1
00:00:00,060 --> 00:00:05,850
So now that we know how to crack into the web now, let's go over how to crack the WPA and most likely

2
00:00:05,850 --> 00:00:08,570
what you're going to see, you know, out in the real world.

3
00:00:09,180 --> 00:00:16,890
So, you know, once we get, you know, obviously became, you know, an issue and it was easy to hack

4
00:00:17,220 --> 00:00:18,630
and everybody was doing it.

5
00:00:18,660 --> 00:00:22,500
They made WPA and WPA to, you know, as the replacements.

6
00:00:22,500 --> 00:00:24,570
So they use much strong encryption methods.

7
00:00:24,870 --> 00:00:30,660
And, you know, they're not really hackable by the same method as we did with each packet, with the

8
00:00:30,660 --> 00:00:33,630
WPA and is encrypted with a temporary key.

9
00:00:33,870 --> 00:00:42,150
So that prediction, like with the Ives and Webb or Webb, makes it almost impossible.

10
00:00:42,180 --> 00:00:51,120
So the best method of actually trying to hack into WPA and the WPA to practically is to capture the

11
00:00:51,120 --> 00:00:52,130
four way handshake.

12
00:00:52,530 --> 00:00:59,270
So whenever you try to connect to a Wi-Fi network that's using WPA and WPA two, there's a four way

13
00:00:59,280 --> 00:01:05,250
hand that kind of happens as you authenticate and and like like we first connect and try to authenticate

14
00:01:05,250 --> 00:01:10,440
to the access point and this package that is sent back and forth, we can use what's in those packets

15
00:01:10,770 --> 00:01:17,970
to actually figure out, you know, if Akeda we use, you know, is valid or if it isn't valid and can

16
00:01:17,970 --> 00:01:20,140
be achieved by doing a deal authentication.

17
00:01:20,140 --> 00:01:26,720
This act like knocking the host off the network and then there when you knock off, when you knock them,

18
00:01:26,720 --> 00:01:29,730
want to know where they're going to automatically try to reconnect.

19
00:01:29,760 --> 00:01:37,820
And when they reconnect, we're going to capture those the four way handshake for when they try to reconnect

20
00:01:37,830 --> 00:01:38,670
to the network.

21
00:01:38,850 --> 00:01:42,780
And we're going to use Arrow Energy to actually capture that.

22
00:01:42,870 --> 00:01:44,160
Then we can use this.

23
00:01:44,160 --> 00:01:45,810
We have the handshake packets.

24
00:01:46,080 --> 00:01:50,580
We can go ahead and create a wireless and then we can recover that.

25
00:01:50,580 --> 00:01:53,670
He with air can pretty quickly, pretty easily.

26
00:01:53,760 --> 00:01:54,720
Let's go ahead and try it out.

27
00:01:55,230 --> 00:02:03,330
OK, so we're going to crack into a WPA or WPA to we're going to go back to our callisthenics machine

28
00:02:03,330 --> 00:02:05,490
and we're going to run an arrow up again.

29
00:02:06,360 --> 00:02:13,140
So what I'm doing here, I have the best idea, the physical Mac address of the router that I'm trying

30
00:02:13,140 --> 00:02:19,950
to get into, put the channel that is specifically on and I'm writing everything that is capturing to

31
00:02:19,950 --> 00:02:23,520
a file called Aperture Handshake is going to go to the current folder that we're in.

32
00:02:23,910 --> 00:02:26,460
And then I'm also specifying the band.

33
00:02:26,820 --> 00:02:29,430
I found that if I didn't do that, I had some issues.

34
00:02:29,430 --> 00:02:30,810
So you could do that, if you like.

35
00:02:30,990 --> 00:02:36,510
And then I put my wireless interface, which is Dublin zero, and then we just run that.

36
00:02:36,510 --> 00:02:39,990
And now it's going to start to pick up the devices as we've seen before.

37
00:02:40,140 --> 00:02:42,510
So you can see up here, that's actually true.

38
00:02:42,510 --> 00:02:44,210
Now for authentication.

39
00:02:44,280 --> 00:02:45,120
Hospice care.

40
00:02:45,120 --> 00:02:46,580
Appreciate Shirkey.

41
00:02:47,310 --> 00:02:52,530
So now it's picking up the different devices that are actually connected to this access point.

42
00:02:52,540 --> 00:02:58,200
So what we can do is we can run the authentication attack for the wireless card I'm using for my computer.

43
00:02:58,440 --> 00:03:00,120
And it's currently connected.

44
00:03:00,120 --> 00:03:01,950
It has a sort of there, but it's currently connected.

45
00:03:01,950 --> 00:03:04,950
And I know that this is the Mac address for that.

46
00:03:05,130 --> 00:03:11,880
So we're going to do every play and this dash zero followed by a space it in a zero is a dual authentication,

47
00:03:11,880 --> 00:03:14,490
in fact, is going to send an infinite number of packets.

48
00:03:14,490 --> 00:03:18,870
And so we actually tell it to stop and then dash a right.

