Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,700 --> 00:00:07,320 OK so from the previous video we know that to crack a whip keep all we have to do is sniff packets from 2 00:00:07,320 --> 00:00:11,160 the target network and gather as much as possible. 3 00:00:11,400 --> 00:00:18,570 Once we do that every crack and you will be able to use statistical attacks to determine the keystream 4 00:00:18,750 --> 00:00:19,860 and then the wiki. 5 00:00:20,000 --> 00:00:26,460 It does this because when we have a large number of IPs as I said the IP is only a 24 bit number so 6 00:00:26,880 --> 00:00:29,780 it can be exhausted easily in a busy network. 7 00:00:29,970 --> 00:00:36,450 So once we have two packets to have the same IP then we can decrypt the keystream and the web. 8 00:00:36,570 --> 00:00:42,900 Now when we have more than two packets obviously the method is going to work better and our chances 9 00:00:42,900 --> 00:00:45,870 of breaking the key will be higher. 10 00:00:45,900 --> 00:00:49,150 So we're going to try to gather as much as possible. 11 00:00:49,440 --> 00:00:53,020 Let's see the most basic case of cracking work. 12 00:00:53,160 --> 00:00:57,000 First of all I have my wife I called the monitor mode. 13 00:00:57,030 --> 00:01:02,820 So the first thing I'm going to try to do now is just see all the networks that are within my wife range 14 00:01:03,450 --> 00:01:06,240 and then I'm going to target one of those networks. 15 00:01:06,300 --> 00:01:13,510 So we're going to go Arundo Angie just very basic. 16 00:01:13,630 --> 00:01:19,090 And the second letter that came up is the network that we're going to do our attacks on. 17 00:01:19,090 --> 00:01:24,700 So it's a test AP So we're just going to launch early on I guess this network now so we're going to 18 00:01:24,700 --> 00:01:25,360 call. 19 00:01:25,570 --> 00:01:34,290 We're going to put the VSS Id like we did before just launch an aero dome against this AP and then I'm 20 00:01:34,290 --> 00:01:42,490 going to put the channel number two and then I'm going to arise to store all the packets that we capture 21 00:01:42,490 --> 00:01:43,370 into a file. 22 00:01:43,600 --> 00:01:51,360 And let's call it basic IP and that's it. 23 00:01:51,360 --> 00:01:53,560 So we're going to enjoy this idea. 24 00:01:53,640 --> 00:01:58,040 MAC address channel and the cloud that we're get the right stuff too. 25 00:01:58,070 --> 00:02:03,600 And our Wi-Fi card in monitor mode just launch an arrow down on a target network. 26 00:02:03,600 --> 00:02:08,480 Now as you can see this target's network you have here is quite a busy one. 27 00:02:08,520 --> 00:02:14,430 You can see the data and the frame's is going it's going up quickly quick enough not very quickly but 28 00:02:14,720 --> 00:02:16,290 it was very quick at the start. 29 00:02:16,290 --> 00:02:18,710 It is a busy network so we have a client here. 30 00:02:18,750 --> 00:02:21,200 This is the section where we see the clients. 31 00:02:21,270 --> 00:02:23,360 So this client is actually doing. 32 00:02:23,400 --> 00:02:26,370 I have it actually playing video on YouTube. 33 00:02:26,370 --> 00:02:30,860 So that's why it's going up Quicken slows down quick and slows down. 34 00:02:30,990 --> 00:02:33,840 So just trying to mimic active clients here. 35 00:02:34,020 --> 00:02:40,850 So all we have to do now is just launch our crack which is part of the aircraft suit against the file 36 00:02:40,890 --> 00:02:44,130 that we that dump has created for us. 37 00:02:44,130 --> 00:02:48,550 We can launch aircraft against it even if the file even if we didn't stop error don't. 38 00:02:48,780 --> 00:02:54,320 And it's going to keep reading the file and read the new package that was capturing here. 39 00:02:54,360 --> 00:03:02,650 So we're just going to go crack and just put the file on them so the file name was. 40 00:03:02,740 --> 00:03:04,870 So this file is still being created. 41 00:03:04,870 --> 00:03:08,280 It's getting larger and larger because it's getting more packets. 42 00:03:08,430 --> 00:03:11,560 We can run our crack injury with that file running. 43 00:03:11,680 --> 00:03:17,950 And then with Aradigm running and it's going to keep getting updated and it'll give us the password 44 00:03:17,950 --> 00:03:20,130 once it can crack it. 45 00:03:20,560 --> 00:03:27,430 So now crack is working and airdrome is collecting the package for us as you can see aircraft failed 46 00:03:27,880 --> 00:03:31,250 to determine the key within 5000 babies. 47 00:03:31,480 --> 00:03:33,760 So it's going to start with 3000 babies. 48 00:03:33,890 --> 00:03:38,240 That's going to wait until the babies reach 5000 and it's going to try again. 49 00:03:38,500 --> 00:03:41,840 Now the number of I was actually depends on the type of web. 50 00:03:41,840 --> 00:03:44,140 So there's two types of WEP encryption. 51 00:03:44,140 --> 00:03:50,150 There is a 128 and there is a 46 but the only difference is the length of the key. 52 00:03:50,200 --> 00:03:57,570 So the 46 require less number of Ivey's than the 128. 53 00:03:57,580 --> 00:04:03,820 Now the Ivey's Remember when we're talking about aircraft we said data is the number of useful packets. 54 00:04:03,820 --> 00:04:10,340 What I meant with that is the number of packets to have a unique ID or have a new IP. 55 00:04:10,360 --> 00:04:17,630 So the more packets we get with with different Ivey's the more our chances of crack in the Webcke. 56 00:04:17,980 --> 00:04:24,880 Now we're basically just going to wait until aircraft can successfully crack the worki Okay perfect 57 00:04:25,300 --> 00:04:27,760 I'm just going to Control-C there. 58 00:04:27,940 --> 00:04:34,460 Now and as you can see here Krock successfully managed to get the key. 59 00:04:34,500 --> 00:04:37,440 So that's the key for the target network. 60 00:04:37,440 --> 00:04:42,250 We were able to get it within twenty three thousand of data packets. 61 00:04:42,510 --> 00:04:46,490 Just because the target AP uses a 64 bit key. 62 00:04:46,650 --> 00:04:49,460 Let's see how we can use this key to connect to the network. 63 00:04:49,740 --> 00:04:59,550 So I'm just going to copy it I go to Jeannie and we're just going to remove these dots and use the key 64 00:04:59,550 --> 00:05:01,400 like this. 65 00:05:01,420 --> 00:05:11,040 So now we can connect to the target network and here we go see test a.p and just going to paste it here. 66 00:05:14,510 --> 00:05:17,230 And as you can see our connection has been established. 67 00:05:17,450 --> 00:05:23,960 So we successfully recovered the key word key for our target network. 68 00:05:24,290 --> 00:05:32,400 So I can just go to and confirm it in google and ping work so we are successfully connected to the target 69 00:05:32,400 --> 00:05:32,930 network. 7398