WEBVTT 00:00.710 --> 00:00.990 Hi. 00:01.010 --> 00:02.120 Welcome back. 00:02.120 --> 00:06.440 In this lecture we are not breaking WP security with fake light. 00:06.430 --> 00:12.900 There is no computer associate war connected with Internet on that explained in the previous lecture. 00:12.920 --> 00:17.690 We learn how to breaking WPC Katie with active mind in this video. 00:17.680 --> 00:20.340 I'm going to use two different attack method. 00:20.480 --> 00:28.100 First one is called core Chop Chop attack and another one is fragmentation attack that chop chop. 00:28.130 --> 00:31.720 Attack can decrypt WP data packet without knowing the key. 00:31.790 --> 00:34.350 And it worked on dynamic WP also. 00:34.460 --> 00:39.740 However this attack doesn't cover WP cute self as you see later in this video. 00:39.860 --> 00:42.500 It just revealed a plain text. 00:42.570 --> 00:44.790 So what are your players gonna do. 00:44.850 --> 00:51.680 You're just gonna try to guess raced off the missing data as first packet hater are predictable if you 00:51.680 --> 00:57.710 kept your IP packet your plate check some of the header is correct after guessing are missing part. 00:58.490 --> 01:03.950 The only other thing to do with this attack is it's going to require at least one did a packet from 01:03.950 --> 01:05.270 the access point. 01:05.480 --> 01:07.570 So we're gonna go ahead. 01:07.580 --> 01:13.670 I'm good I'm walking through the attack so first open up a terminal and type if config 01:16.870 --> 01:19.770 I'm gonna use this well in one interface for the setting. 01:20.230 --> 01:25.930 Now so this code into monitor mode so I'm typing Jarmon dash and G then this type. 01:25.980 --> 01:32.320 Type start space then your interface name then presenter mine is while in 1. 01:32.380 --> 01:33.670 My code is down one of trauma 01:37.620 --> 01:39.300 as you can see in my new interface. 01:39.300 --> 01:49.600 Name is monster now scan the network for wireless access point air Ram dash Angie space then type interface 01:49.600 --> 01:55.260 name then press center minus mods you can go ahead and we can stop this weight control. 01:55.330 --> 02:02.840 Plus see we found our target access point. 02:02.960 --> 02:09.140 Now I'm gonna write down some detail about my target in a text editor so that I can use that for later 02:23.970 --> 02:29.180 I'm gonna monitor these particular Wi-Fi access point so type error dump Dash. 02:29.210 --> 02:32.680 Angie that is space dash dash. 02:32.700 --> 02:35.460 Be a society then type the Mac address. 02:35.460 --> 02:36.660 I'm gonna copy and paste 02:40.180 --> 02:45.400 dash C for channel then type does stuff you for right to find 02:48.640 --> 02:56.020 then type the interface name minus 1 0 then PRESENTER Now it's monitoring this channel and for this 02:56.030 --> 03:01.440 edit we don't have any client connected so we're gonna have to generate our own data. 03:01.440 --> 03:06.530 Now we're gonna create our own packet that we can very plain to the network then you have the right 03:06.550 --> 03:11.460 plane for track the password we need for roughly around 30 to 40 thousand data. 03:11.480 --> 03:15.800 Now we are going to associate a computer with access point so tight. 03:16.070 --> 03:26.520 Your play dash and G then space one for the fake authentication then space 60s for time delay then a 03:26.520 --> 03:29.010 space dash E for access point MAC address 03:38.120 --> 03:41.400 then type the interface name manage monster then presenter. 03:41.450 --> 03:47.150 Now we're going to look for a specific packet that you're gonna be on location so running comment type 03:47.210 --> 03:53.600 airplane dash Angie space then type dash for 4 Chop Chop outer 03:56.710 --> 03:58.090 then type dash B 04:02.940 --> 04:08.120 then tie backs point Mac interests then tie dash H for client mac address 04:16.240 --> 04:23.360 it shall be my interface MAC address and as you can see here this is the client MAC address I'm gonna 04:23.370 --> 04:24.150 copy and paste 04:36.750 --> 04:40.280 then type the interface name Mosier then percenter 04:43.850 --> 04:49.130 not type Y for years to use packet. 