1
00:00:00,700 --> 00:00:07,320
OK so from the previous video we know that to crack a whip keep all we have to do is sniff packets from

2
00:00:07,320 --> 00:00:11,160
the target network and gather as much as possible.

3
00:00:11,400 --> 00:00:18,570
Once we do that every crack and you will be able to use statistical attacks to determine the keystream

4
00:00:18,750 --> 00:00:19,860
and then the wiki.

5
00:00:20,000 --> 00:00:26,460
It does this because when we have a large number of IPs as I said the IP is only a 24 bit number so

6
00:00:26,880 --> 00:00:29,780
it can be exhausted easily in a busy network.

7
00:00:29,970 --> 00:00:36,450
So once we have two packets to have the same IP then we can decrypt the keystream and the web.

8
00:00:36,570 --> 00:00:42,900
Now when we have more than two packets obviously the method is going to work better and our chances

9
00:00:42,900 --> 00:00:45,870
of breaking the key will be higher.

10
00:00:45,900 --> 00:00:49,150
So we're going to try to gather as much as possible.

11
00:00:49,440 --> 00:00:53,020
Let's see the most basic case of cracking work.

12
00:00:53,160 --> 00:00:57,000
First of all I have my wife I called the monitor mode.

13
00:00:57,030 --> 00:01:02,820
So the first thing I'm going to try to do now is just see all the networks that are within my wife range

14
00:01:03,450 --> 00:01:06,240
and then I'm going to target one of those networks.

15
00:01:06,300 --> 00:01:13,510
So we're going to go Arundo Angie just very basic.

16
00:01:13,630 --> 00:01:19,090
And the second letter that came up is the network that we're going to do our attacks on.

17
00:01:19,090 --> 00:01:24,700
So it's a test AP So we're just going to launch early on I guess this network now so we're going to

18
00:01:24,700 --> 00:01:25,360
call.

19
00:01:25,570 --> 00:01:34,290
We're going to put the VSS Id like we did before just launch an aero dome against this AP and then I'm

20
00:01:34,290 --> 00:01:42,490
going to put the channel number two and then I'm going to arise to store all the packets that we capture

21
00:01:42,490 --> 00:01:43,370
into a file.

22
00:01:43,600 --> 00:01:51,360
And let's call it basic IP and that's it.

23
00:01:51,360 --> 00:01:53,560
So we're going to enjoy this idea.

24
00:01:53,640 --> 00:01:58,040
MAC address channel and the cloud that we're get the right stuff too.

25
00:01:58,070 --> 00:02:03,600
And our Wi-Fi card in monitor mode just launch an arrow down on a target network.

26
00:02:03,600 --> 00:02:08,480
Now as you can see this target's network you have here is quite a busy one.

27
00:02:08,520 --> 00:02:14,430
You can see the data and the frame's is going it's going up quickly quick enough not very quickly but

28
00:02:14,720 --> 00:02:16,290
it was very quick at the start.

29
00:02:16,290 --> 00:02:18,710
It is a busy network so we have a client here.

30
00:02:18,750 --> 00:02:21,200
This is the section where we see the clients.

31
00:02:21,270 --> 00:02:23,360
So this client is actually doing.

32
00:02:23,400 --> 00:02:26,370
I have it actually playing video on YouTube.

33
00:02:26,370 --> 00:02:30,860
So that's why it's going up Quicken slows down quick and slows down.

34
00:02:30,990 --> 00:02:33,840
So just trying to mimic active clients here.

35
00:02:34,020 --> 00:02:40,850
So all we have to do now is just launch our crack which is part of the aircraft suit against the file

36
00:02:40,890 --> 00:02:44,130
that we that dump has created for us.

37
00:02:44,130 --> 00:02:48,550
We can launch aircraft against it even if the file even if we didn't stop error don't.

38
00:02:48,780 --> 00:02:54,320
And it's going to keep reading the file and read the new package that was capturing here.

39
00:02:54,360 --> 00:03:02,650
So we're just going to go crack and just put the file on them so the file name was.

40
00:03:02,740 --> 00:03:04,870
So this file is still being created.

41
00:03:04,870 --> 00:03:08,280
It's getting larger and larger because it's getting more packets.

42
00:03:08,430 --> 00:03:11,560
We can run our crack injury with that file running.

43
00:03:11,680 --> 00:03:17,950
And then with Aradigm running and it's going to keep getting updated and it'll give us the password

44
00:03:17,950 --> 00:03:20,130
once it can crack it.

45
00:03:20,560 --> 00:03:27,430
So now crack is working and airdrome is collecting the package for us as you can see aircraft failed

46
00:03:27,880 --> 00:03:31,250
to determine the key within 5000 babies.

47
00:03:31,480 --> 00:03:33,760
So it's going to start with 3000 babies.

48
00:03:33,890 --> 00:03:38,240
That's going to wait until the babies reach 5000 and it's going to try again.

49
00:03:38,500 --> 00:03:41,840
Now the number of I was actually depends on the type of web.

50
00:03:41,840 --> 00:03:44,140
So there's two types of WEP encryption.

51
00:03:44,140 --> 00:03:50,150
There is a 128 and there is a 46 but the only difference is the length of the key.

52
00:03:50,200 --> 00:03:57,570
So the 46 require less number of Ivey's than the 128.

53
00:03:57,580 --> 00:04:03,820
Now the Ivey's Remember when we're talking about aircraft we said data is the number of useful packets.

54
00:04:03,820 --> 00:04:10,340
What I meant with that is the number of packets to have a unique ID or have a new IP.

55
00:04:10,360 --> 00:04:17,630
So the more packets we get with with different Ivey's the more our chances of crack in the Webcke.

56
00:04:17,980 --> 00:04:24,880
Now we're basically just going to wait until aircraft can successfully crack the worki Okay perfect

57
00:04:25,300 --> 00:04:27,760
I'm just going to Control-C there.

58
00:04:27,940 --> 00:04:34,460
Now and as you can see here Krock successfully managed to get the key.

59
00:04:34,500 --> 00:04:37,440
So that's the key for the target network.

60
00:04:37,440 --> 00:04:42,250
We were able to get it within twenty three thousand of data packets.

61
00:04:42,510 --> 00:04:46,490
Just because the target AP uses a 64 bit key.

62
00:04:46,650 --> 00:04:49,460
Let's see how we can use this key to connect to the network.

63
00:04:49,740 --> 00:04:59,550
So I'm just going to copy it I go to Jeannie and we're just going to remove these dots and use the key

64
00:04:59,550 --> 00:05:01,400
like this.

65
00:05:01,420 --> 00:05:11,040
So now we can connect to the target network and here we go see test a.p and just going to paste it here.

66
00:05:14,510 --> 00:05:17,230
And as you can see our connection has been established.

67
00:05:17,450 --> 00:05:23,960
So we successfully recovered the key word key for our target network.

68
00:05:24,290 --> 00:05:32,400
So I can just go to and confirm it in google and ping work so we are successfully connected to the target

69
00:05:32,400 --> 00:05:32,930
network.