Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,460 --> 00:00:02,020
Now before leaving the section
2
00:00:02,020 --> 00:00:04,730
and move into the gaining access section,
3
00:00:04,730 --> 00:00:06,620
where I'm gonna teach you how to break
4
00:00:06,620 --> 00:00:10,590
the different encryptions and gain access to networks.
5
00:00:10,590 --> 00:00:13,480
I wanna spend one more lecture talking about
6
00:00:13,480 --> 00:00:17,000
a really useful attack that still falls under
7
00:00:17,000 --> 00:00:19,693
the pre-connection attacks, under the section.
8
00:00:20,530 --> 00:00:22,360
The attack that I wanna talk about
9
00:00:22,360 --> 00:00:25,163
is the deauthentication attack,
10
00:00:26,020 --> 00:00:29,120
this attack allow us to disconnect any device
11
00:00:29,120 --> 00:00:31,720
from any network before connecting
12
00:00:31,720 --> 00:00:33,270
to any of these networks
13
00:00:33,270 --> 00:00:37,790
and without the need to know the password for the network.
14
00:00:37,790 --> 00:00:38,680
To do this,
15
00:00:38,680 --> 00:00:41,700
we're going to pretend to be the client
16
00:00:41,700 --> 00:00:44,050
that we want to disconnect by changing
17
00:00:44,050 --> 00:00:47,530
our MAC address to the MAC address of that client
18
00:00:47,530 --> 00:00:50,763
and tell the router that I want to disconnect from you.
19
00:00:51,670 --> 00:00:54,690
Then we're going to pretend to be the router,
20
00:00:54,690 --> 00:00:56,600
again, by changing our Mac address
21
00:00:56,600 --> 00:00:58,480
to the router's Mac address,
22
00:00:58,480 --> 00:01:02,570
and tell the client that you requested to be disconnected,
23
00:01:02,570 --> 00:01:05,300
so I'm going to disconnect you.
24
00:01:05,300 --> 00:01:08,440
This will allow us to successfully disconnect
25
00:01:08,440 --> 00:01:12,523
or deauthenticate any client from any network.
26
00:01:13,920 --> 00:01:16,620
Now we're actually not going to do this manually,
27
00:01:16,620 --> 00:01:20,573
we're gonna use a tool called aireplay-ng, to do that.
28
00:01:21,870 --> 00:01:23,400
From the previous lecture,
29
00:01:23,400 --> 00:01:25,920
we know that this Mac address, right here,
30
00:01:25,920 --> 00:01:29,490
belongs to an Apple computer and like I said,
31
00:01:29,490 --> 00:01:34,060
this Apple computer is actually my computer, right here.
32
00:01:34,060 --> 00:01:35,500
And as you can see,
33
00:01:35,500 --> 00:01:39,130
this host machine is connected to this network, right here,
34
00:01:39,130 --> 00:01:42,680
which is the same as the one that you see in here,
35
00:01:42,680 --> 00:01:45,200
and it actually has internet access.
36
00:01:45,200 --> 00:01:47,150
So, if I just look for test,
37
00:01:47,150 --> 00:01:48,537
you'll see that I'm connected
38
00:01:48,537 --> 00:01:51,150
and I can look for things, I can use Google.
39
00:01:51,150 --> 00:01:54,053
So, I have a proper working internet connection.
40
00:01:54,890 --> 00:01:57,130
Now, we're gonna come back here
41
00:01:57,130 --> 00:02:00,560
and we're going to use a tool called aireplay-ng,
42
00:02:00,560 --> 00:02:03,150
to launch the deauthentication attack
43
00:02:03,150 --> 00:02:07,113
and disconnect this Mac computer from the internet.
44
00:02:08,170 --> 00:02:10,530
So, we're gonna to type the name of the program,
45
00:02:10,530 --> 00:02:11,803
which is aireplay-ng,
46
00:02:12,960 --> 00:02:15,280
we're gonna tell it that I want to run
47
00:02:15,280 --> 00:02:17,593
a deauthentication attack.
48
00:02:18,560 --> 00:02:20,640
Then, I'm gonna give it the number
49
00:02:20,640 --> 00:02:24,980
of deauthentication packets that I want to send,
50
00:02:24,980 --> 00:02:27,430
so I'm gonna give it a really large number,
51
00:02:27,430 --> 00:02:30,560
so that it keeps sending these packets to
52
00:02:30,560 --> 00:02:33,860
both the router and the target device.
53
00:02:33,860 --> 00:02:37,120
Therefore I'll disconnect my target device
54
00:02:37,120 --> 00:02:39,360
for a very long period of time.
55
00:02:39,360 --> 00:02:42,040
And the only way to get it back to connect
56
00:02:42,040 --> 00:02:44,873
is to hit Control + C and quit aireplay-ng.
