Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,630 --> 00:00:06,360
So in the previous lecture we've seen if we run a river against this particular network the network
2
00:00:06,360 --> 00:00:13,710
will get locked and we won't be able to brute force the WPA spin because the network will just refuse
3
00:00:13,710 --> 00:00:14,990
any requests.
4
00:00:15,390 --> 00:00:23,430
So we said one of the ways to try and reset or get the network to get unlocked is to just run the authentication
5
00:00:23,430 --> 00:00:29,700
attack like we did before and hope that one of the users will just go in and physically turn off the
6
00:00:29,700 --> 00:00:31,890
router and then turn it back on.
7
00:00:32,220 --> 00:00:36,480
And we said this is not a great way because we actually were relying on a person to go and turn off
8
00:00:36,480 --> 00:00:43,140
the router but it has a high chance of success because what would you do when you lose internet connection.
9
00:00:43,140 --> 00:00:48,840
Most people will just go and turn off their now a router and turn it back on.
10
00:00:48,840 --> 00:00:55,320
So in this lecture were going to use a tool called MBK 3 and we're going to use it to run a didoes attack
11
00:00:55,680 --> 00:01:02,490
a denial of service attack basically on the target network and in some routers this attack will just
12
00:01:02,490 --> 00:01:03,580
flood the router.
13
00:01:03,660 --> 00:01:09,600
And then it will cause the router to reset automatically and then when it resets it will get unlocked
14
00:01:09,630 --> 00:01:10,350
as well.
15
00:01:10,350 --> 00:01:15,450
So we'll be able to run river and start guessing the WPA Espen again.
16
00:01:15,450 --> 00:01:21,870
And since reverse supports pause and rescue this cat can work really well so even if you're at 60 percent
17
00:01:22,110 --> 00:01:27,690
and then the router locks you can just control Siri either run the attack get the router to be unlocked
18
00:01:27,900 --> 00:01:31,350
and then run the attack again and it all starts from 60 percent.
19
00:01:31,350 --> 00:01:33,260
It's not going to start from zero.
20
00:01:33,900 --> 00:01:36,200
So I'm just going to split the screen here.
21
00:01:40,050 --> 00:01:43,060
And I'm just going to run the tool that we're going to be using.
22
00:01:43,060 --> 00:01:50,420
Is called M.D K3 and I'm going to type in help just to see the options that this tool gives us.
23
00:01:52,560 --> 00:01:59,100
And we consider this to actually let us run a number of attacks and test modes are listed in here.
24
00:01:59,340 --> 00:02:02,800
So the way the tool works is you specify the name of the tool.
25
00:02:03,000 --> 00:02:09,420
You follow it up with your interface and monitor mode and then you follow it with the test mode which
26
00:02:09,420 --> 00:02:11,130
are listed in here.
27
00:02:11,130 --> 00:02:17,460
And then you give it the options for each of these test mode for this lecture we're going to be using
28
00:02:17,760 --> 00:02:22,290
the option which is the authentication DOS mode.
29
00:02:23,310 --> 00:02:29,460
So to see all the options and get more information about this attack we're going to do the K3 minus
30
00:02:29,460 --> 00:02:33,780
minus help and then put the test mode which is a.
31
00:02:33,870 --> 00:02:44,150
So I'm just going to do K3 minus minus help and I'm going to put a and this will give us more information
32
00:02:44,150 --> 00:02:50,240
about the attack that we want to do so it's going to be an authentication those mood that's going to
33
00:02:50,240 --> 00:02:53,360
send authentication frames to the AP.
34
00:02:53,360 --> 00:03:00,380
So basically what it's going to do is we're going to specify a MYF address for our target and the K-3
35
00:03:00,560 --> 00:03:06,890
will create fake mac addresses and get all of these MAC addresses to pretend as if their computers are
36
00:03:06,890 --> 00:03:13,730
clients and these clients are trying to connect to that network when there is a very large number of
37
00:03:13,730 --> 00:03:17,000
clients trying to connect to one network to one router.
38
00:03:17,240 --> 00:03:23,180
Some routers will not be able to handle all this demand and they'll actually just restart and reset
39
00:03:23,210 --> 00:03:24,010
everything.
40
00:03:24,260 --> 00:03:30,840
And when they do that they'll unlock WPX and we'll be able to run river again.
41
00:03:30,860 --> 00:03:36,410
So if you're on it if you're on indicator you with the option to do that on all the networks around
42
00:03:36,410 --> 00:03:36,500
you.
43
00:03:36,500 --> 00:03:40,850
So it's going to create a very large number of clients and it's going to get all of these clients to
44
00:03:40,850 --> 00:03:43,110
connect to all the networks do you.
45
00:03:43,280 --> 00:03:44,090
And we don't want that.
46
00:03:44,090 --> 00:03:45,920
We only want to target one network.
47
00:03:46,070 --> 00:03:52,540
So we're going to specify the target network with the minus option to specify the target mark.
48
00:03:52,940 --> 00:04:00,080
And we're also going to use minus m to tell it that we want you to use valid Maxo marks of actual devices
49
00:04:00,290 --> 00:04:06,430
instead of using a Mac that looks like it's fake like 000 000.
50
00:04:06,470 --> 00:04:08,050
So let's run the command.
51
00:04:08,060 --> 00:04:11,150
Let me show you the command that we're going to use and things are going to get more clear.
52
00:04:11,420 --> 00:04:16,880
So the programs that we're going to use is called M.D K3.
53
00:04:17,210 --> 00:04:21,320
Then we're going to give it the interface in monitor mode and it's 1 0.