49
00:03:18,870 --> 00:03:25,470
Here is the Mac address of the router and then Dachsie is the Mac address of the client or their target

50
00:03:25,470 --> 00:03:27,440
computer or, you know, my wireless.

51
00:03:27,450 --> 00:03:30,810
And after that I have connected and I had issues.

52
00:03:30,810 --> 00:03:36,210
If I didn't put this dash in there, it's going to be much like force the attack force in the packets.

53
00:03:36,690 --> 00:03:42,270
So if you run into issues where it says, you know, no such business idea available, I would put that

54
00:03:42,270 --> 00:03:42,660
in there.

55
00:03:42,870 --> 00:03:48,030
And then the wireless interface, Dublin zero, and now it's sending the authentication packets.

56
00:03:48,270 --> 00:03:55,020
And what I notice as well is that sometimes, you know, the computer might actually like or the wireless

57
00:03:55,020 --> 00:03:57,720
adapter, it might actually reconnect very quickly.

58
00:03:57,720 --> 00:04:04,920
So it may or may not affect the Internet connection, but it's still, you know, Cindi's the these

59
00:04:04,920 --> 00:04:06,180
the authentication packets.

60
00:04:06,180 --> 00:04:08,100
And I believe that some of them might not actually work.

61
00:04:08,400 --> 00:04:14,360
But if we switch back over here, we actually see right here that we've actually caught the handshake.

62
00:04:14,640 --> 00:04:20,880
So what we can do now is actually create a wireless so we can actually has a lot of this since we have

63
00:04:20,880 --> 00:04:21,060
it.

64
00:04:21,060 --> 00:04:26,250
And then we can cancel all of this as well, because we have the handshake and now it's captured in

65
00:04:26,250 --> 00:04:27,960
that file capture handshake.

66
00:04:28,350 --> 00:04:34,860
So what we can do is actually create a wireless with an application called Crunch, and it's going to

67
00:04:34,860 --> 00:04:40,620
pretty much allow us to create a wireless that's going to let us, you know, try to pronounce brute

68
00:04:40,620 --> 00:04:45,210
force and figure out using this file that we captured the handshake.

69
00:04:45,210 --> 00:04:51,420
And we're going to use that, like we said before, against this wireless and try to figure out if,

70
00:04:51,420 --> 00:04:53,780
you know, one of these passwords is going to work.

71
00:04:54,030 --> 00:04:56,610
So I've already have a command prevent over here.

72
00:04:56,620 --> 00:04:59,970
So the way that you're going to use crutches, you put Krunch in the.

73
00:05:00,030 --> 00:05:05,080
This is this first number right here is the minimum number of characters, so I'm putting nine and then

74
00:05:05,080 --> 00:05:06,720
the maximum number of characters is nine.

75
00:05:06,720 --> 00:05:09,730
So it's going to make passwords that only have nine nine characters.

76
00:05:09,930 --> 00:05:17,510
Do you know, like six to like 10 if you wanted to, in case you didn't exactly know?

77
00:05:17,530 --> 00:05:18,840
I exactly know.

78
00:05:18,840 --> 00:05:24,840
And just to save time and effort with this, I at the password to this right here, just just so that

79
00:05:24,840 --> 00:05:27,360
you guys can see, you know, the capabilities of this.

80
00:05:27,360 --> 00:05:35,520
And so what you can do is you would put like, you know, after these numbers, you'll put what characters

81
00:05:35,520 --> 00:05:38,130
you want to be included in the password.

82
00:05:38,130 --> 00:05:45,030
So it can be like, you know, one, two, three, four, eight, Afgooye.

83
00:05:45,180 --> 00:05:48,590
It'll only include these letters when it's making the password.

84
00:05:48,600 --> 00:05:54,210
So every combination of these letters in there and then is Dashty option right here allows you to do

85
00:05:54,210 --> 00:05:54,760
a pattern.

86
00:05:54,900 --> 00:06:03,660
So if I wanted the password to always start with 56 and then have maybe, you know, so one, two,

87
00:06:03,660 --> 00:06:05,250
three, four.

88
00:06:07,280 --> 00:06:13,970
So these symbols right here actually indicate, you know, fill it with any of the other any of the

89
00:06:13,970 --> 00:06:21,080
available characters, and then you can then you can finish like maybe it always ends with, you know,

90
00:06:21,080 --> 00:06:23,480
seven, six, seven, eight, you know.

91
00:06:24,620 --> 00:06:28,520
And so what we'll do is it will make a pass, but it starts with five, six.

92
00:06:28,760 --> 00:06:32,000
It fills in these with the different character options that you gave it.

93
00:06:32,480 --> 00:06:39,530
And then it always ends with six, seven, eight so low it drastically lowers like the number of, you

94
00:06:39,530 --> 00:06:43,030
know, possible passwords, so or words.

95
00:06:43,250 --> 00:06:45,230
So let me actually show you an example.

96
00:06:45,230 --> 00:06:49,070
For our specific example, I already set the password.

