1
00:00:01,070 --> 00:00:08,300
So from the previous lecture we know in order to crack debut epee we need to first capture a large number

2
00:00:08,300 --> 00:00:09,400
of packets.

3
00:00:09,410 --> 00:00:12,460
This means that we'll capture a large number of babies.

4
00:00:12,680 --> 00:00:16,520
The Ivy is because they are assured they will be repeated.

5
00:00:16,520 --> 00:00:24,590
Therefore we'll be able to use a tool called aircraft energy to run statistical attacks and crack the

6
00:00:24,590 --> 00:00:25,720
web key.

7
00:00:26,300 --> 00:00:32,000
So we use an aero dump engine to capture the data and we see how to do this before then we are using

8
00:00:32,030 --> 00:00:36,680
aircraft engines to analyze this data and break the key.

9
00:00:36,680 --> 00:00:38,720
Let's see how to do this in practice.

10
00:00:39,580 --> 00:00:43,450
So I already have my wireless adapter in WANT TO mode.

11
00:00:43,540 --> 00:00:45,250
It's called Zero.

12
00:00:45,530 --> 00:00:50,470
I've also already run aero dump energy to list all the networks around me.

13
00:00:50,470 --> 00:00:54,400
And as you can see I have on you are NetWare cuz inaudible you epee.

14
00:00:54,550 --> 00:01:00,920
This is called Test AP 3 and this is my actual network that I use every day.

15
00:01:00,920 --> 00:01:04,990
I just configure it to use web to make this lecture.

16
00:01:05,020 --> 00:01:10,870
The main reason why I'm telling it in the network that I use daily because like I said for this to work

17
00:01:11,050 --> 00:01:18,340
we need to capture a large number of packets and therefore we need a busy network a network that gets

18
00:01:18,340 --> 00:01:22,480
used constantly to capture a large number of packets.

19
00:01:22,480 --> 00:01:26,440
If the network is idle then the process is a little bit complex.

20
00:01:26,560 --> 00:01:29,270
And I will cover that in the next lecture.

21
00:01:29,290 --> 00:01:36,340
So for now let's focus on the simplest form which is how to break into a busy network.

22
00:01:36,340 --> 00:01:39,850
So I'm going to copy the B.S. this idea of this network.

23
00:01:41,770 --> 00:01:45,330
I'm going to try and erode the energy against this network on the.

24
00:01:45,370 --> 00:01:49,790
So I showed you how to do this before I'm going to do air or dump energy.

25
00:01:50,020 --> 00:01:55,510
I'm going to do a dash dash yes you to specify the BSA side of the network.

26
00:01:55,510 --> 00:02:00,970
Then I'm going to do a dash dash channel to specify the channel of the network and we can see it's running

27
00:02:00,990 --> 00:02:02,130
on number one.

28
00:02:03,890 --> 00:02:10,540
And I'm going to do dash dash right to store everything that we capture into our file and that's called

29
00:02:10,540 --> 00:02:12,580
this file basic web.

30
00:02:13,850 --> 00:02:19,300
And then I'm going to specify in my wireless set up to monitor mode which is more than zero.

31
00:02:19,670 --> 00:02:23,170
So we run this command before in the targeted sniffin lecture.

32
00:02:23,300 --> 00:02:29,900
All we're doing is we're on an Aero energy against a specific network with this address with this channel

33
00:02:30,110 --> 00:02:34,210
and were storing everything in a file called basic web.

34
00:02:34,790 --> 00:02:36,070
I'm going to have a..

35
00:02:36,230 --> 00:02:41,030
And as you see error dump Energy is working and guess my target network.

36
00:02:41,040 --> 00:02:47,360
And if you notice you'll see the data in here is increasing really really fast.

37
00:02:47,720 --> 00:02:52,400
So this is something that I told you I'll talk about it later when we were talking about error dump

38
00:02:52,460 --> 00:02:58,430
engine because I didn't want to talk about ivie's that early stage.

39
00:02:58,430 --> 00:03:05,360
So basically what you see under the data column is the number of useful packets that contain a different

40
00:03:05,420 --> 00:03:09,200
i.v that we can use in order to crack the key.

41
00:03:09,500 --> 00:03:15,600
So the higher the number is the more likely we will be able to crack the key.

