1
00:00:00,480 --> 00:00:06,600
Now that we have associated with our target network we can start communicating with it.

2
00:00:06,630 --> 00:00:08,420
It won't ignore us.

3
00:00:08,550 --> 00:00:17,100
So now we can go and start injecting packets into the traffic to foris the access point to generate

4
00:00:17,130 --> 00:00:19,980
new packets with New ivie's.

5
00:00:20,040 --> 00:00:25,240
This will increase the number of data really really quickly allow us to cry.

6
00:00:25,290 --> 00:00:32,400
W epee networks in minutes even if the network was not busy like the wine that we are targeting right

7
00:00:32,400 --> 00:00:33,120
now.

8
00:00:34,390 --> 00:00:36,810
Now there are a number of ways to do this.

9
00:00:36,850 --> 00:00:43,320
What in this chorus um go on to explain the most reliable method which is using an eight hour piece

10
00:00:43,320 --> 00:00:45,700
request to play a task.

11
00:00:46,360 --> 00:00:50,240
I actually explained other methods in my network I can chorus.

12
00:00:50,350 --> 00:00:57,160
They are a little bit more complex and have less success rate so this is the most reliable method and

13
00:00:57,160 --> 00:00:59,570
it should work against most networks.

14
00:00:59,680 --> 00:01:03,720
If you have a good signal a good wireless head dafter.

15
00:01:04,450 --> 00:01:11,080
So the idea behind this method is to wait for I know your IP packet and I'll talk about a are happy

16
00:01:11,080 --> 00:01:13,000
in more details later on.

17
00:01:13,000 --> 00:01:18,750
So for now just think of it as a special type of a packet that we're going to be waiting on.

18
00:01:18,820 --> 00:01:26,420
Was this packet is sent in the network will go to capture it and retransmitted was we do.

19
00:01:26,480 --> 00:01:33,040
The writer is forest to generate a new packet with a new ivy.

20
00:01:33,670 --> 00:01:41,200
So by repeating this process we will be forcing the writer to continuously generate new packets with

21
00:01:41,200 --> 00:01:42,840
New ivie's.

22
00:01:42,850 --> 00:01:49,630
Then whilst we have enough data we have enough ivie's we can run aircraft energy exactly as we seen

23
00:01:49,630 --> 00:01:52,050
before and Crikey the key.

24
00:01:53,030 --> 00:01:55,440
So let me show you how to do this in practice.

25
00:01:56,730 --> 00:02:03,440
Now as you can see I am already running hot air or domke energy against my target network and I have

26
00:02:03,470 --> 00:02:08,270
already associated with it as shown in the previous lecture.

27
00:02:08,270 --> 00:02:15,440
So the only thing that's left right now is to run the AARP replace a task in order to inject packets

28
00:02:15,500 --> 00:02:21,990
into the traffic and force the rotor to generate new packets and increase the number of data.

29
00:02:22,950 --> 00:02:29,130
To do that we're going to use aeroplane energy again and the command is actually going to be very similar

30
00:02:29,130 --> 00:02:31,260
to this commander right here.

31
00:02:31,260 --> 00:02:38,100
So I'm actually going to copy all of this because I'm lazy and I'm going to clear this and paste the

32
00:02:38,100 --> 00:02:39,870
command here.

33
00:02:39,870 --> 00:02:43,530
Now there are a few things that I need to modify.

34
00:02:43,530 --> 00:02:50,550
First of all I don't want to run a fake authentication attack so I'm going to remove all of this and

35
00:02:50,640 --> 00:02:53,800
I want to run an a hour AP replay.

36
00:02:53,920 --> 00:02:54,360
OK.

37
00:02:56,110 --> 00:02:58,530
Also this does not take a number.

38
00:02:58,540 --> 00:03:05,740
So I'm going to remove this number and I'm also going to replace the a with a B and we're done.

