Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,690 --> 00:00:07,770 The third injection method we're going to talk about is the fragmentation attack the fragmentation attack 2 00:00:07,800 --> 00:00:10,240 is very similar to the previous one. 3 00:00:10,230 --> 00:00:17,790 But in this attack we have to obtain one thousand five hundred bytes of the R-Ga. the pseudo random 4 00:00:17,790 --> 00:00:26,250 generation algorithm because we need to order the full fifteen hundred bytes this attack is we need 5 00:00:26,250 --> 00:00:30,740 to be closer to the target network to successfully run this attack. 6 00:00:30,840 --> 00:00:34,420 But it's much quicker than the Korac chop chop attack. 7 00:00:35,600 --> 00:00:43,520 So again after we obtained the R-Ga. we can use it to create to forge a new packet and then we're going 8 00:00:43,520 --> 00:00:51,560 to inject this new force packet into the into the traffic to increase the number of Iberis very quickly. 9 00:00:51,710 --> 00:00:59,080 So the concept is very simple we're going to capture a packet determine its P R-GA create a forge in 10 00:00:59,080 --> 00:01:02,630 your pocket and then inject that packet into the air. 11 00:01:03,140 --> 00:01:04,910 So let's see how we can do this. 12 00:01:06,450 --> 00:01:10,820 Again first thing is going to be running aero dump against the target network. 13 00:01:11,130 --> 00:01:17,810 So I'm just going to change the name here from chop chop to fragmentation or just going to code fragment 14 00:01:18,750 --> 00:01:19,910 hit enter. 15 00:01:19,990 --> 00:01:20,760 And here we go. 16 00:01:20,790 --> 00:01:23,780 A dump is launched on our target network. 17 00:01:23,860 --> 00:01:31,600 Second step as always is fake authentication so that the access point doesn't ignore us and it starts 18 00:01:31,600 --> 00:01:33,490 communicating with us. 19 00:01:33,550 --> 00:01:40,870 So we do that and we see here we have successfully associated with the target network and the authentication 20 00:01:40,870 --> 00:01:42,220 has changed to open. 21 00:01:42,460 --> 00:01:44,440 So that's very good. 22 00:01:44,530 --> 00:01:49,380 Third step is going to be our fragmentation them. 23 00:01:49,570 --> 00:01:55,630 It's very similar to the chop shop attack so you can see here that's my chop shop code that I used the 24 00:01:55,630 --> 00:01:57,320 chapter come on. 25 00:01:57,370 --> 00:02:00,990 So it's exactly the same command just set up chop chop. 26 00:02:01,000 --> 00:02:04,180 I'm going to say fragment. 27 00:02:04,400 --> 00:02:12,410 So it's airplay and you fragment be the target address of my target network and then change the MAC 28 00:02:12,410 --> 00:02:18,290 address of my own network sort of my own network. 29 00:02:18,650 --> 00:02:23,990 So I'm just going to associate myself again and do the fragmentation attack. 30 00:02:28,200 --> 00:02:34,290 So it's waiting for a packet now wants to capture the packet it's going to try to terminate its p r 31 00:02:34,290 --> 00:02:37,110 g a. 32 00:02:37,180 --> 00:02:38,290 Here we go. 33 00:02:38,500 --> 00:02:39,500 We got a packet. 34 00:02:39,760 --> 00:02:41,840 So it's asking me do I want to use this. 35 00:02:41,860 --> 00:02:46,170 I'm going to say yes please. 36 00:02:46,200 --> 00:02:48,330 Now I was trying to determine the R-Ga. 37 00:03:05,670 --> 00:03:08,080 So the packet wasn't useful. 38 00:03:08,130 --> 00:03:11,490 I'm just waiting for another packet to use it's asking me do I want to use this. 39 00:03:11,490 --> 00:03:35,500 I'm going to say yes again. 40 00:03:35,620 --> 00:03:37,530 Again that packet wasn't too useful. 41 00:03:37,540 --> 00:03:40,010 So we're just waiting for another useful packet. 42 00:03:41,100 --> 00:03:45,420 I'm going to re associate myself in the meanwhile and I'm going to say yes 43 00:04:12,620 --> 00:04:15,870 OK now this time this package was useful. 