57
00:02:46,870 --> 00:02:49,590
Next, I'm gonna give aireplay-ng
58
00:02:49,590 --> 00:02:53,060
the MAC address of my target network.
59
00:02:53,060 --> 00:02:55,170
So I'm gonna do, dash a,
60
00:02:55,170 --> 00:02:57,320
and give it the MAC address,
61
00:02:57,320 --> 00:02:59,453
which I'm gonna copy from here,
62
00:03:01,670 --> 00:03:03,950
then I'm gonna use, dash c,
63
00:03:03,950 --> 00:03:07,340
to give it the MAC address of the client
64
00:03:07,340 --> 00:03:09,400
that I want to disconnect.
65
00:03:09,400 --> 00:03:11,720
And the client that I want to disconnect
66
00:03:11,720 --> 00:03:14,730
is this client right here, which is the Apple computer,
67
00:03:14,730 --> 00:03:16,020
like we said.
68
00:03:16,020 --> 00:03:19,653
So, I'm gonna copy it and paste it here.
69
00:03:21,300 --> 00:03:25,300
If your target network runs on the five gigahertz frequency,
70
00:03:25,300 --> 00:03:28,520
then you'll have to add, dash capital D,
71
00:03:28,520 --> 00:03:30,160
to the command in here.
72
00:03:30,160 --> 00:03:34,440
But my target, as you can see, it uses 2.4 gigahertz,
73
00:03:34,440 --> 00:03:37,130
therefore, I don't need to do this,
74
00:03:37,130 --> 00:03:39,790
and I'm simply just gonna add my wireless card
75
00:03:39,790 --> 00:03:42,970
in monitor mode, which is mon0.
76
00:03:42,970 --> 00:03:45,260
Now, It's very important to understand that
77
00:03:45,260 --> 00:03:48,830
this command will only disconnect the target client
78
00:03:48,830 --> 00:03:50,910
from the specified network.
79
00:03:50,910 --> 00:03:53,850
So if there are other networks that the target clients can
80
00:03:53,850 --> 00:03:57,900
connect to, it will automatically connect to them.
81
00:03:57,900 --> 00:03:58,940
So in many cases,
82
00:03:58,940 --> 00:04:01,910
it might connect to the five gigahertz version
83
00:04:01,910 --> 00:04:03,090
of the network,
84
00:04:03,090 --> 00:04:05,720
or it might connect to a completely different network
85
00:04:05,720 --> 00:04:08,190
that it already knows the password to.
86
00:04:08,190 --> 00:04:09,960
And if it's a mobile device,
87
00:04:09,960 --> 00:04:12,900
it might even continue to have internet access
88
00:04:12,900 --> 00:04:14,950
through its mobile data plan.
89
00:04:14,950 --> 00:04:17,370
So it might seem like the attack did not work,
90
00:04:17,370 --> 00:04:18,630
but it actually worked,
91
00:04:18,630 --> 00:04:21,140
and the client just disconnected from this network
92
00:04:21,140 --> 00:04:24,010
and is using another network.
93
00:04:24,010 --> 00:04:24,843
To solve this,
94
00:04:24,843 --> 00:04:27,920
all you have to do is simply open up a new terminal window
95
00:04:27,920 --> 00:04:30,220
and run the exact same command,
96
00:04:30,220 --> 00:04:33,110
but this time targets the new network that the client
97
00:04:33,110 --> 00:04:34,123
connected to.
98
00:04:34,980 --> 00:04:37,820
I actually covered that along with more advanced topics
99
00:04:37,820 --> 00:04:40,290
in my advanced network hacking course,
100
00:04:40,290 --> 00:04:41,860
check out the bonus lecture,
101
00:04:41,860 --> 00:04:44,134
the last lecture of this course for more information
102
00:04:44,134 --> 00:04:46,470
about my advanced network hacking course
103
00:04:46,470 --> 00:04:48,020
and all of the other courses
104
00:04:48,020 --> 00:04:50,433
that you can take along with this course.
105
00:04:51,270 --> 00:04:55,410
So a very, very simple command we're typing, aireplay-ng,
106
00:04:55,410 --> 00:04:58,470
this is the name of the program that we're going to use.
107
00:04:58,470 --> 00:05:00,450
We're doing, dash dash deauth,
108
00:05:00,450 --> 00:05:02,000
to tell aireplay-ng
109
00:05:02,000 --> 00:05:04,960
that I want to run a deauthentication attack.
110
00:05:04,960 --> 00:05:07,660
I'm giving it a really large number of packets,
111
00:05:07,660 --> 00:05:11,900
so that it keeps sending the deauthentication packets
112
00:05:11,900 --> 00:05:13,810
to both the router and the client,
113
00:05:13,810 --> 00:05:16,640
and keep the client disconnected.
114
00:05:16,640 --> 00:05:18,170
I'm using, dash a,
115
00:05:18,170 --> 00:05:21,770
to specify the MAC address of the target router
116
00:05:21,770 --> 00:05:23,920
or the target access point.
