1
00:00:00,790 --> 00:00:03,760
Well, look at that, we are here in the last section of the course.

2
00:00:05,360 --> 00:00:10,940
And it's a doozy, so WPX stands for Wi-Fi protected setup.

3
00:00:11,510 --> 00:00:16,310
Yeah, we mentioned at the beginning, but I want to continue and get into some details.

4
00:00:17,380 --> 00:00:25,810
So WPX was designed to make setting a secure access point simpler for the average homeowner, is first

5
00:00:25,810 --> 00:00:34,660
introduced way back in 2006, but by 2011 it was discovered that it had a serious design flaw that WPE

6
00:00:34,720 --> 00:00:41,330
pin could be brute force rather easily now with only seven unknown digits in a pin.

7
00:00:41,890 --> 00:00:49,990
There are just nine million 999 thousand 999 possibilities, and most systems can attempt that many

8
00:00:49,990 --> 00:00:52,290
combinations in a few hours.

9
00:00:53,350 --> 00:01:00,720
So once the spin is discovered, the user can use that pin to find the WPA to pre shared QI or password,

10
00:01:01,510 --> 00:01:09,160
now since a brute force attack against WPA to protected access can take many hours or many days even.

11
00:01:10,580 --> 00:01:17,420
Even if this feature is enabled on the app and not upgraded, it can be a much faster route to getting

12
00:01:17,420 --> 00:01:18,500
the pesky.

13
00:01:20,440 --> 00:01:26,470
So it's important to note here, though, that the new apps no longer have this vulnerability, since

14
00:01:26,470 --> 00:01:34,360
this attack will only work on apps sold during that window between 2006 and I'd say early 2012.

15
00:01:35,320 --> 00:01:41,950
Now, since many families keep their access points for many years, there are still many of these vulnerable

16
00:01:41,950 --> 00:01:42,850
ones around.

17
00:01:44,890 --> 00:01:50,860
Now, as I mentioned in the Wi-Fi interaction section, there are three primary methods used in Wi-Fi

18
00:01:50,860 --> 00:01:58,540
protected setup, pin entry button configuration or PVC and near field communication or NFC.

19
00:01:59,400 --> 00:02:06,150
So my access point here is using the push button configuration method so I can just and perform a pin

20
00:02:06,150 --> 00:02:12,450
attack to the access point, but the attack will fail because I won't be able to set a pin to my access

21
00:02:12,450 --> 00:02:12,810
point.

22
00:02:14,020 --> 00:02:21,730
First, remember to enable WPX from your modem interface, a sensor setting can change for each modem.

23
00:02:22,180 --> 00:02:26,410
You'll need to go to the interface of your modem and find the WPX section.

24
00:02:27,910 --> 00:02:32,490
So see how to perform a spin attack with wi fi t.

25
00:02:33,510 --> 00:02:35,940
Go to Calli, open a terminal scream.

26
00:02:37,550 --> 00:02:44,060
And let's check them out of the wireless interface, it's currently in managed mode, so needs to be

27
00:02:44,060 --> 00:02:47,750
placed in a monitor mode on the channel number of the access point.

28
00:02:49,810 --> 00:02:52,720
Then open wi fi TV from the menu.

29
00:02:58,630 --> 00:03:01,480
And here are the options for the attack.

30
00:03:02,960 --> 00:03:05,840
Run wi fi TV with a parameter.

31
00:03:09,080 --> 00:03:13,670
And when you see the target access point, just keyboard command, control, see?

32
00:03:18,260 --> 00:03:20,960
So like the number of the target access point.

33
00:03:23,580 --> 00:03:30,900
And that's all, if it starts the attack and it will try to crack the pin with two different methods.

34
00:03:35,710 --> 00:03:38,680
Now, you can see here that my attack failed because there is no pin.

35
00:03:40,570 --> 00:03:47,680
If you can activate weps with a PIN method on your access point, you can follow those steps and you

36
00:03:47,680 --> 00:03:48,640
will crack the pin.