1
00:00:00,060 --> 00:00:04,590
Hello, everyone, welcome to a new video of our life, interesting series.

2
00:00:05,950 --> 00:00:12,640
So far, we have talked about how to write a two and raw sockets to scan for access points and detect

3
00:00:12,640 --> 00:00:19,510
connected clients and also change channels, which is also called channel hopping.

4
00:00:21,190 --> 00:00:26,850
Today, let's see how we send I.D. authentication free to disconnect the client from our network.

5
00:00:28,420 --> 00:00:33,130
First thing we need to do, as usual, is to put our interface and monitor more.

6
00:00:48,260 --> 00:00:54,290
Now let's use Verdonk Cash Engie to scan for access points and connected clients.

7
00:01:13,160 --> 00:01:17,740
OK, we found a client connected to our network, which is just one.

8
00:01:21,290 --> 00:01:22,430
We need to stop it now.

9
00:01:27,480 --> 00:01:33,810
Now, let's try to use airplane technology to disconnect this client, but we also want to open Warshak

10
00:01:34,770 --> 00:01:36,970
and capture the Frank.

11
00:01:47,900 --> 00:01:53,150
Keep in mind that if you want if you want to captured the screaming Warshak, we need to make sure we

12
00:01:53,150 --> 00:01:55,230
are listening on that channel.

13
00:01:56,030 --> 00:01:59,510
So let's make sure we are on that channel and determine.

14
00:02:16,610 --> 00:02:22,160
The commander are going to use this airplane, they're zero 10 Dashti.

15
00:02:23,680 --> 00:02:30,220
Bashford is the access point, and she is the client that we want to disconnect, that's zero means

16
00:02:30,230 --> 00:02:31,210
handiest indication.

17
00:02:31,210 --> 00:02:35,290
And the 10 here is the number of authentication frames that we want to send.

18
00:02:37,760 --> 00:02:41,810
Let's go to Warshak and capture frames on this interface.

19
00:02:54,230 --> 00:03:02,540
We're going to filter our frames using the land that that F.C., that type underscore something, we

20
00:03:02,540 --> 00:03:05,950
need the number 12, which is the growth indication.

21
00:03:09,470 --> 00:03:10,490
I'm going to apply.

22
00:03:11,890 --> 00:03:14,800
OK, now we are only listening for de'ath indication for.

23
00:03:15,840 --> 00:03:16,500
Let's try.

24
00:03:23,610 --> 00:03:27,950
We got some indication, fringier in washrag, very good, we can stop it now.

25
00:03:33,030 --> 00:03:40,950
If you look here, it says de'ath, education, and in the subtype, it's what we scroll down a little

26
00:03:40,950 --> 00:03:46,590
bit to check the receiver addresses and the destination, and you'll notice that there are the same

27
00:03:46,590 --> 00:03:46,840
right.

28
00:03:47,460 --> 00:03:53,580
So if we click here on the transmitter and we click on the destination, this is the destination address

29
00:03:53,580 --> 00:03:54,080
in Hex.

30
00:03:54,630 --> 00:03:56,130
But if you click on the receiver.

31
00:03:58,500 --> 00:04:03,330
Decision then receiver again, it's not changing, nothing changing, because that because they're the

32
00:04:03,330 --> 00:04:08,330
same address, so we don't have to provide both addresses in our frame.

33
00:04:09,730 --> 00:04:11,380
All right, let's go back to our slide's.

34
00:04:17,140 --> 00:04:22,120
This is a scene from before receiving a destination transmitter, but how do we build this?

35
00:04:25,570 --> 00:04:27,980
The radio tap water is 12 bytes.

36
00:04:28,180 --> 00:04:29,800
This is the first thing at the top.

37
00:04:31,030 --> 00:04:34,560
You can copy it gives you some indication frame.

38
00:04:35,050 --> 00:04:40,830
It should be the same, your access point is not going to yell at you if it's something else.

39
00:04:41,920 --> 00:04:45,610
And then we have the frame control field, which is the type and the subtype.

40
00:04:46,000 --> 00:04:46,340
Right.

41
00:04:46,810 --> 00:04:53,920
Cesar would it's 12 microseconds is a duration and receiver destination transmitter.