117
00:05:23,920 --> 00:05:25,670
Then I'm using, dash c,
118
00:05:25,670 --> 00:05:28,733
to specify the MAC address of the client.
119
00:05:29,700 --> 00:05:31,870
Finally, I'm giving it, mon0,
120
00:05:31,870 --> 00:05:35,693
which is the name of my wireless adapter in monitor mode.
121
00:05:36,930 --> 00:05:38,930
Now you can run this command like this
122
00:05:38,930 --> 00:05:43,800
and in most cases it would work, but in very rare cases,
123
00:05:43,800 --> 00:05:47,280
this command will fail unless airodump-ng
124
00:05:47,280 --> 00:05:49,633
is running against the target network.
125
00:05:50,580 --> 00:05:51,840
So, what I'm gonna do now
126
00:05:51,840 --> 00:05:55,210
is I'm gonna go back to my first terminal in here,
127
00:05:55,210 --> 00:05:57,560
and I'm going to run airodump-ng,
128
00:05:57,560 --> 00:05:59,880
using the command that we seen before.
129
00:05:59,880 --> 00:06:02,250
And I don't want to write anything to a file,
130
00:06:02,250 --> 00:06:05,123
so I'm going to remove the write argument.
131
00:06:06,790 --> 00:06:10,000
So, I'm just doing a normal airodump-ng command,
132
00:06:10,000 --> 00:06:12,760
I'm literally just giving it the BSS ID
133
00:06:12,760 --> 00:06:16,910
of my target network and I'm giving it the target channel,
134
00:06:16,910 --> 00:06:18,760
and then I'm just gonna hit Enter.
135
00:06:18,760 --> 00:06:21,520
We seen how to do this, we spent a full lecture on it,
136
00:06:21,520 --> 00:06:23,890
that's why I did it really quick.
137
00:06:23,890 --> 00:06:25,600
And then I'm gonna go back to the command
138
00:06:25,600 --> 00:06:29,130
that we wrote so far and I'm going to hit Enter,
139
00:06:29,130 --> 00:06:31,280
now, as you can see aireplay-ng,
140
00:06:31,280 --> 00:06:33,050
it's telling me that it's sending the
141
00:06:33,050 --> 00:06:35,220
deauthentication packets.
142
00:06:35,220 --> 00:06:38,583
And if we go back here and look up,
143
00:06:39,630 --> 00:06:42,770
you can see that I actually lost my connection
144
00:06:42,770 --> 00:06:44,823
and I'm trying to connect back.
145
00:06:46,020 --> 00:06:48,580
So, obviously if I try to look for anything,
146
00:06:48,580 --> 00:06:50,123
so let's say, test2,
147
00:06:51,610 --> 00:06:55,683
you'll see, I'll get stuck and nothing will load for me.
148
00:06:56,850 --> 00:06:59,440
So the only way for me to connect back
149
00:06:59,440 --> 00:07:01,360
is if I go back here,
150
00:07:01,360 --> 00:07:06,320
if I quit this by doing, Control + C, quit this again.
151
00:07:06,320 --> 00:07:09,620
And now my machine should be able to connect back
152
00:07:09,620 --> 00:07:11,433
and restore its connection.
153
00:07:12,410 --> 00:07:15,660
This is actually very, very handy in so many ways,
154
00:07:15,660 --> 00:07:18,410
it's very useful in social engineering cases,
155
00:07:18,410 --> 00:07:22,170
where you could disconnect clients from the target network
156
00:07:22,170 --> 00:07:25,940
and then call the user and pretend to be a person
157
00:07:25,940 --> 00:07:27,530
from the IT department
158
00:07:27,530 --> 00:07:30,590
and ask them to install a virus or a backdoor
159
00:07:30,590 --> 00:07:33,320
telling them that this would fix their issue.
160
00:07:33,320 --> 00:07:36,590
You could also create another fake access point
161
00:07:36,590 --> 00:07:39,370
and get them to connect to the fake access point
162
00:07:39,370 --> 00:07:42,730
and then start spying on them from that access point,
163
00:07:42,730 --> 00:07:45,660
and we'll see how to do that later on in the course.
164
00:07:45,660 --> 00:07:48,410
And you can also use this to capture the handshake,
165
00:07:48,410 --> 00:07:51,030
which is what happened in here, actually.
166
00:07:51,030 --> 00:07:55,120
And this is vital when it comes to WPA cracking.
167
00:07:55,120 --> 00:07:56,360
And we'll talk about this,
168
00:07:56,360 --> 00:07:59,493
once we get to the WPA cracking section.
169
00:08:00,720 --> 00:08:01,900
So, like I said,
170
00:08:01,900 --> 00:08:05,660
this is a small attack that can be used as a plugin
171
00:08:05,660 --> 00:08:09,313
to other attacks or to make other attacks possible.
14007
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.