1
00:00:00,120 --> 00:00:04,710
OK, so before we actually learn to crack into well, try to understand it and his weaknesses just a

2
00:00:04,710 --> 00:00:06,720
little bit more so WEAP is pretty old.

3
00:00:06,720 --> 00:00:11,530
It dates back to 1997 when Wi-Fi was first introduced to the world.

4
00:00:11,550 --> 00:00:14,120
I was five years old a long time ago.

5
00:00:15,000 --> 00:00:22,800
The main floor, though, with WEAP was use of small IVs, and the size of the encryption key, which

6
00:00:22,800 --> 00:00:25,800
was pretty small, was either 64 bit or 128 bit.

7
00:00:25,830 --> 00:00:34,050
So in the IVs they make up twenty four bits of the encryption key and they were used along with the

8
00:00:34,050 --> 00:00:38,090
secret key to encrypt with the C4 cipher.

9
00:00:38,100 --> 00:00:44,580
So each packet is supposed to have a different I.V. but due to its size, reuse is very common, like

10
00:00:44,580 --> 00:00:45,600
on a busy network.

11
00:00:45,930 --> 00:00:51,720
So since the IVs are only twenty four bits long and the rest of the key is always the same, the total

12
00:00:51,720 --> 00:00:54,570
number of combinations are very small and pretty easy, you guys.

13
00:00:54,590 --> 00:00:58,830
So at the RC four cipher screen for a given IV is actually found.

14
00:00:59,520 --> 00:01:05,670
An attacker can decrypt packets that are sent that were encrypted with the same IV and we can forge

15
00:01:05,670 --> 00:01:06,160
packets.

16
00:01:06,420 --> 00:01:12,390
So this means that you don't really need to know the Webbe to decrypt packets if you know what the key

17
00:01:12,390 --> 00:01:15,290
string was used that was used to encrypt that packet.

18
00:01:15,300 --> 00:01:17,480
So, you know, technically you are doing manually.

19
00:01:17,490 --> 00:01:19,080
I know it sounds a little bit complicated.

20
00:01:19,080 --> 00:01:20,850
It's got like a high level of how it works.

21
00:01:21,090 --> 00:01:25,390
But we have tools that can do this automatically and literally in a matter of minutes or maybe even

22
00:01:25,410 --> 00:01:28,260
seconds, we're going to be using called aircraft.

23
00:01:28,260 --> 00:01:32,970
And so it is primarily used to hack into, you know, wi fi networks.

24
00:01:33,180 --> 00:01:38,580
And it has a whole suite of different tools that we're going to be using that's going to help us attack,

25
00:01:39,090 --> 00:01:42,730
you know, web networks and also networks later on.

26
00:01:42,960 --> 00:01:48,360
So the first attack that we're going to do is actually, you know, capturing packets and then we're

27
00:01:48,360 --> 00:01:53,040
going to crack the key using those packets is basically what we said before.

28
00:01:53,190 --> 00:01:59,190
So we're going to use arrow up M.G., part of the aircraft and G suite to capture a large number of

29
00:01:59,190 --> 00:02:02,700
packets flowing over a network, you know, into a file.

30
00:02:02,700 --> 00:02:07,560
And then we're going to use that file to actually crack the Web key, you know, with air cracking.

31
00:02:07,950 --> 00:02:11,490
So now let's go over to our seen scene, actually try to do this attack.

32
00:02:12,840 --> 00:02:14,840
OK, so back on Callaghan's machine.

33
00:02:14,850 --> 00:02:17,370
So I went and changed my router settings.

34
00:02:17,370 --> 00:02:17,870
I turned.

35
00:02:18,060 --> 00:02:26,290
So for WEAP, I had to go to down to a two point four megahertz frequency for it in order to enable

36
00:02:26,310 --> 00:02:26,640
weapon.

37
00:02:26,640 --> 00:02:33,300
I put it like a password in areas like Hack Me Please with to ease on it and try to fit like all the

38
00:02:33,300 --> 00:02:33,900
characters.

