fairly simple tool. We just passed –help, we can print the version and exit, we can print the MAC address and exit. Actually, I have never tried this. Let’s give it a try. macchanger -s eth0. It does indeed give the address. I have always used ifconfig. It gives us the permanent MAC address, and then you have the current MAC address with which we can do whatever we want. Go ahead and clear the screen, for convenience sake, and call the help menu once more. Now this is what I was talking about a moment ago, it says do not change vendor bytes. So, if you want to change your MAC address but still stay within the same vendor, it says don’t change the vendor bytes. Those are the first six characters, the first three sets that is. We can set a random vendor Mac of the same kind, you can also use these parameters, however they are not used very often. Usually, what you would use is either a fully random MAC address, or you would use one for a particular vendor. So you would go online, see what the particular vendor MAC addresses are, or you can print known vendors. There is a list included with the program, let me just show you, -l, and there are a lot of them. So it is only showing you the first three sets, and then for the other three you can type in whatever you feel like typing in. If you would like to be discrete on a network, as a standardized device within that network and not raise any suspicions, this is a good way of doing it. You can have the MAC address of a device that the network administrator is familiar with. They won’t be able to tell the difference unless they actually dig deeper. The important thing here is that if anybody digs deep enough they will find that you are doing something, but the idea is not to raise any flags, any suspicion, and in such a way pass through unnoticed. You of course have the ability to generate a fully random MAC address, and you can also set your own. You can use the -m parameter, or –mac, and then you type in the MAC address that you would like. People will use the MAC addresses of legit devices on the network to conduct malicious activity, and then those devices would be banned.

Let me show you what changing a MAC address looks like. We will deal with this sort of an attack a bit later on when we get into wireless hacking, and breaking wireless encryption, and what you can do on a wireless LAN network. Here I just want to show you what a changed MAC address looks like. So let’s just show eth0. Ok, so, we’ve seen this a moment ago, now here’s what happens when I use macchanger. macchanger -random eth0, press Enter, and there we go. It says permanent, current, new. So this is the new MAC address and it says unknown, I haven’t assigned it to any particular vendor. If I now say show, excellent! So it says permanent and current. The current one is the one that is being shown, that can be seen within the LAN network, and that is used to identify you. You can’t actually destroy your own MAC address because it’s literally burned into the device, this one will be shared with everybody else, and this one will remain within your own computer. It will not exit your interface. Anyway, a good practice would be to set up a script which upon booting changes the MAC address, and sets it to random every time you boot your computer. I will show you this in the next tutorial. Until then I hope that you have enjoyed the tutorial, and thank you for watching.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato