1 00:00:00,760 --> 00:00:07,720 So to cracka WPA key the first thing we're going to need is to capture the handshake capture and we're 2 00:00:07,720 --> 00:00:09,040 going to capture the handshake. 3 00:00:09,040 --> 00:00:09,700 Use an arrow. 4 00:00:09,700 --> 00:00:15,880 Don't be angry the same way that we used to use it with the E.P. encrypted networks. 5 00:00:16,120 --> 00:00:20,790 So we're going to run aero Dom. 6 00:00:20,940 --> 00:00:26,230 I'm just going to run it on everything now to get the information about my target network. 7 00:00:26,370 --> 00:00:28,000 And this is my target. 8 00:00:28,150 --> 00:00:29,710 So it's arrowed home. 9 00:00:29,870 --> 00:00:37,520 Angie VSS IDs the same way we used to write against WPP networks at the end of the day we're only capture 10 00:00:37,520 --> 00:00:39,510 on packets using aira don't. 11 00:00:39,510 --> 00:00:42,360 And so it's you doing the same job. 12 00:00:42,600 --> 00:00:49,500 So I'm going to put the channel as well and then I'm going to write to a file and then I'm going to 13 00:00:49,500 --> 00:00:50,340 call the file 14 00:00:53,690 --> 00:00:58,190 handshake and then I'm going to put the wireless card with monitor mode. 15 00:00:58,330 --> 00:01:04,190 So it's the same command we used to use when we were capturing packets for the IP networks error dump 16 00:01:04,260 --> 00:01:04,850 Angie. 17 00:01:05,040 --> 00:01:05,840 Yes I do. 18 00:01:05,860 --> 00:01:10,070 What's the target access point channel for that channel. 19 00:01:10,180 --> 00:01:10,600 Right. 20 00:01:10,600 --> 00:01:13,590 We put the name of the file that we're going to store stuff in. 21 00:01:13,930 --> 00:01:19,810 And one zero is our Wi-Fi card with monitor mode going to enter. 22 00:01:20,470 --> 00:01:21,480 And here we go. 23 00:01:21,850 --> 00:01:28,480 So we have our network now this is a WPA encrypted network and we have here a client connected to this 24 00:01:28,480 --> 00:01:29,740 network. 25 00:01:29,740 --> 00:01:36,490 So to capture the handshake again we said the handshake packets get sent every time a device connects 26 00:01:36,490 --> 00:01:38,070 to the target access point. 27 00:01:38,900 --> 00:01:43,820 So now we can just sit down and wait for a device to connect to the network. 28 00:01:44,650 --> 00:01:50,390 Once the device connects to the network we're going to capture the handshake or we can use something 29 00:01:50,390 --> 00:01:56,800 that we learned in section 1 which is the authentication attack in the authentication attack. 30 00:01:56,810 --> 00:02:03,890 We were able to disassociate or disconnect any device from any network that is within our Wi-Fi range. 31 00:02:04,190 --> 00:02:10,550 If we do that for a very short period of time we can disassociate this device from the network for one 32 00:02:10,550 --> 00:02:17,120 second and then the device is going to try to connect back the network automatically so that even the 33 00:02:17,130 --> 00:02:22,610 targets the person who's using the target device is not going to notice that part his device will actually 34 00:02:22,610 --> 00:02:27,160 get disconnected and reconnected so quick that he won't notice it. 35 00:02:27,290 --> 00:02:30,890 Well we will be able to capture the handshake packets. 36 00:02:31,130 --> 00:02:36,710 So again we said we actually get sent every time a device connects to the target network. 37 00:02:36,710 --> 00:02:41,480 So we're going to do is we're going to do the authentication attack the same way we did it in Section 38 00:02:41,480 --> 00:02:42,300 1. 39 00:02:42,320 --> 00:02:48,320 We're going to disconnect this device from the network for a very short period of time so that his his 40 00:02:48,350 --> 00:02:53,900 system will reconnect him straight away without him noticing that but we will be able to capture the 41 00:02:53,900 --> 00:02:55,330 handshake. 42 00:02:55,430 --> 00:02:59,480 So we're going to just run a basically off attack using airplanes. 43 00:03:03,040 --> 00:03:08,970 Do we explain this in Section 1 and in section 1 we put a very large number of our kids when we were 44 00:03:08,970 --> 00:03:10,630 disconnected our target. 45 00:03:10,650 --> 00:03:14,620 Now I'm only going to put a small number only for the authentication packets. 46 00:03:15,000 --> 00:03:23,470 Then we're going to put a MAC address of the target access point and then I'm going to put C to specify 47 00:03:23,470 --> 00:03:29,470 the client MAC address the MAC address of the client that we want to disconnect and then I'm going to 48 00:03:29,480 --> 00:03:32,560 put my wife code name which is zero. 49 00:03:33,010 --> 00:03:41,440 So airplay ngi off the tag for the authentication packets to this access point and disconnect this device 50 00:03:41,440 --> 00:03:42,340 from it. 51 00:03:42,340 --> 00:03:51,750 Now I'm going to enter and just have it's all misty you here. 52 00:03:51,980 --> 00:03:59,900 As you can see we captured the WPA handshake here and metallic device was this by the way didn't even 53 00:03:59,900 --> 00:04:00,680 change in here. 54 00:04:00,690 --> 00:04:05,300 Didn't tell me I was disconnected because it will show a message when I get disconnected. 55 00:04:05,540 --> 00:04:10,580 So I didn't get any messages to be disconnected because I was disconnected for a very short period of 56 00:04:10,580 --> 00:04:11,330 time. 57 00:04:11,540 --> 00:04:15,180 And as a result the target person didn't even notice it. 58 00:04:15,650 --> 00:04:17,540 And we were able to capture the handshake. 59 00:04:17,540 --> 00:04:21,650 As you can see here WPA a handshake from this device. 60 00:04:21,770 --> 00:04:28,850 Now we can use a wordlist and run it against this handshake to try and determine the main WPA key.