WEBVTT 0 00:01.650 --> 00:08.340 We'll start a new section on hacking WiFi networks. To perform WiFi penetration testing 1 00:08.340 --> 00:16.730 you need your wireless card to support the monitoring mode and packet injection. Monitor mode enables 2 00:16.850 --> 00:23.850 the WiFi card to see and manipulate all wireless traffic passing through the air in its range. 3 00:24.170 --> 00:31.400 Without these ability you are limited to use your wireless adapter to only connect to wireless access 4 00:31.400 --> 00:35.190 points that accept and authenticate you. 5 00:35.270 --> 00:41.080 You can sniff only data frames and WiFi traffic destined to your cart. 6 00:41.090 --> 00:48.890 You cannot sniff WiFi management or control frames. Packet injection means injecting WiFi packets 7 00:48.980 --> 00:54.170 into a WiFi network without being authenticated to that network. 8 00:54.170 --> 01:02.480 This is essential when lunching attacks like the deauthentication attack or even when capturing the WPA2 9 01:02.480 --> 01:08.680 4-way handshake that is required to crack the wireless network password. 10 01:08.780 --> 01:16.660 So in order to hack WiFi networks a hacker needs a WIFI card that supports both monitor mode and packet 11 01:16.690 --> 01:17.720 injection. 12 01:17.720 --> 01:27.440 This is also required to follow the lapse in the Hacking WiFi Section of this course. Maybe you wonder if 13 01:27.440 --> 01:32.550 the international WIFI card of your laptop is good or not. 14 01:32.640 --> 01:40.770 The first thing you should know is that even though a WIFI card supports monitor mode and packet injection 15 01:41.100 --> 01:45.090 you cannot use it on Windows. On Windows 16 01:45.090 --> 01:49.190 you can only establish a basic WiFi connection. 17 01:49.200 --> 01:55.680 Generally speaking Windows cannot be used for hacking because it's really limited. 18 01:55.680 --> 01:59.000 So you need the Linux. Now 19 01:59.100 --> 02:06.440 if you run a Linux Distribution like Kali or Linux Mint in a VM then even though the internal card 20 02:06.540 --> 02:14.130 in your laptop supports monitor mode and packet injection, you won’t be able to use these features. 21 02:14.130 --> 02:24.580 In fact you won’t even see the wifi adapter in a VM but only a fake ethernet interface. For example 22 02:24.850 --> 02:34.450 I'm running Kali in VM and I set the wifi network into bridged mode. Instead of seeing the wifi 23 02:34.480 --> 02:35.360 adapter 24 02:35.380 --> 02:39.770 Kali sees it as an ethernet card. 25 02:39.860 --> 02:40.920 This is the card, 26 02:40.930 --> 02:42.480 eth0. 27 02:42.620 --> 02:46.140 My laptop has a WiFi adapter. 28 02:46.180 --> 02:50.230 This should be a WIFI card, but it's not. 29 02:50.260 --> 02:57.220 This is related to how VirtualBox and VmWare virtualize the physical card to the Guest 30 02:57.220 --> 02:59.560 operating system. 31 02:59.560 --> 03:07.440 It seems like the end of the road: you could have the right wifi card but can not use it for penetration 32 03:07.440 --> 03:13.230 testing or hacking either in Windows or Linux in a VM. 33 03:13.230 --> 03:16.260 So there are two solutions to solve this problem. 34 03:18.650 --> 03:27.500 You need an external USB WiFi adapter to use it for a Linux that runs in a VM. We will have an entire 35 03:27.500 --> 03:36.450 discussion on how to do it and what cards are good in the next lecture. And the second option is to install 36 03:36.540 --> 03:40.430 Linux directly on your laptop, not in a VM. 37 03:40.440 --> 03:48.270 From my experience I can confirm that most internal WiFi cards support monitor mode and packet 38 03:48.270 --> 03:56.850 injection only when Linux is the main OS; so if you have Windows on your main machine a second laptop 