1
00:00:00,840 --> 00:00:04,780
So we're going to start to crack the key with air cracking.

2
00:00:06,260 --> 00:00:13,700
First, we'll need to capture handshake's and run the aircraft engy with a handshake file and a wordlist.

3
00:00:15,080 --> 00:00:17,300
So go to Calli terminal screen.

4
00:00:18,380 --> 00:00:19,710
Switch users route.

5
00:00:20,860 --> 00:00:22,850
Check them out of the wireless interface.

6
00:00:23,020 --> 00:00:29,320
It's in managed mode, so, of course, you know that it needs to be placed in a monitor mode on the

7
00:00:29,320 --> 00:00:31,060
channel number of the access point.

8
00:00:36,260 --> 00:00:39,350
Open a new terminal screen and start in Aradigm session.

9
00:00:53,380 --> 00:00:55,180
OK, so here's my access point.

10
00:00:56,770 --> 00:01:03,630
Start an arrow dumpings session for the access point, and we'll give a name for the output file with

11
00:01:03,640 --> 00:01:04,930
a W parameter.

12
00:01:10,570 --> 00:01:11,650
OK, so it started.

13
00:01:13,380 --> 00:01:18,810
Now, at this point, we'll need to capture a four way handshake, so to speed this process up, you

14
00:01:18,810 --> 00:01:21,930
can always start the authentication attack.

15
00:01:23,290 --> 00:01:25,620
Or reconnect to the access point with your phone.

16
00:01:30,610 --> 00:01:33,790
All right, so it looks like it has captured the handshake now.

17
00:01:35,130 --> 00:01:42,070
And you can see in this section here that we've got it, so now we'll start the air crack engie with

18
00:01:42,070 --> 00:01:43,140
this captured file.

19
00:01:45,620 --> 00:01:48,620
And we will need to add a dictionary.

20
00:01:51,000 --> 00:01:57,330
So this time I'm going to show you a wordlist that's already in Cali instead of using a checklist.

21
00:01:58,330 --> 00:01:59,650
So I'll open a new terminal.

22
00:02:03,160 --> 00:02:08,710
Change directory to user share word lists and Métis boyte.

23
00:02:10,390 --> 00:02:11,560
And lists the files.

24
00:02:13,330 --> 00:02:20,500
A Métis boy comes bundled with wordlist note that these are much smaller and mostly contained factory

25
00:02:20,500 --> 00:02:27,370
default or trivially simple user name and password combinations, but you don't see the point.

26
00:02:28,360 --> 00:02:34,330
The principal utility of Métis Plate Wordlist consists of its matching of usernames and default passwords

27
00:02:34,330 --> 00:02:35,170
with services.

28
00:02:37,500 --> 00:02:42,060
I use the password Ellis T file, so let's open it.

29
00:02:45,770 --> 00:02:48,590
So here are the multiple password combinations.

30
00:02:49,760 --> 00:02:56,030
Now, I do want to point out here, though, that the purpose of this course is to show you how to use

31
00:02:56,030 --> 00:03:02,820
the necessary tools and how to crack the key, because key cracking can take a long time.

32
00:03:03,140 --> 00:03:05,600
So that's why I've added my password to the list.

33
00:03:05,630 --> 00:03:10,880
I'm not going to sit here and have you watch hours and hours of attempts.

34
00:03:11,420 --> 00:03:12,440
OK, so.

35
00:03:14,670 --> 00:03:17,850
Now we can give this word list to the aircraft engie.

36
00:03:21,740 --> 00:03:23,660
First, copy the full path from here.

37
00:03:24,670 --> 00:03:26,620
Paste it and the filename.

38
00:03:29,680 --> 00:03:30,820
All right, so it started.

39
00:03:35,970 --> 00:03:42,990
OK, well, Keenan found in your face, so that's the first try, it might not find the key.

40
00:03:43,320 --> 00:03:45,230
So we do need to try it again.

41
00:03:51,340 --> 00:03:55,690
And there it is now it's completed, the key has been found.