1
00:00:00,650 --> 00:00:06,980
So in the previous video we saw how easy it is to crack a key in a busy network so we had a busy network.

2
00:00:06,980 --> 00:00:14,160
We had a client that was watching videos all the time and we saw how the data was increasing very quickly.

3
00:00:14,170 --> 00:00:20,390
Now the question is are the problem that we're going to face is an access point that doesn't have any

4
00:00:20,390 --> 00:00:24,940
clients connected to it or an access point that has a client connected to it.

5
00:00:25,040 --> 00:00:31,040
But he's not using the Internet as heavy as we saw in the previous video maybe just reading articles

6
00:00:31,460 --> 00:00:39,860
or just going on Facebook or whatever but not using as much data as we saw last time.

7
00:00:39,880 --> 00:00:49,020
So let me just show you an example of that I'm just going to run aero down against the targets the targets

8
00:00:49,020 --> 00:00:55,120
access point to test AP just to have a lock on an ideal access point.

9
00:00:55,120 --> 00:00:56,040
So we have test.

10
00:00:56,060 --> 00:00:58,980
AP Now the same access point that we used before.

11
00:00:59,120 --> 00:01:04,680
The only difference is is that I've disconnected the device that was connected and you can see here

12
00:01:04,690 --> 00:01:10,810
in the second area the client area that there is no clients connected and you can see the data is zero

13
00:01:10,900 --> 00:01:16,200
and didn't even go to one so that's going to be a problem.

14
00:01:16,230 --> 00:01:17,580
So we're going to face.

15
00:01:17,940 --> 00:01:21,500
We won't be able to crack the key like this with zero data.

16
00:01:21,540 --> 00:01:30,310
So what we can do is we can inject packets into the traffic one to inject packets into the traffic.

17
00:01:30,350 --> 00:01:35,200
We can't force the AP to create new packets with new IP in them.

18
00:01:35,300 --> 00:01:38,170
We capture the IP and we do that again.

19
00:01:38,300 --> 00:01:40,470
That's the basic case that what we're going to do.

20
00:01:40,550 --> 00:01:43,360
We're going to explain three methods of doing this.

21
00:01:43,370 --> 00:01:45,930
We're going to explain them in detail and the next videos.

22
00:01:45,980 --> 00:01:50,260
So for now we're just having a quick look on how packet injection is going to work.

23
00:01:51,370 --> 00:01:58,540
But before we can inject package into the air we have to authenticate our device with the target access

24
00:01:58,540 --> 00:02:01,620
point see the way that Access Points work.

25
00:02:01,840 --> 00:02:09,250
And they have a list of all the devices that are connected to them and they ignore any packet that comes

26
00:02:09,250 --> 00:02:12,030
from a device that is not connected to them.

27
00:02:12,520 --> 00:02:17,920
So if a device that doesn't have the key tries to send a packet to your router your answer will just

28
00:02:17,920 --> 00:02:18,420
ignore it.

29
00:02:18,430 --> 00:02:21,630
It won't even try to read it or see what's in there.

30
00:02:21,640 --> 00:02:27,250
So before we can inject packets to the router we're going to have to authenticate ourselves with the

31
00:02:27,250 --> 00:02:27,930
router.

32
00:02:30,800 --> 00:02:35,550
We're going to use a method called fake authentication and it's very simple.

33
00:02:35,600 --> 00:02:41,270
We're going to have to do it before any Every time we try to inject going explain that now and then

34
00:02:41,270 --> 00:02:44,310
in the future we're just going to run the command straightaway.

35
00:02:44,390 --> 00:02:47,020
So I have done already running.

36
00:02:47,060 --> 00:02:50,620
Now let's see how we can fake authenticate ourselves.

37
00:02:50,640 --> 00:02:57,080
Remember when I talked about airdrome and initially as I said this is the type of authentication.

38
00:02:57,200 --> 00:02:59,450
And I said I'll come back for it later.

39
00:02:59,480 --> 00:03:02,610
So you see now the off is there is nothing here.

40
00:03:02,630 --> 00:03:09,350
Once we do the fake authentication you're going to see an O.P. and shown up here which means with successfully

41
00:03:09,370 --> 00:03:15,780
the fake authenticated our device with the target access point.

42
00:03:15,920 --> 00:03:18,470
So to do this we're going to use airplanes.

43
00:03:20,880 --> 00:03:28,530
We're going to use Paco's attack so we could type attack and then we're going to put the type or the

44
00:03:28,530 --> 00:03:31,510
number of packets that we want to send.

45
00:03:31,530 --> 00:03:33,510
So I'm just going to do zero.

46
00:03:33,510 --> 00:03:38,370
Some people use a large number one they have when they're carrying attack they'll take like five or

47
00:03:38,370 --> 00:03:39,210
ten minutes.

48
00:03:39,300 --> 00:03:44,500
But for me I like to just use 0 and maybe do it later manually.

49
00:03:44,820 --> 00:03:53,490
So take us zero we're going to use the option A the target market dress.

50
00:03:53,540 --> 00:03:57,640
So I'm just going to copies from here and paste that

51
00:04:00,820 --> 00:04:04,500
St..

52
00:04:04,600 --> 00:04:11,690
We're going to use hate to put our mark address so that our mac address gets authenticated with the

53
00:04:12,050 --> 00:04:13,300
target network.

54
00:04:13,360 --> 00:04:23,440
So to get our market address we're just going to run the command ifconfig non-zero.

55
00:04:23,660 --> 00:04:25,160
And that's my MAC address.

56
00:04:25,160 --> 00:04:26,270
So I'm just going to copy it

57
00:04:29,050 --> 00:04:30,910
Landseer was the name of my wife by card.

58
00:04:30,910 --> 00:04:36,810
You can put mon's Yoko's there the same card so they have the same McElroy's.

59
00:04:36,910 --> 00:04:45,720
I'm going to paste it here and then I'll put the name of my wife I card mon's zero so about airplanes.

60
00:04:46,380 --> 00:04:51,040
The type of attacks that we're trying to do or trying to do a fake authentication attack to authenticate

61
00:04:51,460 --> 00:04:58,160
our mac address so that we can inject packets into the target network.

62
00:04:58,300 --> 00:05:05,530
We're going to send zero which means one do it once and then we put the MAC address of the access point

63
00:05:06,010 --> 00:05:09,030
and then page we put the MAC address of the device.

64
00:05:09,040 --> 00:05:14,750
We want to do a fake authentication too and that's my own wireless card.

65
00:05:15,040 --> 00:05:23,320
And then mon's your own name of the Wi-Fi card and then I'm going to have and as you can see that said

66
00:05:23,320 --> 00:05:30,600
an authentication request and it was successful and association is successful now.

67
00:05:30,670 --> 00:05:33,870
So and you can see here and the old.

68
00:05:34,120 --> 00:05:38,050
It became an open network and our client.

69
00:05:38,050 --> 00:05:43,640
This is my attacking device showed up as if it's it's a client connected to the network.

70
00:05:43,670 --> 00:05:45,020
We're actually not connected.

71
00:05:45,140 --> 00:05:50,280
Well we have we are authenticated with the network and we have associated with the network.

72
00:05:50,420 --> 00:05:53,310
So we can inject packets into this access point.

73
00:05:53,310 --> 00:06:00,530
Now because it will receive and request that we send it now it's not going to ignore our requests as

74
00:06:00,540 --> 00:06:06,710
the next videos we're going to see how we can inject packets into the air and how we're going to make

75
00:06:06,710 --> 00:06:09,580
this data go up very very quickly.