1
00:00:00,730 --> 00:00:06,160
In the previous lecture we seen how easy it is to kreipe debut epee.

2
00:00:06,510 --> 00:00:13,230
All we have to do is capture enough data and then draw on aircraft energy to crack the encryption and

3
00:00:13,230 --> 00:00:15,480
give me the key.

4
00:00:15,480 --> 00:00:20,880
Now one problem that we could face is if the network is not busy.

5
00:00:21,270 --> 00:00:26,950
If it's not busy then the number of data will be increasing very very slowly.

6
00:00:27,000 --> 00:00:33,520
Therefore we're going to have to wait for a while before we have enough data to crack the key.

7
00:00:34,420 --> 00:00:35,990
So let me show you an example.

8
00:00:36,190 --> 00:00:36,940
I'm just going to run.

9
00:00:36,940 --> 00:00:37,210
Error.

10
00:00:37,210 --> 00:00:40,670
Dump energy here and list all the networks around me.

11
00:00:41,780 --> 00:00:47,550
And you can see I have my test network my test AP in here is in web.

12
00:00:47,720 --> 00:00:51,630
If you look under the data you'll see that it's at zero.

13
00:00:51,760 --> 00:00:53,380
And it's not increasing.

14
00:00:53,380 --> 00:00:59,120
And even if it's going to increase it's going to increase very very slowly which means that I'm going

15
00:00:59,120 --> 00:01:04,010
to have to be waiting for hours before I can crack this network.

16
00:01:04,610 --> 00:01:12,700
So a solution to this is to forest the AP to generate new packets with New ivie's.

17
00:01:13,540 --> 00:01:19,380
Now before doing this we need to associate with this network.

18
00:01:19,420 --> 00:01:27,370
So what I mean by associate is we need to tell this network that we want to communicate with it because

19
00:01:27,370 --> 00:01:36,070
by default access points ignore any requests they get unless the device has connected to this network

20
00:01:36,190 --> 00:01:38,370
or associated with it.

21
00:01:38,440 --> 00:01:41,180
So don't get this mixed up with connecting.

22
00:01:41,200 --> 00:01:47,230
Were still able to connect to the network because we need the password to be able to connect to the

23
00:01:47,230 --> 00:01:47,950
network.

24
00:01:48,130 --> 00:01:54,610
What were what were doing right now is literally just telling the target network look I want to communicate

25
00:01:54,640 --> 00:01:55,250
with you.

26
00:01:55,360 --> 00:01:57,280
Dont ignore my requests.

27
00:01:57,280 --> 00:01:59,090
Thats all were doing it.

28
00:01:59,620 --> 00:02:04,660
So its something similar to what happens when you just click on the network when you want to connect

29
00:02:04,660 --> 00:02:05,220
to it.

30
00:02:05,290 --> 00:02:09,200
You still have to put the password you're just in the target network.

31
00:02:09,220 --> 00:02:11,210
I want to communicate with you.

32
00:02:11,230 --> 00:02:13,330
Please don't ignore me.

33
00:02:14,370 --> 00:02:20,880
So in this lecture I'm going to show you how to associate with the target network so we can communicate

34
00:02:20,880 --> 00:02:21,500
with it.

35
00:02:21,630 --> 00:02:29,760
And in the next lecture I'm going to show you how I was associated We can inject packets into the network

36
00:02:30,060 --> 00:02:35,190
and forest the number of data to increase very very quickly.

37
00:02:36,240 --> 00:02:43,200
First I'm going to run over them and against my target network which has this BSA cida So I'm going

38
00:02:43,200 --> 00:02:48,640
to copy it and we're going to use the exact same command that we have been using so far.

39
00:02:48,780 --> 00:02:50,860
So we're going to do it or dump and G.

40
00:02:51,720 --> 00:02:52,380
That should I should.

41
00:02:52,430 --> 00:02:53,940
Yes yes I did.

42
00:02:53,970 --> 00:02:57,270
Followed by the mike address of my tower did that.

43
00:02:57,270 --> 00:02:58,410
That ash Channel.

44
00:02:59,410 --> 00:03:04,030
Followed by the channel which my target is running go on which is six.

45
00:03:04,390 --> 00:03:10,110
And we were going to store all of this so we're going to do a dash dash right and we'll call this file

46
00:03:10,480 --> 00:03:14,520
a our AP replay because thus the name of the attack.

47
00:03:14,740 --> 00:03:19,680
And then I'm going to put my wireless adapter in monitor mode which is zero.