39
00:03:06,040 --> 00:03:11,710
So if you look at it you'll see it's actually very similar to this command right here we're using a

40
00:03:11,710 --> 00:03:18,050
ripply energy what instead of doing a fake authentication attack we are doing and they are people play

41
00:03:18,050 --> 00:03:24,540
it like we are giving it the mike address of my target network after the B instead of a.

42
00:03:25,180 --> 00:03:28,870
Then we'll give it the MAC address of my wireless adapter.

43
00:03:28,900 --> 00:03:36,400
After the page which is identical to this and then were given my wireless adapter in monitor mode now

44
00:03:36,910 --> 00:03:40,220
I'm actually going to associate again before I do that.

45
00:03:40,450 --> 00:03:48,460
And then I'm going to hit enter here and what's happening right now is my wireless adapter is waiting

46
00:03:48,520 --> 00:03:50,540
for an IP packet.

47
00:03:50,560 --> 00:03:55,970
Once there is any IP packet transmitted in this network it's going to capture it.

48
00:03:56,020 --> 00:04:03,010
It's going to retransmitted once it does that the access point will be forced to generate a new packet

49
00:04:03,010 --> 00:04:04,160
with a new i.v.

50
00:04:04,360 --> 00:04:06,090
And we'll keep doing this for a sim.

51
00:04:06,100 --> 00:04:11,370
The access point to continually generate new packets with New ivey's.

52
00:04:11,830 --> 00:04:13,390
So you should just wait for it.

53
00:04:13,390 --> 00:04:18,520
Right now we're literally just waiting for any IP packets to be sent in the air.

54
00:04:18,910 --> 00:04:24,850
And as you can see the number of data is increasing know very very quickly which means that we actually

55
00:04:25,180 --> 00:04:27,490
managed to capture an IP packet.

56
00:04:27,580 --> 00:04:34,810
This IP packet got to retransmitted forest the rafter to generate a new packet with a new i.v and we

57
00:04:35,020 --> 00:04:42,600
continually do end this process forcing their outer to generate new packets with New ivey's.

58
00:04:42,670 --> 00:04:47,190
So right now we can go ahead and run in a crack and to crack this network.

59
00:04:47,410 --> 00:04:50,990
And before I do that I'll actually just associate one more time.

60
00:04:51,370 --> 00:04:54,300
And then I'm going to do a crack.

61
00:04:55,130 --> 00:04:55,880
G.

62
00:04:56,900 --> 00:05:04,050
Give a name of the file which were restoring the data in which is called a p play.

63
00:05:04,130 --> 00:05:06,420
0 1 Do a cab.

64
00:05:06,940 --> 00:05:14,030
So I'm going to hit enter and you'll notice the cracking process right now will actually require more

65
00:05:14,030 --> 00:05:15,830
data packets.

66
00:05:15,830 --> 00:05:24,260
The reason for this is I've actually modified the settings of this network so that it uses 128 bit key

67
00:05:24,620 --> 00:05:34,430
because in Web you can either use a 64 bit or a hundred in 28 key and obviously the 128 key is longer.

68
00:05:34,430 --> 00:05:40,510
Therefore I actually modified the key length for this lecture to make sure it's the largest key possible.

69
00:05:40,610 --> 00:05:46,430
And as you can see we still managed to get it within about 47000 parkettes.

70
00:05:46,550 --> 00:05:52,240
We have the cure right here in ASCII and we have the key in here in hagues where we can use.

71
00:05:52,250 --> 00:05:53,280
After we learn more.

72
00:05:53,300 --> 00:05:54,340
The cons.

73
00:05:55,090 --> 00:05:55,720
So perfect.

74
00:05:55,720 --> 00:05:58,100
Now we managed to crack the terrorist network.

75
00:05:58,180 --> 00:06:02,260
It was idle as you could see there was no data being sent.

76
00:06:02,270 --> 00:06:09,550
We managed to do this by forcing the target access point to generate new packets with New ivie's.