1
00:00:01,100 --> 00:00:09,140
Ended up there we see how to use air or dump energy to list all the networks around us and display useful

2
00:00:09,200 --> 00:00:11,740
information about them.

3
00:00:11,810 --> 00:00:19,520
Usually we do this in order to see our target network see the signal strength see how how far we are

4
00:00:19,520 --> 00:00:25,040
from it and then start targeting this target network.

5
00:00:25,040 --> 00:00:30,860
Now in this example I'm going to assume that my target network is this one right here.

6
00:00:30,890 --> 00:00:35,280
This is actually the network that my host machine is connected to.

7
00:00:35,570 --> 00:00:42,050
And now that I have my target network and I have some basic information about it let's see how we can

8
00:00:42,050 --> 00:00:45,010
run or dump energy against this network.

9
00:00:45,030 --> 00:00:53,590
Onlly not a guest on networks and this way we'll be able to gather more information about it.

10
00:00:53,780 --> 00:01:00,510
So to do this first of all I'm going to have to write the name of my program which is a dump energy.

11
00:01:01,820 --> 00:01:10,910
Then go on to specify a specific B S S eidy or a specific MAC address for error dump energy to sniff

12
00:01:10,910 --> 00:01:12,500
data from.

13
00:01:12,560 --> 00:01:16,550
So my target network has been this idea of this.

14
00:01:16,550 --> 00:01:19,240
We can see it here and there on the BSA side.

15
00:01:19,460 --> 00:01:23,980
So I'm going to copy it and then I'm going to do dash dash.

16
00:01:24,040 --> 00:01:29,410
SS idae I'm going to give it the obss idea that I just copied.

17
00:01:30,510 --> 00:01:37,190
Next I'm gonna specify a Channel 4 error dump energy to sniff on again.

18
00:01:37,200 --> 00:01:44,550
If you look under the Channel column in here we can assume my target network is on channel 2 so I'm

19
00:01:44,550 --> 00:01:46,530
going to do a dash dash Channel.

20
00:01:47,220 --> 00:01:48,480
To.

21
00:01:48,540 --> 00:01:50,290
So now we're still on air.

22
00:01:50,310 --> 00:01:58,130
And that I want to sniff data on Channel 2 and on LIVE FROM a network that has this SS I.D..

23
00:01:59,240 --> 00:02:05,860
I'm also going to tell error dump energy that I want you to store all the data that you're going to

24
00:02:05,860 --> 00:02:13,480
gather for me in a file so I'm going to see a dash dash right and then I'm going to type a file name

25
00:02:13,800 --> 00:02:15,540
and let's call this test.

26
00:02:16,880 --> 00:02:24,330
And at the end as usual I need to give it the name of my wireless adaptor in monitor mode which is more

27
00:02:24,330 --> 00:02:26,860
n0 in my case.

28
00:02:26,940 --> 00:02:28,870
So very simple command.

29
00:02:28,970 --> 00:02:31,010
Let's go over it one more time.

30
00:02:31,070 --> 00:02:35,280
Would do an error dump and that's the name of the program that I use.

31
00:02:35,500 --> 00:02:39,720
Intel and Onley want you to sniff data from a specific.

32
00:02:39,750 --> 00:02:41,060
Yes yes I did.

33
00:02:41,420 --> 00:02:45,340
Then I'm giving it the obss idea of my target.

34
00:02:45,830 --> 00:02:46,770
Then I'm Telenet.

35
00:02:46,790 --> 00:02:52,970
I want you to on this data from a specific channel and I'm given a channel that I want to sniff data

36
00:02:53,030 --> 00:02:53,420
from.

37
00:02:53,450 --> 00:03:00,800
Again we can go from here it's number two finally until and if I want you to write all the data that

38
00:03:00,800 --> 00:03:07,340
you're going to capture in a file that we're going to call a test and then I'm giving it my wireless

39
00:03:07,340 --> 00:03:11,400
adapter in monitor mode which is more than zero.

40
00:03:11,500 --> 00:03:19,250
Now I'm going to hit enter and as you see unlike the last time error Dopp energy is only shown me one

41
00:03:19,250 --> 00:03:20,590
network in here.

42
00:03:21,500 --> 00:03:25,280
This is the network that I wanted it to sniff data on.

43
00:03:25,700 --> 00:03:30,340
And we can also see we have a completely new section right now.