54
00:04:21,320 --> 00:04:28,680
In my case then we're going to give it the test mode or the attack mode and that's the authentication
55
00:04:28,680 --> 00:04:29,450
DOS mode.
56
00:04:29,460 --> 00:04:36,410
So that's going to be a and then we want to run that against only one specific router.
57
00:04:36,470 --> 00:04:37,610
Not all routers.
58
00:04:37,640 --> 00:04:47,110
So we're going to specify the minus a and give it the MAC address of my target's router which is the
59
00:04:47,110 --> 00:04:49,270
same MAC address in here.
60
00:04:49,420 --> 00:04:57,490
It's the same MAC address that's locked in here right here and then we're going to give it minus and
61
00:04:57,690 --> 00:05:02,200
to tell it to use valid MAC addresses instead of just ones that look wrong.
62
00:05:02,450 --> 00:05:04,770
So we're going to do minus.
63
00:05:05,300 --> 00:05:06,740
And that's it we're ready to go.
64
00:05:06,740 --> 00:05:09,410
So we're just going to go over the command one more time.
65
00:05:09,410 --> 00:05:11,970
We're using a tool called M.D K3.
66
00:05:12,060 --> 00:05:14,240
We're given at the interface in monitor mode.
67
00:05:14,240 --> 00:05:20,930
In my case it's mon's euro Wartelle and we want to use the attack that's referred to with the option
68
00:05:20,930 --> 00:05:27,400
which is the authentication DOS mode we're given it my target access point after the minus.
69
00:05:27,890 --> 00:05:32,320
And then I'm giving it minus to use valid MAC addresses.
70
00:05:32,510 --> 00:05:38,480
I'm going to hit enter and I actually misspelled M.D K-3 I said M-K D-3.
71
00:05:38,540 --> 00:05:39,590
I do that a lot.
72
00:05:39,830 --> 00:05:42,560
So it's MBK three hit enter
73
00:05:45,390 --> 00:05:51,180
and you might see a result like this saying that the target computer see the target router does not
74
00:05:51,180 --> 00:05:54,140
seem to be vulnerable but just let it work.
75
00:05:54,360 --> 00:05:58,370
Sometimes you might have to let it work up to 50000 clients.
76
00:05:58,530 --> 00:06:03,510
You can see that it's creating fake clients and it's trying to get them to connect to the router so
77
00:06:03,510 --> 00:06:09,600
you can try to associate with the router really not connect and you can see that we reached 5000 clients
78
00:06:09,600 --> 00:06:11,780
right here.
79
00:06:11,830 --> 00:06:14,530
This could be different from one router to another.
80
00:06:14,530 --> 00:06:17,910
So sometimes I had to let this go up to 50000.
81
00:06:18,040 --> 00:06:24,370
In this case with my home router right here it usually resets between 5000 and 10000.
82
00:06:24,400 --> 00:06:27,430
So I'm just going to let it go up to 10000 in this case.
83
00:06:28,660 --> 00:06:36,160
And once it's 10000 like this I'm going to Control-C at the same time to get out of this and we're going
84
00:06:36,160 --> 00:06:41,290
to run wash again to see if the network is still locked so you can see the last time around wash the
85
00:06:41,290 --> 00:06:42,980
network was locked.
86
00:06:43,030 --> 00:06:48,040
So I'm just going to give it some time to reset and then I'm just going to be run and wash the same
87
00:06:48,040 --> 00:06:51,110
command that we always use this just wash minus.
88
00:06:51,150 --> 00:06:58,530
I want zero and keep in mind this doesn't work against all routers but it works against a lot of routers
89
00:06:58,530 --> 00:07:00,050
really but not all.
90
00:07:00,060 --> 00:07:02,990
So it might not just work for you.
91
00:07:03,300 --> 00:07:06,120
So I'm going to hit Enter now to look for networks around me.
92
00:07:09,150 --> 00:07:11,900
Looks like something went wrong with my wireless card.
93
00:07:12,000 --> 00:07:16,710
So I'm just going to disconnected reconnected enable monitor mode and run wash again.
94
00:07:18,170 --> 00:07:23,020
OK so I'm just going to run wash again here.
95
00:07:23,430 --> 00:07:31,130
And as you can see now our target network got reset and you can see that WPX is not locked anymore.
96
00:07:31,610 --> 00:07:37,300
So I can actually start Rivara again and it will be able to pick up from where it left the last time.
97
00:07:38,130 --> 00:07:45,480
So last time the pin count was left at 0 and right now if I run it again I'll be able to go to pin count
98
00:07:45,480 --> 00:07:48,160
1 so I'll actually be able to test one more pin.
99
00:07:48,390 --> 00:07:56,020
So if we just do revert again using the same command that we did before you can see that it's asking
100
00:07:56,020 --> 00:08:04,160
me if I want to continue from where I left the last time I'm going to say yes please.
101
00:08:04,170 --> 00:08:05,930
Now again the router got locked again.
102
00:08:05,970 --> 00:08:13,370
Now what you can see that we managed to go ahead with one more pin to test one pin right now.
103
00:08:13,530 --> 00:08:18,550
And if we do the same now get the router to unlock and do the same.
104
00:08:18,600 --> 00:08:20,790
You'll be able to go to the next pin.
105
00:08:20,790 --> 00:08:26,940
Now this network is actually a quite stubborn one usually networks lock after four or sometimes even
106
00:08:26,940 --> 00:08:27,960
10 attempts.
107
00:08:27,990 --> 00:08:30,810
Very rarely they lock after one attempt only.
108
00:08:30,960 --> 00:08:34,010
But again this just serves with our examples.
109
00:08:34,020 --> 00:08:39,300
The main thing is you can unlock most networks using this method use an empty K-3.
12051
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.