39 03:57.060 --> 04:04.660 on which you install Kali Linux could solve the problem. To check if with the intentional WIFI card 40 04:04.720 --> 04:08.680 in your laptop supports monitor mode and packet injection 41 04:08.680 --> 04:15.280 you have to check the chipset inside that the adapter. That chipset is what controls the behavior of 42 04:15.280 --> 04:24.190 the card and it's much more important than the adapter manufacturer. For example TP-Link, D-Link or Linksys 43 04:24.190 --> 04:31.510 are card producers and Broadband, realtek or Qualcomm atheros are examples of 44 04:31.510 --> 04:32.340 chipsets. 45 04:32.440 --> 04:41.060 The brand is not important but the chipset inside is. Using ssh I am connecting to another Linux 46 04:41.060 --> 04:46.250 machine that runs in the main OS, it's not running in a VM. 47 04:51.720 --> 05:00.390 I'm becoming root sudo su, the default password kali and I am root. Now to see the chipsets of the built 48 05:00.390 --> 05:14.250 in WiFi adapter I execute in Linux: lspci -k and I'm looking for Wireless 49 05:14.250 --> 05:18.090 network adapter. 50 05:18.270 --> 05:22.560 This is the section! By the way 51 05:22.560 --> 05:25.660 this is a common and cheap Asus laptop. 52 05:27.020 --> 05:36.410 We see that the chipset is Qualcomm Atheros QCA9565 and it supports mode monitor 53 05:36.680 --> 05:39.370 and packet injection. 54 05:39.380 --> 05:44.120 You could also execute a lspci-vv 55 05:49.050 --> 05:50.660 you'll see a lot of information 56 05:55.060 --> 06:00.220 To put to the adapter into monitor mode you execute the following commands. 57 06:00.220 --> 06:08.140 I won't explain to you what each command does because there is an entire lecture on how to do it, later 58 06:08.140 --> 06:09.600 in this section. 59 06:09.670 --> 06:18.710 I'm just executing the commands to check if the WiFi built in card is good or not; so iwconfig, the 60 06:18.710 --> 06:28.660 WiFi card is in managed mode, airmon-ng check kill, I am killing all the processes that could interfere, 61 06:33.050 --> 06:37.270 by the way airmon-ng is part of aircrack-ng, 62 06:37.430 --> 06:44.840 So if you don't have airmon-ng and you get "command not found" you install it by executing apt install 63 06:45.180 --> 06:46.580 aircrack-ng 64 06:49.250 --> 07:00.480 like this; and I am putting the interface into monitor mode airmon-ng start wlan0 - 65 07:00.520 --> 07:02.050 the name of the interface- 66 07:05.170 --> 07:16.810 and iwconfig to see its mode of operation. It's in monitor mode and I'll also teste it for packet injection 67 07:17.050 --> 07:21.010 which is fairly straightforward. From my experience 68 07:21.130 --> 07:29.050 I can say that any WIFI card of that supports monitor mode supports also packet injection. 69 07:29.050 --> 07:35.470 After putting the card into monitor mode we can run a test to see if the wireless network adapter is 70 07:35.470 --> 07:43.550 capable of injecting packets into nearby wireless networks using a tool called airplay-ng; so airplay 71 07:43.570 --> 07:49.670 -- test and the name of the interface. 72 07:49.960 --> 07:52.480 Now the interface has another name, 73 07:52.480 --> 08:00.310 a new one, wlan0mon That's the name after putting the interface into monitor mode so wland0 74 08:00.340 --> 08:04.050 mon and injection 75 08:04.060 --> 08:08.770 is working. I'm stopping it by pressing a control c. 76 08:08.770 --> 08:17.830 Now if you cannot install Linux as the main OS or the chipset of the built in cart is not good then 77 08:17.830 --> 08:25.150 you need an external USB WiFi adapter. We'll take a short break and in the next video I'll show you how 78 08:25.150 --> 08:31.150 to choose the right external WiFi adapter and how to connect it to Kali in a VM.