1
00:00:01,780 --> 00:00:05,970
Now let's try to break into a WPA network.

2
00:00:06,030 --> 00:00:09,010
We'll start with detecting available access points.

3
00:00:09,800 --> 00:00:12,640
To do this click on the listening icon again.

4
00:00:13,500 --> 00:00:15,450
Two monitors pop up.

5
00:00:15,450 --> 00:00:17,520
We've seen them already.

6
00:00:17,660 --> 00:00:22,720
This time we're not interested in what network since we already know the key to the detect network.

7
00:00:23,690 --> 00:00:25,050
We'll focus on WPA.

8
00:00:25,060 --> 00:00:27,270
It works this time.

9
00:00:27,340 --> 00:00:31,210
The program has detected two such networks.

10
00:00:31,390 --> 00:00:34,070
One of the networks is actively used at the moment.

11
00:00:36,080 --> 00:00:45,170
The BSA idea of the first network is Deedy underscored w r t and a D is the value of the end of its

12
00:00:45,170 --> 00:00:46,290
MAC address.

13
00:00:47,300 --> 00:00:51,270
We compare it against the end of the address that can be seen at the bottom.

14
00:00:51,330 --> 00:00:58,430
They match we can conclude that the first network is the one being actively used.

15
00:00:58,520 --> 00:01:02,000
The next step is to click on an icon you can see below in the main window

16
00:01:07,310 --> 00:01:10,600
will select the DD w r t network in the new window.

17
00:01:12,230 --> 00:01:21,160
Breaking into a WPA protected VLAN amounts to cracking a pre-shared key in the case of WEP which is

18
00:01:21,160 --> 00:01:23,390
constantly vulnerable to attacks.

19
00:01:23,530 --> 00:01:30,070
Even a good configuration of all settings doesn't mitigate the risks with WPA networks.

20
00:01:30,080 --> 00:01:34,940
The attack is based on the assumption that the queue will be easy to crack and that it can be found

21
00:01:34,940 --> 00:01:37,310
on a wordlist of a given language.

22
00:01:38,080 --> 00:01:42,540
As you can see we have two such lists prepared.

23
00:01:42,640 --> 00:01:44,020
One is shorter.

24
00:01:44,020 --> 00:01:46,560
The other is longer.

25
00:01:46,730 --> 00:01:54,710
For the purposes of this presentation will start with the short list.

26
00:01:54,820 --> 00:01:56,770
Everything has been configured.

27
00:01:56,860 --> 00:02:01,380
It's enough now to click on attack the attack can be apparent.

28
00:02:01,410 --> 00:02:10,300
In this case if a network user is really using it actively for example downloading large files there

29
00:02:10,360 --> 00:02:16,430
is a possibility that our actions will disconnect and reconnect him to the network experience a connection

30
00:02:16,440 --> 00:02:24,250
drop as Wi-Fi users were used to a connection disappearing sometimes and that it can become weaker or

31
00:02:24,250 --> 00:02:26,520
slower.

32
00:02:26,550 --> 00:02:32,490
In this case we're trying to force a user to reauthorize allocate well check each time whether the password

33
00:02:32,490 --> 00:02:35,030
submitted by the user can be found on our shortlist

34
00:02:37,830 --> 00:02:41,510
as it turns out it can.

35
00:02:41,650 --> 00:02:46,770
The password for the attack network is password.

36
00:02:46,810 --> 00:02:51,460
The two presentations provided examples of typical infrastructure attacks.

37
00:02:51,460 --> 00:02:59,230
Breaking into Wi-Fi networks you were able to see for yourself that protecting Wi-Fi is up to you entirely

38
00:03:01,120 --> 00:03:07,330
appropriate countermeasures can simply be not using WEP and in the case you're already using WPA.

39
00:03:07,750 --> 00:03:14,310
Deploying a second version of the protocol along with implementing strong passwords.

40
00:03:14,500 --> 00:03:19,630
The best solution is to authenticate users through a radius server.

41
00:03:19,760 --> 00:03:20,280
Thank you.