48
00:03:20,730 --> 00:03:26,720
So a very simple command that we'd done before were using error dump energy to capture data from our

49
00:03:26,720 --> 00:03:30,310
network with this MAC address running on this channel.

50
00:03:30,330 --> 00:03:34,430
We're a story in everything and a file called arpu a play.

51
00:03:35,420 --> 00:03:36,990
I'm going to have a..

52
00:03:37,000 --> 00:03:40,450
And as you can see it's running against my target.

53
00:03:40,450 --> 00:03:47,350
I noticed that there is increasing really really slow or it's actually not increasing at all right now.

54
00:03:48,500 --> 00:03:55,390
Now to associate with this network will it go on to use a program called Air replay energy.

55
00:03:55,700 --> 00:04:01,560
So we're going to type a reply energy followed by a dash dash fake.

56
00:04:01,610 --> 00:04:05,070
Because we want to do a fake authentication attack.

57
00:04:06,000 --> 00:04:11,170
We're going to with zero because we all knew what to do with this once we were going to do a dash 8

58
00:04:11,170 --> 00:04:14,780
to specified the Mac address of the target network.

59
00:04:14,780 --> 00:04:17,770
So I'm going to paste it I've already copied it.

60
00:04:17,960 --> 00:04:25,490
Then we're going to do a dash page to specify the Mac address of my wireless adapter and to get the

61
00:04:25,490 --> 00:04:27,940
MAC address of my wireless adapter.

62
00:04:27,970 --> 00:04:29,730
I'm going to do if config.

63
00:04:31,200 --> 00:04:35,580
It's the first 12 digits of the unspeak field.

64
00:04:35,580 --> 00:04:42,000
Usually you'd see it after the other but when you enable monitor mode it'll show up like so.

65
00:04:43,200 --> 00:04:44,860
So I'm going to copy this.

66
00:04:46,500 --> 00:04:48,040
I'm going to paste it here.

67
00:04:49,390 --> 00:04:52,620
And I'm going to replace the minuses with.

68
00:04:52,610 --> 00:04:53,500
Call on.

69
00:04:54,750 --> 00:04:55,630
And that's it.

70
00:04:55,680 --> 00:04:56,580
It's done.

71
00:04:56,850 --> 00:05:03,580
And finally I'm just going to give the name of my wireless adapter in monitor mode.

72
00:05:04,910 --> 00:05:06,580
So a very simple command.

73
00:05:06,590 --> 00:05:12,160
We use an aeroplane engine which is a tool that can be used to run a number of attacks and we see news

74
00:05:12,170 --> 00:05:16,500
seen this with the authentication attack were still at it.

75
00:05:16,550 --> 00:05:19,740
We want to run a fake authentication attack.

76
00:05:19,850 --> 00:05:27,300
We want to do with this once we are giving it the MAC address of my target network after the A.

77
00:05:27,710 --> 00:05:32,870
Then I'll give it the MAC address of my wireless adapter after the rage.

78
00:05:32,990 --> 00:05:37,960
And finally I'm giving it my wireless adapter in monitor mode.

79
00:05:38,390 --> 00:05:45,200
Now before I run this notice in here under the off we have nothing and we don't have any clients show

80
00:05:45,230 --> 00:05:47,060
up in here at the bottom.

81
00:05:47,890 --> 00:05:56,310
No if I hit enter you can see under the earth it's showing up as open and you can see we have a new

82
00:05:56,310 --> 00:05:59,920
client here associated with the network.

83
00:06:00,030 --> 00:06:04,690
If you look in here you'll see this is the MAC address of my target network.

84
00:06:04,770 --> 00:06:09,510
And right here is the MAC address of my wireless adapter.

85
00:06:09,810 --> 00:06:13,210
So right now I am associated with the terrorist network.

86
00:06:13,320 --> 00:06:20,110
And if I send it anything it's going to accept it and it's going to communicate with me again.

87
00:06:20,130 --> 00:06:22,040
I am not connected to the network.

88
00:06:22,050 --> 00:06:23,860
I still can't use the Internet.

89
00:06:23,880 --> 00:06:29,240
I'm literally just associated with the network so I can communicate with it.

90
00:06:30,490 --> 00:06:37,360
Now in the next lecture I'm going to show you how we can communicate with this network in a way to force

91
00:06:37,360 --> 00:06:45,110
it into generating new packets with New ivie's which will allow us to crack the key very very quickly.