1 00:00:00,300 --> 00:00:03,350 Hello and welcome to the practical part of brute force attack. 2 00:00:03,840 --> 00:00:10,920 For your information, I'm using Kali 2.0 as a machine and Windows eight point one is the target machine, 3 00:00:11,430 --> 00:00:13,140 which is connected to a Wi-Fi. 4 00:00:13,770 --> 00:00:21,570 And for this spectacle, I am using an external wireless USB adapter which is attached to my next because 5 00:00:21,570 --> 00:00:26,370 my internal wireless adapter is already being used by Windows eight point one. 6 00:00:27,010 --> 00:00:35,820 So to verify this, that if Conficker one and C W zero is my external wireless adapter, so our first 7 00:00:35,820 --> 00:00:39,450 command is Yurman hyphen engy. 8 00:00:40,350 --> 00:00:42,740 OK, so er hyphen Engie Jekyl. 9 00:00:43,440 --> 00:00:47,290 Use this command to kill processes that can cause problems in future. 10 00:00:47,940 --> 00:00:53,490 Our next command is Eaman hyphen engy start w zero. 11 00:00:55,050 --> 00:01:04,740 Use this command to put wireless interface into monitor mode then use Aradigm hyphen engy w zero one. 12 00:01:06,900 --> 00:01:15,420 OK, use this command to start capturing packets, and as you can see, we have an available Wi-Fi network 13 00:01:16,080 --> 00:01:20,150 and two devices are connected to this wireless router. 14 00:01:20,640 --> 00:01:26,850 It is mandatory that at least one device is connected to our target Wi-Fi in order to crack the password. 15 00:01:28,140 --> 00:01:38,940 So for now, use control policy to stop the process and continue with our command, then use this command 16 00:01:39,630 --> 00:01:45,340 erodable hyphen engy with an option hyphen Fonzi, which stands for channel number. 17 00:01:45,960 --> 00:01:50,660 In this case, the number is one. 18 00:01:52,120 --> 00:01:52,550 OK. 19 00:01:54,730 --> 00:02:03,250 So use one then hyphen ifn SS Idee, which is the Mac address of the target wi fi. 20 00:02:04,170 --> 00:02:07,040 OK, so copy this from here. 21 00:02:09,620 --> 00:02:11,690 And based in our come on. 22 00:02:13,650 --> 00:02:23,460 OK, now use Hyphen W to see the captured Packards and mention the part, so I want to see the captured 23 00:02:23,460 --> 00:02:26,580 Becket's on backstop by name best. 24 00:02:28,770 --> 00:02:35,580 OK, now mention the name of wireless adapter and press enter. 25 00:02:38,100 --> 00:02:44,040 OK, now it's time to send the authentication package to steal the authentication, but before going 26 00:02:44,430 --> 00:02:48,570 to our next come on see the files created on your desktop. 27 00:02:49,950 --> 00:02:52,020 OK, so these are the files. 28 00:02:53,670 --> 00:02:57,630 And in this file, our computer package has been sealed. 29 00:02:57,870 --> 00:03:00,690 OK, now open a terminal. 30 00:03:01,920 --> 00:03:07,530 And then use our next command, which is here, play hyphen energy. 31 00:03:09,330 --> 00:03:11,970 We can option hyphen zero. 32 00:03:13,560 --> 00:03:19,650 Here you can mention the number of the authentication packets you want to use for now, I am using 203 33 00:03:19,650 --> 00:03:20,850 authentication packets. 34 00:03:21,510 --> 00:03:25,160 If you want, you can use zero for endless counting. 35 00:03:25,170 --> 00:03:27,400 That is, you have to stop it manually. 36 00:03:27,780 --> 00:03:34,420 OK, but I am using two hundred number of the authentication packets to attack on my target machine. 37 00:03:35,100 --> 00:03:44,910 Now use option hyphenate to specify the access point and mentioned the Mac address of modem now use 38 00:03:44,910 --> 00:03:45,390 option. 39 00:03:45,570 --> 00:03:50,610 Fancy to set the destination, which is in this case is my physical machine. 40 00:03:50,610 --> 00:03:53,610 So I have to manage and make an address of my physical machine. 41 00:03:54,220 --> 00:04:01,650 OK, and mention the name of wireless device and then press enter. 42 00:04:09,870 --> 00:04:13,630 Now, as you can see, it starts attacking on my Windows machine. 43 00:04:13,950 --> 00:04:16,890 OK, it is a type of a DOS attack. 44 00:04:17,220 --> 00:04:17,940 You can see. 45 00:04:19,550 --> 00:04:25,400 We are doing this just to capture the handshake, OK, and when the process gets completed, you can 46 00:04:25,400 --> 00:04:29,870 see a handshake with the Mac address written here. 47 00:04:32,090 --> 00:04:39,890 OK, now takes a little time to catch the handshake, so I'm going to pause this video for now. 48 00:04:42,790 --> 00:04:49,420 As you can see, we have got the handshake, now it's time to perform brute force and for this we are 49 00:04:49,420 --> 00:04:50,800 using the crunch command. 50 00:04:52,210 --> 00:04:56,770 So Grant is used to make a possible number of password's. 51 00:04:58,750 --> 00:05:04,960 You have to mention the minimum length of where you want, followed by the maximum length of the password. 52 00:05:05,140 --> 00:05:05,630 OK. 53 00:05:06,190 --> 00:05:10,360 And at the same time, we want to match this password with the original one. 54 00:05:10,720 --> 00:05:24,040 So we use our hyphen engy with an option hyphen eight two four, not by option hyphen B and Mekka address 55 00:05:24,040 --> 00:05:28,400 of than hyphen W stands for Wordlist. 56 00:05:29,560 --> 00:05:36,700 For now we have left it blank because we are generating passwords and matching it at the same time and 57 00:05:36,700 --> 00:05:40,840 at last mentioned the part of the file where we have captured the package. 58 00:05:42,040 --> 00:05:50,110 OK, and then press enter now what a brute force attack is generating a low number of possible combinations. 59 00:05:50,170 --> 00:05:56,890 OK, it is trying from the very first alphabetic letter that is E! 60 00:05:57,550 --> 00:06:00,460 But if you want, you can specify your own letters. 61 00:06:00,730 --> 00:06:05,680 OK, so now it takes orders to get the real password. 62 00:06:05,680 --> 00:06:07,540 And I am ending this tutorial.