04:49.300 --> 04:52.560 So this is gonna go ahead and look for packet. 04:52.570 --> 04:58.050 And one thing is so easy to understand that short amount of packet is taking short time and a use amount 04:58.050 --> 04:59.530 of packet take longer time 05:02.460 --> 05:07.580 and I'm gonna pause the video until Leaf's hundred person done and after that I will continue 05:11.070 --> 05:11.690 okay. 05:11.780 --> 05:16.960 So as you can see here my access point was appearing in a drop packet shorter than 40 parts. 05:17.060 --> 05:22.370 So from here I'm gonna go ahead and we can create our own packaging that is going to play into the network 05:22.370 --> 05:28.190 to get that data 2k lined. 05:28.410 --> 05:35.700 Now we are going to type a comment packet force dash and G and if we hit enter it shows off the models 05:35.730 --> 05:37.800 that we're going to use in this comment. 05:38.070 --> 05:47.370 See here ERP for forcing ERP packet UDP for forcing UDP packet and ICMP which is a pink packet. 05:47.440 --> 05:48.380 No. 05:48.610 --> 05:52.100 And custom if you want to build a custom packet. 05:52.260 --> 05:55.150 Now I'm going to type it common for for senior pay packet. 05:55.320 --> 06:06.990 So type packet force and dash AMG space dash 0 is for forcing an error packet space dash a then type 06:06.990 --> 06:08.460 the access point mac address 06:13.740 --> 06:17.520 that is space dash each for climactic press 06:26.390 --> 06:30.100 a space that's key for destination ip address 06:33.590 --> 06:35.190 type to broadcast IP address 06:38.310 --> 06:50.090 space and then type Dash I for source IP address type broadcast IP addresses key that is space necessary 06:50.090 --> 06:52.190 for specify that case stream finally 06:55.550 --> 06:57.320 so copy and paste the finding 07:03.280 --> 07:21.560 then type space and DSW for right package to pick a fight typing finding then presenter. 07:21.670 --> 07:22.990 Now we're going to type a comment. 07:22.990 --> 07:30.940 Your play dash and G dash to shill for C4 use this off your dash LG and then PRESENTER And now as you 07:30.940 --> 07:35.990 can see here does too which use for interactive packet Wordplay. 07:36.040 --> 07:38.080 Now we are gonna do replay the network. 07:38.100 --> 07:39.780 So type of comment. 07:39.860 --> 07:40.160 Yeah. 07:40.230 --> 07:40.480 Dash. 07:40.490 --> 07:50.520 Angie space dash to ease for it in our tip package replay dash our for the packet Daddy won a replay 07:51.210 --> 07:54.000 space then typedef by the name 07:59.640 --> 08:06.990 then type the interface name minus mojo and then PRESENTER We're gonna use this packet. 08:07.050 --> 08:14.190 So type Y and then presenter and as you can see here we are injecting Packard and it's climbing up very 08:14.190 --> 08:15.050 fast. 08:15.150 --> 08:19.520 Now we are gonna crack W.P. key so type the comment error correct. 08:19.530 --> 08:20.610 Dash and G. 08:20.760 --> 08:23.970 Space the final name of your capture file 08:34.570 --> 08:36.260 then presenter. 08:36.370 --> 08:41.160 Now it's gonna take the data that you're collecting and it's gonna try to crack the key. 08:41.410 --> 08:45.210 I had created enough data packets so that the key has been cracked. 08:45.220 --> 08:45.880 Immediately 08:50.240 --> 08:52.790 now copy the key and paste into a text file 09:02.420 --> 09:04.470 and remove the hyping from the key. 09:04.640 --> 09:07.700 Now use the key to connect to the targeted wireless network. 09:10.050 --> 09:11.940 And I'm gonna use it right now 09:45.980 --> 09:46.500 okay. 09:46.550 --> 09:48.590 Finally see here. 09:48.590 --> 09:50.750 I'm connected now with my victim network. 09:50.930 --> 09:52.370 I'm using his network. 09:52.550 --> 09:57.110 So let's check my internet connectivity and pinging to Google dot com 10:01.080 --> 10:01.890 okay. 10:02.280 --> 10:06.780 I got the ping response so I'm okay with my internet connection. 10:06.870 --> 10:13.590 So guys now we know how to break WP security with fake client and that's all for this lecture. 10:13.590 --> 10:14.670 So see the next one.