1
00:00:00,820 --> 00:00:07,000
Now, the fake authentication attack allows you to associate to an access point using either of the

2
00:00:07,000 --> 00:00:14,380
two types of Web authentication, the open system, and shared key authentication, although it's not

3
00:00:14,380 --> 00:00:15,790
strictly required.

4
00:00:15,790 --> 00:00:20,740
Most of the attacks in this course will start with a fake authentication to the victim.

5
00:00:20,740 --> 00:00:24,130
AP and that's in order to be able to communicate with it.

6
00:00:24,200 --> 00:00:30,430
Now, before we can inject packets into a router, we have to authenticate ourselves with the router.

7
00:00:31,270 --> 00:00:34,240
And to do this, we use fake authentication.

8
00:00:35,710 --> 00:00:43,240
So this attack is useful in scenarios where there are no associated clients and you need to fake authentication

9
00:00:43,270 --> 00:00:46,150
to the access point, so let's get started.

10
00:00:47,070 --> 00:00:51,690
We'll check the mode of the wireless interface now before switching to monitor mode.

11
00:00:51,870 --> 00:00:56,190
We do need to know the backside of land zero.

12
00:00:57,540 --> 00:01:01,710
Type if config and copy the Mac address of Land Zero.

13
00:01:03,400 --> 00:01:09,500
And then when you want to anonymize yourself, you can change or fake your Mac address, so your original

14
00:01:09,500 --> 00:01:10,940
Mac address will be hidden.

15
00:01:12,620 --> 00:01:16,370
To do that, you can use a tool called Mac Changer, which.

16
00:01:17,330 --> 00:01:24,980
Happens to already be present in Cali, Linux, so just type Mac changer Dash are land zero.

17
00:01:25,960 --> 00:01:29,920
But we do need to bring down Wheatland zero first before changing the Mac address.

18
00:01:33,520 --> 00:01:37,150
All right, so it's changed now and this is the new Mac address.

19
00:01:38,260 --> 00:01:42,840
Type if config WGAN zero up, do you run the interface again?

20
00:01:44,000 --> 00:01:46,490
All right, so let's double check it with if config.

21
00:01:47,390 --> 00:01:53,060
OK, so that looks correct, and we can switch the wireless interface to monitor mode.

22
00:01:57,300 --> 00:02:05,100
Over the new terminal screen and let's start an arrow dump engy session just for this access point.

23
00:02:12,860 --> 00:02:19,580
So on this command will specify the channel with the sea parameter Mac address of the access point with

24
00:02:19,970 --> 00:02:27,320
VSS I.D. parameter and a file name with Dash W and interface.

25
00:02:38,470 --> 00:02:41,260
All right, so now we can start the fake authentication attack.

26
00:02:42,270 --> 00:02:46,950
Run er playing with the fake authentication parameter and zero.

27
00:02:48,970 --> 00:02:56,110
So zero means the association timing and seconds here, it will associate one time every second.

28
00:02:57,440 --> 00:03:05,480
We'll also add an E parameter to give the side of the access point, a parameter to give the Mac address

29
00:03:05,480 --> 00:03:11,720
of the access point and then finally will give the Mac address of the land zero.

30
00:03:19,180 --> 00:03:22,780
Now, according to the airplay output, the fake authentication was successful.

31
00:03:23,690 --> 00:03:30,350
And looking at the running of air dumping capture, we can see that our Mac address is now displayed

32
00:03:30,350 --> 00:03:32,570
as being associated with the access point.

33
00:03:33,970 --> 00:03:40,900
All right, but we're not actually connected, but we are authenticated with a network and have an association

34
00:03:40,900 --> 00:03:41,260
with it.

35
00:03:42,610 --> 00:03:49,390
So that way we can inject packet's into the access point, it will now receive any request that we send

36
00:03:49,390 --> 00:03:49,690
to it.