44
00:03:30,470 --> 00:03:37,910
So when I write an error dump entry in the previous lecture you seen I had the networks in here and

45
00:03:37,910 --> 00:03:39,940
I had nothing here at the bottom.

46
00:03:40,520 --> 00:03:46,410
But now you can see we have more entries in here at the second section of aero on energy.

47
00:03:46,670 --> 00:03:51,310
And basically anything that you see here in second section.

48
00:03:51,410 --> 00:03:57,430
These are the clients or the devices connected to this network.

49
00:03:58,420 --> 00:04:04,810
So right now we can see this network has three devices connected to it and you can see the MAC addresses

50
00:04:05,050 --> 00:04:13,150
of these devices under the station so you can see all of these devices connected to the same network.

51
00:04:13,150 --> 00:04:15,500
So the obss idea is still the same.

52
00:04:15,550 --> 00:04:17,970
This is the mike address of the network.

53
00:04:18,110 --> 00:04:25,090
And under the station we have the different clients or different devices connected to this network.

54
00:04:25,600 --> 00:04:27,140
We can also see the power.

55
00:04:27,130 --> 00:04:30,990
So this is the signal strength of each of these devices.

56
00:04:31,150 --> 00:04:37,870
We can see the speed we can see the amount of the last we can see the amount of frames or packets that

57
00:04:37,900 --> 00:04:45,000
we have captured and we can see if any of these devices are still probing for networks.

58
00:04:45,010 --> 00:04:51,310
So sometimes when you're on air a dump energy a guest or networks you would still see this section and

59
00:04:51,310 --> 00:04:57,090
you'd see that some devices are connected and they're literally trying or looking for networks.

60
00:04:57,950 --> 00:05:02,190
So you'd see the name of the networks that they're looking for under the proehl.

61
00:05:03,080 --> 00:05:08,250
Now if I had controllers see a dump and you will quit it will stop working.

62
00:05:08,350 --> 00:05:15,610
What I should have new files in my current working directory that contained the data that we just captured

63
00:05:15,670 --> 00:05:21,160
because I remember when we were under command we use the right option in here to store the data in a

64
00:05:21,160 --> 00:05:23,160
file called first.

65
00:05:23,380 --> 00:05:30,010
So if I just do this to list all the files in my current working directory you can see I have four files

66
00:05:30,310 --> 00:05:35,160
all of them stacked with test but they all have different extensions.

67
00:05:35,170 --> 00:05:38,330
So we have this yes we we have a nest egg smell.

68
00:05:38,410 --> 00:05:42,460
We have a car and we have a kingsmead SEE US v.

69
00:05:43,420 --> 00:05:51,580
Now also notice that there are dump energy automatically appended minus zero or Wyrm to each of these

70
00:05:51,580 --> 00:05:52,440
files.

71
00:05:52,450 --> 00:05:57,970
So in the future when you go and try to use the capture file Make sure you append to dachas year or

72
00:05:57,970 --> 00:06:02,160
one to the file name that you specify in the command.

73
00:06:03,320 --> 00:06:07,370
Now the main files are going to be using is the cap file.

74
00:06:07,370 --> 00:06:14,330
Again this file contains the data that we captured during the period that era dump energy was working

75
00:06:14,420 --> 00:06:15,660
on in here.

76
00:06:16,160 --> 00:06:24,320
And basically this file should contain everything that was sent to and from my target network so it

77
00:06:24,320 --> 00:06:32,300
should continue or LS chat messages user name is passwords or anything that any of these devices did

78
00:06:32,390 --> 00:06:33,540
on the Internet.

79
00:06:33,830 --> 00:06:37,700
Because anything that they have to do will have to be sent to the rafter.

80
00:06:37,760 --> 00:06:39,850
As we've seen before.

81
00:06:40,100 --> 00:06:47,830
The only problem is if you look at the encryption in here you can see that my target network uses WPA

82
00:06:47,840 --> 00:06:49,860
to encryption.

83
00:06:50,030 --> 00:06:56,570
So all of the data sent between the writer and the clients is encrypted.

84
00:06:56,780 --> 00:06:58,530
So let me show you what I mean.

85
00:06:58,760 --> 00:07:02,330
I'm going to use a tool called wire Shariff to analyze the data.

86
00:07:02,540 --> 00:07:04,880
And don't worry about how to use wire a shark.

87
00:07:04,910 --> 00:07:08,310
We all talk about it in details later on.