44 00:04:18,410 --> 00:04:21,640 And the keystream is saved to this file. 45 00:04:23,930 --> 00:04:29,330 Okay now we're just going to need to again the same as we did in chop chop. 46 00:04:29,330 --> 00:04:35,670 We're going to use this keystream to create forced buckets. 47 00:04:35,720 --> 00:04:39,440 So I'm just going to copy it's name and I'm going to use the same amount. 48 00:04:39,440 --> 00:04:40,930 I'm just going to clear this for you. 49 00:04:42,230 --> 00:04:47,220 And I'm going to use the same command that we use with the chop chop attack. 50 00:04:47,360 --> 00:04:54,500 The only difference is I'm going to remove the y and I'm going to put the name of the new keystream 51 00:04:54,500 --> 00:04:59,280 that we captured and the name of the packet we're going to create. 52 00:04:59,360 --> 00:05:01,430 I'm going to call this fragment first packet. 53 00:05:04,620 --> 00:05:06,870 So we're just going to go over the commands again. 54 00:05:06,870 --> 00:05:12,050 It's Puckett's porridge minus zero to create an a.p packet. 55 00:05:12,120 --> 00:05:14,480 We put the target Mac address. 56 00:05:14,680 --> 00:05:17,280 Hey it's my own Mac address. 57 00:05:17,280 --> 00:05:23,180 And then K and L are the destination and the source IP address is. 58 00:05:23,520 --> 00:05:27,390 Why is the name of the keystream file. 59 00:05:27,540 --> 00:05:31,290 So it's the file that way that has been created from the previous step. 60 00:05:31,560 --> 00:05:33,140 And that's the name of it. 61 00:05:33,480 --> 00:05:37,030 And then W is the file name that's going to be created. 62 00:05:37,070 --> 00:05:41,790 That's going to contain the first packet and it's going to be called fragments. 63 00:05:42,040 --> 00:05:45,860 Fact and is still not stopped. 64 00:05:45,890 --> 00:05:48,470 It's been successfully read into this file. 65 00:05:48,830 --> 00:05:56,140 So again just like the chop chop I think we're going to inject this new packet into the air. 66 00:05:56,390 --> 00:06:01,870 And this is going to be done using airplay ngi with the minus to option the reply option. 67 00:06:02,190 --> 00:06:08,890 The repair option just going to paste the name of my new first bucket. 68 00:06:08,930 --> 00:06:18,370 So we got airplay and you minus two for a replay or the name of my first packet and zero is my wife 69 00:06:18,370 --> 00:06:21,540 I carried with monitor mode before I do this. 70 00:06:21,590 --> 00:06:26,740 I'm going to associate myself again and then I'm going to hit enter here. 71 00:06:26,850 --> 00:06:32,080 It's asking me do I want to use this because I'm going to say yes. 72 00:06:32,300 --> 00:06:35,460 And here we go we can see the data is flying. 73 00:06:35,660 --> 00:06:40,020 We're injecting around 400 packets per second. 74 00:06:41,100 --> 00:06:46,150 And what's that number is large enough we're going to be able to crack the key. 75 00:06:47,080 --> 00:06:50,850 I can just go here to crack ngi. 76 00:06:50,970 --> 00:06:52,700 So it's going to be a crack. 77 00:06:52,910 --> 00:06:53,240 Angie 78 00:06:56,210 --> 00:06:57,860 fragment test 79 00:07:05,680 --> 00:07:12,660 Cup here is here we go we can see the key that's the key. 80 00:07:12,930 --> 00:07:15,700 And we have 70000 Ivey's. 81 00:07:15,870 --> 00:07:18,950 So if we go back here probably even more 35000. 82 00:07:19,110 --> 00:07:23,370 And the numbers are increasing quickly. 83 00:07:23,610 --> 00:07:28,380 So that was the three methods to inject packets into the air. 84 00:07:28,380 --> 00:07:35,550 There is more methods but that's in my opinion the best three methods to increase the number of data 85 00:07:35,770 --> 00:07:39,320 into the networks. 86 00:07:39,330 --> 00:07:43,440 This way we're able to crack any WEP encrypted network. 8432