39
00:02:34,500 --> 00:02:37,290
It's like a certain character requirements how to do that.

40
00:02:37,320 --> 00:02:41,730
So now we're going to try to see if we can find the network with our wireless card.

41
00:02:41,740 --> 00:02:46,130
So let's check to make sure we have config.

42
00:02:46,560 --> 00:02:52,800
OK, we still have a W lan device there and it is running in monitoring mode.

43
00:02:53,070 --> 00:02:56,610
So we're going to do our first command.

44
00:02:56,910 --> 00:03:03,540
So we're going to try we're going to try to capture all the two point four gigahertz networks.

45
00:03:03,750 --> 00:03:14,310
So that's the arrow dump and G and then Dash Dash band and we're going to be and then put Queenland

46
00:03:14,310 --> 00:03:16,680
zero because that's the interface that we're going to be using.

47
00:03:16,680 --> 00:03:22,110
And B represents two point five gigahertz frequency and then we're going to go ahead and enter.

48
00:03:23,160 --> 00:03:24,060
We have to be Souto.

49
00:03:24,930 --> 00:03:30,310
So actually one way to avoid having to do pseudo autonomous or pseudo high command and you become route.

50
00:03:30,600 --> 00:03:34,350
So now we can try to stay in command without having to do that.

51
00:03:34,350 --> 00:03:35,630
It's kind of annoying anyway.

52
00:03:35,880 --> 00:03:43,800
So that says Band B between zero and then now is capturing all the networks that are in two point four

53
00:03:43,800 --> 00:03:44,700
gigahertz.

54
00:03:45,860 --> 00:03:54,170
And now would you want to do is actually look for the one that is for your network, so mine is probably

55
00:03:54,170 --> 00:03:57,460
the one right here that's is the only Web network.

56
00:03:57,920 --> 00:03:59,530
So let me expand this really quick.

57
00:03:59,930 --> 00:04:02,480
So it has the names over here.

58
00:04:02,510 --> 00:04:03,870
So this is mine right here.

59
00:04:04,640 --> 00:04:07,710
OK, so what we're going to want to take note of is the B side.

60
00:04:07,910 --> 00:04:10,480
So for my network is this one right here.

61
00:04:11,060 --> 00:04:13,630
So I'm going to want to copy that.

62
00:04:14,930 --> 00:04:21,200
And this is how this is going to allow us to actually directly target that network.

63
00:04:21,410 --> 00:04:24,310
So now let's see who's connected to this network.

64
00:04:24,470 --> 00:04:29,990
So we do Arrow, Dump and G again and then Dash, Dash B as a side.

65
00:04:29,990 --> 00:04:30,910
And that's just the name.

66
00:04:31,730 --> 00:04:35,140
It's going to be your the Mac address of your router.

67
00:04:35,150 --> 00:04:41,730
So we're going to paste what we copied and then we're going to choose channel.

68
00:04:42,560 --> 00:04:46,430
So you see the column, we need the channel numbers.

69
00:04:46,430 --> 00:04:51,920
So for mine it was to do Channel 11.

70
00:04:51,920 --> 00:04:53,210
So it's to 11.

71
00:04:55,190 --> 00:05:01,910
And then, right, this is not allow us to right all the data that we're capturing into a file.

72
00:05:01,920 --> 00:05:08,640
So we're just going to say, Watpac, what it's going to say that and then DoubleLine zero is the interface.

73
00:05:08,960 --> 00:05:10,210
So this is the command.

74
00:05:10,280 --> 00:05:13,130
So now let's say enter and let's see what happens.

75
00:05:14,090 --> 00:05:20,510
So now what is it going to do is going to start to capture the different devices that are actually connected

76
00:05:20,510 --> 00:05:21,080
to the network.

77
00:05:21,100 --> 00:05:27,770
So let's give it some time and we'll see, you know, exactly what devices are on this network.

78
00:05:28,310 --> 00:05:31,940
OK, so my laptop is the only thing that's connected there.

79
00:05:31,940 --> 00:05:37,730
And you can confirm that this is the address, the Mac address for your computer that you're testing

80
00:05:38,780 --> 00:05:40,430
like that's connected to the network.