88
00:07:08,390 --> 00:07:14,270
Right now I just want to make sure that you understand the idea that now we're able to capture all these

89
00:07:14,270 --> 00:07:15,080
packets.

90
00:07:15,080 --> 00:07:22,570
The problem is these packets are encrypted so I'm going to do why are sharrock to runway or shark.

91
00:07:25,220 --> 00:07:27,710
And then I'm going to open my capture file.

92
00:07:27,740 --> 00:07:30,640
So I'm going to go to file open.

93
00:07:31,560 --> 00:07:33,540
And it's already in my rectory.

94
00:07:33,560 --> 00:07:37,950
So I'm just going to scroll down and select my first one car.

95
00:07:38,450 --> 00:07:42,860
I'm going to open it and I'll just put this in full screen.

96
00:07:42,860 --> 00:07:49,690
And as you can see if you click on any of these packets you can see we really have no useful data.

97
00:07:49,700 --> 00:07:51,970
You can see everything looks like gibberish.

98
00:07:52,160 --> 00:07:59,640
And we can't read a thing even though these packets might contain user names passwords or your elves.

99
00:07:59,870 --> 00:08:04,410
The only useful thing that we can see here is the device manufacturer.

100
00:08:04,640 --> 00:08:11,200
So we know one of the devices connected to the network that has this specific mac address.

101
00:08:11,390 --> 00:08:13,670
So is the one that ends with E.

102
00:08:13,910 --> 00:08:21,590
And if we go up we can see that it's this specific device we know now it is an Apple device so it could

103
00:08:21,590 --> 00:08:27,390
be an Apple computer or it could be an iPhone or own iPad.

104
00:08:27,530 --> 00:08:29,950
And this is actually my MacBook computer.

105
00:08:29,950 --> 00:08:32,130
That is the host machine.

106
00:08:32,330 --> 00:08:37,960
Again we can see we also have a device that's used and how are we chipsets this can be it can be a phone

107
00:08:37,960 --> 00:08:39,890
or it could be out there.

108
00:08:40,190 --> 00:08:46,490
And if you look at the MAC address here and compare it to the MAC address is that we have here you can

109
00:08:46,490 --> 00:08:49,900
see that this is actually under the BSA cida.

110
00:08:50,000 --> 00:08:52,260
So this is the MAC address of the routier.

111
00:08:52,280 --> 00:09:00,410
So now we know that the brand of my writer is how are we so we can gather more information by opening

112
00:09:00,410 --> 00:09:07,340
this file in Y or shark can we can can I guess what computer is out there and what operating systems

113
00:09:07,370 --> 00:09:08,960
they use was what.

114
00:09:08,960 --> 00:09:11,290
This is not detailed enough.

115
00:09:11,390 --> 00:09:18,620
And the main problem with this is the fact that the network is using encryption now in the next section

116
00:09:18,740 --> 00:09:21,860
or are going to be talking about how to break this encryption.

117
00:09:21,860 --> 00:09:28,430
And once we do you'll see how we can see the passwords the user names in plain text and you'll also

118
00:09:28,430 --> 00:09:35,930
see how we can map all of the computers on the same network gather detailed information about them hack

119
00:09:35,930 --> 00:09:39,480
in to them and do some really really cool stuff.

120
00:09:40,040 --> 00:09:45,650
Now you should guess by everything that I said so far if this network was an open network if it was

121
00:09:45,650 --> 00:09:51,950
a network that does not use any passwords then you wouldn't have been able to actually see all of your

122
00:09:51,950 --> 00:09:54,860
L's and everything that they do in here.

123
00:09:55,280 --> 00:10:00,980
But again if you can connect to the network without a password then you'll automatically be the post

124
00:10:01,010 --> 00:10:03,370
connection section section.

125
00:10:03,380 --> 00:10:08,450
Like I said we're going to talk about some really really cool attacks that you can do whilst you have

126
00:10:08,450 --> 00:10:12,560
the password or once you can connect to the network.

127
00:10:12,560 --> 00:10:14,090
So don't worry about why Rashad.

128
00:10:14,090 --> 00:10:21,260
For now I just wanted to make sure that you understand why encryption is useful and why it's used and

129
00:10:21,260 --> 00:10:25,340
why we can't see much now because we don't know the key.

130
00:10:25,340 --> 00:10:29,990
We will talk about why a shuriken all of that later on in the next section.