42
00:03:15,890 --> 00:03:21,530
As you can see this number is increasing very fast because like I said this is a busy network that is

43
00:03:21,530 --> 00:03:26,560
being used at the moment by my own computers and my own devices.

44
00:03:26,900 --> 00:03:30,110
If yours is increasing at first then don't worry.

45
00:03:30,140 --> 00:03:33,890
We will tackle this problem in the next lecturers.

46
00:03:33,890 --> 00:03:39,810
So for now we're capturing a lot of data and this should actually be enough to crack the key.

47
00:03:40,250 --> 00:03:46,760
So what I'm going to do I'm going to go down to my other terminal here and if we actually list the files

48
00:03:47,060 --> 00:03:51,850
you'll see that we have the capture of file that we specified in the right argument.

49
00:03:52,070 --> 00:03:56,030
And like I said we're always interested in the dot Cup file.

50
00:03:56,600 --> 00:04:00,260
So all we have to do right now is do a step two in here.

51
00:04:00,270 --> 00:04:00,520
Right.

52
00:04:00,530 --> 00:04:05,010
Erica like engy against the file that we captured in order to crack the key.

53
00:04:06,060 --> 00:04:07,580
So I'm going to do Eric right.

54
00:04:07,590 --> 00:04:08,360
Energy.

55
00:04:10,270 --> 00:04:15,030
Followed by the file name which is basic Webster are one dot cap.

56
00:04:17,300 --> 00:04:18,740
I'm going to hit enter.

57
00:04:19,870 --> 00:04:22,090
And as you can see it's tough on us.

58
00:04:22,180 --> 00:04:24,270
The key is found.

59
00:04:24,910 --> 00:04:27,970
So let me counsel this here.

60
00:04:28,030 --> 00:04:35,130
And right now we can connect to the targeted network which is called Test AP three years in this key

61
00:04:35,140 --> 00:04:42,440
password so you can literally just copy this and pasted or you can connect you as in this key.

62
00:04:42,440 --> 00:04:46,660
Now in some cases you will not see this as key password.

63
00:04:46,660 --> 00:04:51,550
That's why I'm going to show you how to connect as in this key right here because you're always get

64
00:04:51,550 --> 00:04:52,810
this.

65
00:04:53,170 --> 00:04:54,940
So I'm going to copy this.

66
00:04:56,220 --> 00:04:57,560
And I'm just going to paste it here.

67
00:04:57,560 --> 00:05:01,640
You can post it anywhere in a normal text editor or anywhere you want.

68
00:05:01,890 --> 00:05:08,000
And all you have to do is a more of the call that we see in here between the numbers.

69
00:05:08,520 --> 00:05:09,430
So I'm going to add more.

70
00:05:09,450 --> 00:05:15,530
This one and this and this and this.

71
00:05:15,540 --> 00:05:17,800
And now we can just copy this.

72
00:05:19,380 --> 00:05:23,650
Just to show you I'm actually going to connect from my host machine.

73
00:05:23,660 --> 00:05:30,240
He can connect from candy bar when we enable monitor mode we killed all our processes and sometimes

74
00:05:30,270 --> 00:05:36,140
even after you restart these processes getting connected to your tag it will be a little bit buggy.

75
00:05:36,270 --> 00:05:40,030
So it's best to literally just restart Carly and connect again.

76
00:05:40,050 --> 00:05:45,000
So just to save all of this time I'm going to connect from here.

77
00:05:45,090 --> 00:05:46,920
I'm just going to click here.

78
00:05:47,100 --> 00:05:53,070
I'm going to Kinect to test AP and go on to paste the password.

79
00:05:54,000 --> 00:05:58,280
So I'm just going to click on Sure the password to show it to you again the same password.

80
00:05:58,290 --> 00:06:00,150
We just remove the columns.

81
00:06:00,270 --> 00:06:02,030
I'm going to click on Join in.

82
00:06:02,460 --> 00:06:05,570
And as you can see we managed to connect.

83
00:06:05,670 --> 00:06:08,820
We can test this connection by go to Google.

84
00:06:10,480 --> 00:06:11,010
Effect.

85
00:06:11,050 --> 00:06:12,770
As you can see it's working.

86
00:06:12,880 --> 00:06:17,080
And we managed to break the E.P. encryption.