81
00:05:40,440 --> 00:05:47,480
You can go do like in Windows IP fixation on look at the physical address for that adapter on this connecting

82
00:05:47,480 --> 00:05:51,410
to the network, and then you'll be able to see that it actually matches, sort of knows that this is

83
00:05:51,440 --> 00:05:54,570
this is my it sees that my laptop is connected.

84
00:05:54,590 --> 00:06:02,540
OK, so for this attack, what we're going to do is so we have now this dot cap file.

85
00:06:02,570 --> 00:06:08,510
OK, so what we're going to do is we're going to use aircraft and G to actually try to decrypt and spit

86
00:06:08,510 --> 00:06:09,120
the key out.

87
00:06:09,350 --> 00:06:17,480
So let's do air, crack, dash and G and then the file names of Watpac zero one cat.

88
00:06:19,290 --> 00:06:26,820
And then we're going to enter and now is going to is going through and is going to try to hack, so

89
00:06:26,820 --> 00:06:30,810
now so it says I didn't have enough initialization vectors.

90
00:06:31,050 --> 00:06:35,370
So I'm going to do is I'm going to go back and run the other command again.

91
00:06:36,770 --> 00:06:41,930
And we're going to we're going to try to write this again, and I'm going to try to get my computer

92
00:06:41,930 --> 00:06:43,070
to do a lot of traffic.

93
00:06:43,070 --> 00:06:47,210
So I'll be back and we're going to see how many how many different packages capturing.

94
00:06:48,490 --> 00:06:52,640
OK, so I have this running still is capturing a lot of packets.

95
00:06:52,750 --> 00:06:54,650
Said about sixty thousand right there.

96
00:06:54,830 --> 00:07:00,110
So we can go ahead and try the aircraft and command again and see if it actually works.

97
00:07:00,510 --> 00:07:01,780
OK, so it actually works.

98
00:07:01,780 --> 00:07:07,340
So after it captures sixty thousand lives, it actually was able to crack the password.

99
00:07:07,460 --> 00:07:12,090
So it actually got to ask you for my right here and it also has the X format right here.

100
00:07:12,290 --> 00:07:16,830
So what we can do is just to test, to make sure that actually works, that you guys don't think I'm,

101
00:07:16,850 --> 00:07:17,960
you know, making up.

102
00:07:18,320 --> 00:07:21,920
We can just copy that and what we can do.

103
00:07:23,640 --> 00:07:29,730
Is we can try on my computer, so let's go, let's disconnect.

104
00:07:31,180 --> 00:07:37,030
OK, so that's asked me to enter the network, so I actually put I'll just paste it in there.

105
00:07:37,040 --> 00:07:46,660
So let's see, it's going to be hack me, please, to ease on the air and just see you guys can see.

106
00:07:46,660 --> 00:07:47,860
How can we please.

107
00:07:48,460 --> 00:07:51,850
Next, verifying and connecting.

108
00:07:52,780 --> 00:07:59,980
And we should be able to successfully connect to this network, so it's saying that it isn't secure.

109
00:08:00,010 --> 00:08:03,450
This is like a windows, I guess, security feature in some way.

110
00:08:03,460 --> 00:08:06,650
It doesn't stop you from connecting those still connecting.

111
00:08:06,670 --> 00:08:07,750
And now we have a.

112
00:08:08,740 --> 00:08:10,620
Successful Internet connection.

113
00:08:11,790 --> 00:08:14,160
It is connected, so we're good to go.

114
00:08:14,190 --> 00:08:20,210
We learn how to crack weap encryption and this was the highest level with the 128 bit key.

115
00:08:20,550 --> 00:08:24,060
So and it was still able to crack, you know, in a short amount of time.

116
00:08:24,330 --> 00:08:25,990
It only took, what, six seconds?

117
00:08:26,040 --> 00:08:27,510
OK, so that's pretty cool.

118
00:08:27,540 --> 00:08:31,260
So now what we can do is move on to try some other types of attacks.