97
00:06:49,340 --> 00:06:57,130
So we're going to say word lists of nine with nine characters in them, and then we're going to set

98
00:06:57,140 --> 00:06:58,300
the password to this.

99
00:06:58,700 --> 00:07:01,340
So it's going to make every combination of these letters.

100
00:07:02,770 --> 00:07:07,460
And then if we were to do that, it's a really big file as three gigabytes.

101
00:07:07,650 --> 00:07:16,430
So what we can do is we can refine this using the debt, the option, and then we can, you know, set

102
00:07:16,430 --> 00:07:17,590
it, give it a pattern.

103
00:07:17,600 --> 00:07:24,620
So let's say like we want the patzer to always start with H and and, you know, we want anything in

104
00:07:24,620 --> 00:07:30,740
between this because we know it's possible to h i maybe we have a hunch we can make it fill in every

105
00:07:30,740 --> 00:07:33,080
single one between this using at Symbol.

106
00:07:33,230 --> 00:07:38,680
So we will put one, two, three, four, five, six, seven, unless we wanted to always end in Z.

107
00:07:39,140 --> 00:07:42,530
So as you can see, this file is a lot smaller.

108
00:07:42,590 --> 00:07:44,870
OK, so now is creating the world.

109
00:07:44,940 --> 00:07:48,410
So what you want to do is we can actually output this into a file.

110
00:07:48,410 --> 00:07:52,260
So be D'Ascenzo and then, you know, just worthless.

111
00:07:53,060 --> 00:08:00,500
So now is going to create it and it's going to put it all, all of those into the file and then we can

112
00:08:00,500 --> 00:08:02,510
use that to crack into the network.

113
00:08:02,870 --> 00:08:08,930
So now is done and we can go ahead and try and er crack and G Command actually using the file that we

114
00:08:09,360 --> 00:08:12,800
that file that we created just now along with the cafA that we created earlier.

115
00:08:13,340 --> 00:08:21,290
So I see er crack dash and G and then we're going to put the name of the cat, the cat file which was

116
00:08:21,740 --> 00:08:22,610
the capture.

117
00:08:22,610 --> 00:08:23,270
Handshake.

118
00:08:24,530 --> 00:08:24,920
Yep.

119
00:08:25,340 --> 00:08:25,880
Cap.

120
00:08:26,270 --> 00:08:36,050
And then we're going to put Dash W and then put our file that we just created where it lists and then

121
00:08:36,230 --> 00:08:38,520
enter and now er crack is going to run.

122
00:08:38,780 --> 00:08:42,050
So it says take a while because it's a pretty big list.

123
00:08:42,350 --> 00:08:46,910
So you might want to try to refine the list a little bit more.

124
00:08:47,060 --> 00:08:49,760
So what we can do, we can actually.

125
00:08:51,450 --> 00:08:53,310
Go back and refine this a little bit more.

126
00:08:53,340 --> 00:09:00,480
So let's say that just to save us time so we know that it starts with pack.

127
00:09:01,350 --> 00:09:05,320
So we can all put this into where this is probably is going to overwrite the file.

128
00:09:05,640 --> 00:09:09,470
So now is only six thousand five hundred sixty one line, so now is done.

129
00:09:09,480 --> 00:09:11,820
So let's go ahead and try to air cracking again.

130
00:09:14,270 --> 00:09:19,090
And to take a lot less time and is going to find it, he found, hack me, please.

131
00:09:19,100 --> 00:09:20,220
So that actually works.

132
00:09:20,480 --> 00:09:21,440
So now.

133
00:09:22,550 --> 00:09:30,770
We know that the password for this network is actually how can we please and we use the file that we

134
00:09:30,770 --> 00:09:36,080
captured from Arrow Dump, you know, to actually go through and verify it with aircraft.

135
00:09:36,110 --> 00:09:38,950
So now you know how to hack into people's Wi-Fi.

136
00:09:39,200 --> 00:09:41,240
Don't use this maliciously, please.

137
00:09:41,720 --> 00:09:49,240
Now you guys know how to crack into weap, how to crack and then to utilize the powerful stuff.

138
00:09:49,250 --> 00:09:51,710
So now that we know how to do that, you know what's next.

139
00:09:51,720 --> 00:09:58,070
So we're going to actually go about actually, you know, when you connect to a network, you how you

140
00:09:58,070 --> 00:10:02,780
how to discover more information about the devices and actually find vulnerabilities.

141
00:10:02,790 --> 00:10:04,940
So we're going to use a variety of tools to do that.

142
00:10:05,630 --> 00:10:10,400
But I'm going to teach them different techniques using open source intelligence as well, so that you

143
00:10:10,400 --> 00:10:12,740
guys can learn how to gather information for an attack.

144
00:10:12,740 --> 00:10:14,990
Like maybe you're doing a penetration test in the future.

145
00:10:15,080 --> 00:10:17,310
You're going to know exactly how to gather information.

146
00:10:17,330 --> 00:10:20,780
So I appreciate you for listening as far as the next section.