1 00:00:00,210 --> 00:00:07,260 The authentication attacks so we're still in our first section of the course which means all the attacks 2 00:00:07,260 --> 00:00:12,510 that we're going to talk about are attacks that we can launch on any network that is with or within 3 00:00:12,510 --> 00:00:17,480 our Wi-Fi range even if the network has encryption even if it uses a key. 4 00:00:17,550 --> 00:00:19,330 And even if we don't have that key. 5 00:00:19,440 --> 00:00:23,100 So we don't have to connect to any network to launch these attacks. 6 00:00:23,100 --> 00:00:25,840 The authentication attack is very useful. 7 00:00:25,860 --> 00:00:32,830 It allows us to disconnect any device from any network that is within our wildfire range to do this. 8 00:00:32,850 --> 00:00:37,200 We're going to spoof our market just to the target client market. 9 00:00:37,230 --> 00:00:40,900 So the target client is the client that we want to disconnect. 10 00:00:40,920 --> 00:00:46,130 We're going to present to be him and we're going to send the authentication packet to the router. 11 00:00:46,140 --> 00:00:51,120 So we're going to tell the router I want to disconnect from you at the same time we're going to spoof 12 00:00:51,180 --> 00:00:58,080 our MAC address to the Access Point Market to the router's MAC address and tell the target's client 13 00:00:58,200 --> 00:00:59,970 the client that we want to disconnect. 14 00:01:00,000 --> 00:01:03,640 We're going to tell him you need to re authenticate yourself. 15 00:01:03,720 --> 00:01:09,260 So when we do this we're going to successfully disconnect the target client. 16 00:01:09,390 --> 00:01:14,430 So we're going to pretend to be the target client and tell the access point that we need to disconnect 17 00:01:14,430 --> 00:01:16,180 from you we want to disconnect from you. 18 00:01:16,500 --> 00:01:22,080 And then we're going to pretend to be the access point and tell the client you need to reconnect if 19 00:01:22,080 --> 00:01:24,380 you need to re authenticate yourself. 20 00:01:24,510 --> 00:01:27,380 When we do that the connection is lost. 21 00:01:27,420 --> 00:01:30,940 We're going to use a tool called airplay ngi to do it. 22 00:01:30,960 --> 00:01:32,530 So let's see how we can do that. 23 00:01:33,470 --> 00:01:39,050 First of all when you we're going to need to run aero dump energy on the target network because we want 24 00:01:39,050 --> 00:01:41,090 to see which clients are connected to it. 25 00:01:41,090 --> 00:01:45,220 So we to see what devices are connected to this network. 26 00:01:45,230 --> 00:01:48,740 So our first command is going to be Aradigm and G. 27 00:01:49,090 --> 00:01:52,930 And I'm not going to need the right option so I'm just going to delete it here. 28 00:01:53,240 --> 00:01:59,450 So I'm going to need this arrow dump and the channels we put the channel of the target network and be 29 00:01:59,490 --> 00:02:02,800 is ID the MAC address of the terror network. 30 00:02:03,320 --> 00:02:10,030 And hit enter and now we're sniffing on my tag network which is UPC 1:54. 31 00:02:10,110 --> 00:02:18,140 So my target device is going to be this device and this method would work on any device whether it's 32 00:02:18,140 --> 00:02:20,490 a Linux Windows Mike. 33 00:02:20,750 --> 00:02:26,550 If it's a phone Android it doesn't matter they all use the same method of transparent packets. 34 00:02:26,550 --> 00:02:30,210 So it's going to work on any Wi-Fi enabled device. 35 00:02:30,240 --> 00:02:32,160 Let's make sure we have a connection here. 36 00:02:32,160 --> 00:02:38,060 I'm just going to go to Google dot com and make sure I'm connected to the Internet. 37 00:02:38,720 --> 00:02:42,940 OK so so we see now that Google is working perfectly. 38 00:02:43,280 --> 00:02:53,310 Let's go back here and I'm going to say this year so we're going to run airplay ngi now to disassociate 39 00:02:53,550 --> 00:02:55,400 one of the devices from the network. 40 00:02:55,560 --> 00:03:03,030 We can run it to disassociate all devices but I found when I do that the year it doesn't really disassociate 41 00:03:03,060 --> 00:03:06,930 all of them because we have too many targets to disassociate. 42 00:03:06,930 --> 00:03:11,800 So I'm going to choose one target which is going to be this device a device that we just saw. 43 00:03:12,210 --> 00:03:22,210 So it's going to be a play and you DVD-Rs the authentication attack and then we're going to put the 44 00:03:22,210 --> 00:03:25,660 number of the authentication packets we're going send. 45 00:03:25,720 --> 00:03:29,590 So I just put a very large number to keep the device disconnected. 46 00:03:30,130 --> 00:03:32,800 Then we're going to put the target access point. 47 00:03:33,010 --> 00:03:37,590 So it's the Mac address of our target access point. 48 00:03:37,610 --> 00:03:39,130 This is it. 49 00:03:39,330 --> 00:03:43,480 And then we're going to put the source for the client marketplace. 50 00:03:43,550 --> 00:03:48,820 The that's the device that we want to connect and it's this device here. 51 00:03:48,910 --> 00:03:54,750 So I put my kids they're just going to put one year of my wife I had with my remote. 52 00:03:54,940 --> 00:04:01,520 So again airplane and Jeep Diaz the number of packets. 53 00:04:01,790 --> 00:04:06,860 Then we put the Mac address of the target AP and then the Mac address of the device that we want to 54 00:04:06,860 --> 00:04:14,010 disconnect to hit enter and reply you know send in the authentication packets. 55 00:04:14,030 --> 00:04:18,780 Let's go to the target device and see if we still have internet connection. 56 00:04:27,150 --> 00:04:31,720 And as you can see we lost our connection and it's now trying to reconnect. 57 00:04:31,800 --> 00:04:37,570 It's not going to be able to connect because we're still sending the indication packets. 58 00:04:37,590 --> 00:04:45,020 So this device successfully disconnected and we can launch this attack on any network that we want. 59 00:04:45,030 --> 00:04:47,020 We don't need to know the username. 60 00:04:47,250 --> 00:04:51,110 Sorry we don't need to know the password or the key to that network.