1
00:00:01,500 --> 00:00:07,650
Now that we've captured the handshake from our target access point and we have a word ready to use we

2
00:00:07,650 --> 00:00:14,490
can use aircraft energy to crack or determine the key for the target access point aircraft and just

3
00:00:14,490 --> 00:00:16,460
going to go through the wordless file.

4
00:00:16,650 --> 00:00:24,240
It's going to combine each password with the name of our target access point to create a PMK the PMK

5
00:00:24,240 --> 00:00:28,240
is created using a certain algorithm called the P.B. KDAF 2.

6
00:00:28,350 --> 00:00:35,310
So it's not like just combining the password and the SS ID it's encrypted them in a certain way and

7
00:00:35,310 --> 00:00:38,850
then it's going to compare the PMK to the handshake.

8
00:00:39,180 --> 00:00:44,970
If the PMK was valid then the password that was used is the passwords for the tag for the target access

9
00:00:44,970 --> 00:00:45,480
point.

10
00:00:45,660 --> 00:00:50,010
If it wasn't valid then aircraft engine is just going to try the next password.

11
00:00:51,560 --> 00:00:54,350
So again aircraft entry is going to go through the list.

12
00:00:54,350 --> 00:01:00,110
It's going to combine each passport in the list with the name of the target access point to create a

13
00:01:00,110 --> 00:01:03,310
PMK the PMK is compared with the handshake.

14
00:01:03,380 --> 00:01:07,850
If the PMK is valid that that password is the password for the target access point.

15
00:01:07,970 --> 00:01:12,100
If it's not then it's just going to try the next password.

16
00:01:12,110 --> 00:01:14,040
All this is going to be done using aircraft.

17
00:01:14,060 --> 00:01:16,260
And let's see how we do it.

18
00:01:16,580 --> 00:01:18,350
So it's going to be a.

19
00:01:18,850 --> 00:01:23,380
And you the name of the file that contains the handshake.

20
00:01:23,630 --> 00:01:30,360
And that is test hand-shakes zero on.

21
00:01:30,680 --> 00:01:34,140
And then we'll put a minus W and the name of the word.

22
00:01:34,140 --> 00:01:36,410
So I have it's called WPA a wordlist

23
00:01:39,910 --> 00:01:46,550
Kenji test the name of the file that contains the handshake.

24
00:01:46,700 --> 00:01:49,400
And then we have the name of the wordlist.

25
00:01:49,400 --> 00:01:53,080
After the minus W. I'm going to hit enter.

26
00:01:53,560 --> 00:01:54,420
And now crack.

27
00:01:54,440 --> 00:01:58,150
And just going to go through the list as you can see is trying all the passwords.

28
00:01:58,250 --> 00:02:04,760
It's going to combine each password with the name of the target access point to create a PMK and then

29
00:02:04,760 --> 00:02:06,990
compare the PMK to the handshake.

30
00:02:07,220 --> 00:02:14,210
If the PMK is valid then the password that was used to create the PMK is the password for the target

31
00:02:14,210 --> 00:02:15,170
access point.

32
00:02:15,260 --> 00:02:19,040
If the PMK is not there it's just going to try the next password.

33
00:02:22,360 --> 00:02:25,410
And as you can see the he was found.

34
00:02:25,450 --> 00:02:32,880
And that's the same key that we were able to find when we were when we typed it using the WPX feature.

35
00:02:33,310 --> 00:02:37,020
So this was the basic way using a wordlist.

36
00:02:37,150 --> 00:02:41,080
And it took two minutes and 16 seconds to crack the password.

37
00:02:41,080 --> 00:02:47,320
Now the speed depends on how quick your processor and if you have any processes running that's making

38
00:02:47,320 --> 00:02:49,030
your computer a bit slower.