Support The Ethical Hacker !! - Click Here If You Like My Contents !!!

Wednesday, November 11, 2009

MAC Address Spoofing

This is the art of changing the MAC address of the network adapter of a host. This is very helpful in misguiding the investigators in the event of a cyber crime.

There are two methods to spoof  the physical address of the host

Method 1:
start > run >  cmd > ipconfig/all

 Now you can analyze the data displayed on the screen to find out with which network adapter you are connecting to the WWW.Please take a note of it.

The next step is to download a tool named Etherchange.This is more of a command line application.
 Run this tool from the command prompt.( I do not believe in spoon feeding even that procedure to you so find it out  yourself )

Now read all the instructions shown in the screen and change the MAC address of your network adapter.


Method 2:

This method is a little complex when compared to Method 1.Here no softwares are there to assist us in spoofing.Also we are doing some simple registry edits.So be careful while dealing with registry of your PC.

Hey nothing to worry here... I was just kidding... so lets see Method 2

start > run > regedit

Now a screen will pop up... Now you are in the registry editor.

Browse the registry for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}

We can see many subkeys under the selection. All are 4 digit subkeys

Now manually determine which key belongs to the Ethernet adapter used to access data.For this  you can search for the term "DriverDesc" key till you find the needed one.
On the right hand pane create or edit the string key named "NetworkAddress". Be sure to make the data type to REG_SZ. The value of the string must be the new MAC address.

Now disable and enable the network adapter and run the ipconfig/all ... you will notice that the MAC address of your system has been spoofed.

This concludes the MAC spoofing

2 comments:

sreein said...

OK GREAT nice work any way i find u r only interested in windows come on man come to the world of linux any way here
you list that Method two is difficult because we have to deal with the dirty registry of windows
Now iam going to say how to do this in linux using only one command

ifconfig eth0 hw ether macaddress


thats it who says linux is only for techiezz GO LINUX.............

Swaroop Krishnan S said...

@ sreejith:Sorry dude..You are thoroughly mistaken.I'm not a person who is biased only to one platform.My love is for computers and new technologies in this field.I like both UNIX and Windows platforms.Do visit my tools section and you can see that "BACK TRACK" is highlighted there.Hope you know that its a UNIX platform.So I guess its baseless to say that I'm more of a Windows person.

Hey ,By the way,Thx for the comment and I did not know about the ifconfig command.Once again Thx for the share.. Do visit again.. :)

refer this link for the tools( like BACK TRACK) :http://hackingwithswar.blogspot.com/2009/11/download-all-important-tools.html

regards swar