42
00:04:56,670 --> 00:05:03,780
But again, we don't provide both of them, only one, so you don't put the receiver address in your

43
00:05:04,410 --> 00:05:09,360
frame and also the destination is going to be you're making the frame bigger than it should be.

44
00:05:10,830 --> 00:05:17,460
And then sequence number, I leave it zero and then using code, there are tons of reasons code online,

45
00:05:17,460 --> 00:05:19,320
you can find any one of them.

46
00:05:19,560 --> 00:05:22,260
In this case, I'm using this reason code.

47
00:05:23,100 --> 00:05:23,490
All right.

48
00:05:23,490 --> 00:05:24,950
Let's put all the pieces together.

49
00:05:26,090 --> 00:05:31,880
We create a function we called off and put all the pieces together and then we build our frame like

50
00:05:31,880 --> 00:05:39,380
this and we return it from the function, and then we send this frame to our client, we should be able

51
00:05:39,380 --> 00:05:40,070
to disconnect.

52
00:05:41,580 --> 00:05:42,740
All right, let's try.

53
00:05:52,640 --> 00:05:54,650
This is our function, the same as Asli.

54
00:05:56,170 --> 00:06:04,690
And here we are using a range function to go from like looked from one to 60, and every time we're

55
00:06:04,690 --> 00:06:11,810
printing that, we are sending it off and we're using this as that signal to send us the authentication

56
00:06:11,810 --> 00:06:15,490
program that we returned from our function.

57
00:06:16,380 --> 00:06:17,010
E0.

58
00:06:18,380 --> 00:06:19,010
And here.

59
00:06:20,150 --> 00:06:26,570
The receiver is my phone address, Mac address, same as the destination, but here, if you notice,

60
00:06:26,570 --> 00:06:29,810
we're only using the words here doesn't matter because they're both the same.

61
00:06:29,990 --> 00:06:35,740
You can put your destination or you can put a receiver where you can put the receiver, plus the situation.

62
00:06:35,750 --> 00:06:36,560
It's going to be only one.

63
00:06:37,570 --> 00:06:38,080
Very good.

64
00:06:40,070 --> 00:06:40,800
Do try.

65
00:06:42,940 --> 00:06:45,220
All right, let's try this.

66
00:06:49,160 --> 00:06:53,990
Going to send about 60 frames of disintegration frames to my phone on the right side here.

67
00:06:57,020 --> 00:06:58,280
He is.

68
00:06:59,540 --> 00:07:00,850
The youth indicating.

69
00:07:05,470 --> 00:07:10,740
Smoke again, because you do fornicated, it will try to at least try one more time.

70
00:07:16,640 --> 00:07:21,290
We were able to duplicate the phone, let's make sure we're doing it right like this.

71
00:07:21,300 --> 00:07:23,510
OK, Marcia here.

72
00:07:27,090 --> 00:07:28,610
So the phone was connected.

73
00:07:29,310 --> 00:07:36,050
We are able to disconnect this phone by sending you indication from the phone will try to authenticate

74
00:07:36,060 --> 00:07:36,520
again.

75
00:07:37,230 --> 00:07:40,530
So here I am using the subtype 11 for the communication.

76
00:07:40,710 --> 00:07:43,580
We need to make sure that the phone is really disconnected.

77
00:07:44,130 --> 00:07:47,750
If it's really disconnected, it will try to authenticate from the very beginning.

78
00:07:47,850 --> 00:07:48,190
Right.

79
00:07:49,040 --> 00:07:49,230
OK.

80
00:07:49,470 --> 00:07:49,980
Australian.

81
00:07:54,040 --> 00:07:58,880
Yes, we got the communication frames from the phone to the access point.

82
00:08:00,730 --> 00:08:05,590
That's why that's because the phone was duplicator were disconnected from the network.

83
00:08:05,590 --> 00:08:08,480
And you can see this checkmark here next to this.

84
00:08:08,980 --> 00:08:14,800
It was disconnected and it was trying to negotiate again and sending the authentication frame to the

85
00:08:14,800 --> 00:08:15,460
access point.

86
00:08:17,200 --> 00:08:17,760
All right.

87
00:08:17,770 --> 00:08:19,540
I think we have reached the end of this question.

88
00:08:19,720 --> 00:08:21,490
Thank you for watching and see you in.