1 00:00:01,230 --> 00:00:07,490 Any previous lectures we seen have to crack the debut epee encryption in minutes even if the target 2 00:00:07,490 --> 00:00:10,000 network is not busy. 3 00:00:10,400 --> 00:00:15,220 Now the next lecture as we will talk about cracking WPA. 4 00:00:15,290 --> 00:00:17,460 Debbie you too. 5 00:00:17,810 --> 00:00:23,900 First of all before we start talking about how to create these encryptions it is very important to understand 6 00:00:24,170 --> 00:00:27,050 that both of them are very very similar. 7 00:00:27,050 --> 00:00:34,660 The only difference between them is the encryption used to ensure message integrity WPA uses the key 8 00:00:34,790 --> 00:00:39,890 IP and WPA to uses an encryption called S.C MP. 9 00:00:40,540 --> 00:00:45,680 In any case this does not affect the methods that were going to use to cry. 10 00:00:45,940 --> 00:00:53,170 You pay a WPA to therefore all of the methods that I'm going to show you from now on will work on both 11 00:00:53,350 --> 00:01:02,920 WPA and WPA to know both of these encryption's came after W E P and they were designed to address the 12 00:01:02,920 --> 00:01:10,940 weaknesses and therefore both of them are much more secure and cracking them is more challenging. 13 00:01:11,500 --> 00:01:18,640 So before we start talking about how to crack them I want to cover a feature that if enabled and mis 14 00:01:18,640 --> 00:01:27,400 configured can be exploited to recover the key without having to crack the actual encryption the feature 15 00:01:27,400 --> 00:01:29,290 is called WPX. 16 00:01:29,320 --> 00:01:34,520 It allows devices to connect to the network easily without having to enter it. 17 00:01:34,540 --> 00:01:36,620 The key for the network. 18 00:01:36,780 --> 00:01:42,460 So it was designed to simplify the process of connecting printers as source devices. 19 00:01:43,010 --> 00:01:48,450 You can actually see a WPX button on most wireless enabled printers. 20 00:01:48,590 --> 00:01:54,860 If this button is pressed and then you press the WPX button on the rafter you'll notice that the printer 21 00:01:55,010 --> 00:01:59,750 will connect to the rafter without you having to enter the key. 22 00:01:59,750 --> 00:02:06,740 This way the authentication is done using an eight digit pin so you can think of this as a password 23 00:02:06,950 --> 00:02:12,570 made up of ONDI numbers and the length of this password is onlly aid. 24 00:02:12,590 --> 00:02:18,800 So this actually gives us a relatively small list of possible passwords and we can try all of these 25 00:02:18,800 --> 00:02:24,570 possible passwords within a relatively short time was very good this pin. 26 00:02:24,570 --> 00:02:30,010 It can be used to recover the actual WPA or WPA to keep. 27 00:02:31,030 --> 00:02:37,900 So as you can see with this method we are not exploiting WPA or WPA to we are actually exploiting a 28 00:02:37,900 --> 00:02:42,210 feature that can be enabled on these encryptions. 29 00:02:42,490 --> 00:02:48,910 So for this to work first of all we need WPX to be enabled on the network because it can be disabled. 30 00:02:49,330 --> 00:02:56,350 Also it needs to be mis configured so it needs to be configured to use a normal pin authentication and 31 00:02:56,350 --> 00:02:57,600 not a push button. 32 00:02:57,610 --> 00:03:05,020 Authentication if push button authentication is used then the rafter will refuse any pins that we try 33 00:03:05,290 --> 00:03:08,790 unless the WPX button is pressed on thereafter. 34 00:03:09,220 --> 00:03:14,110 Therefore the methods will not work if push button or apbt is enabled. 35 00:03:14,650 --> 00:03:21,560 So in most modern routers P B C comes enable by default or WPX will be disabled by default. 36 00:03:21,670 --> 00:03:29,950 So this method might not work but because WPA and WPA too are so secure and so challenging it is always 37 00:03:29,950 --> 00:03:36,700 a good idea to check if WP SS enabled and tried the method then I'm going to show you to the network. 38 00:03:36,700 --> 00:03:39,430 If it fails then you can try the other methods. 39 00:03:39,540 --> 00:03:42,110 I'm going to show you after the next lecture.