Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
1
00:00:01,070 --> 00:00:03,280
Now before leaving this section and moving
2
2
00:00:03,280 --> 00:00:06,300
to the gaining access section where I'm gonna teach you
3
3
00:00:06,300 --> 00:00:09,560
how to break the different encryptions and gain access
4
4
00:00:09,560 --> 00:00:14,200
to networks, I want to spend one more lecture talking about
5
5
00:00:14,200 --> 00:00:17,880
a really useful attack that still falls under the
6
6
00:00:17,880 --> 00:00:20,911
pre-connection attacks under this section.
7
7
00:00:20,911 --> 00:00:23,100
The attack that I want to talk about,
8
8
00:00:23,100 --> 00:00:25,873
is the de-authentication attack.
9
9
00:00:26,750 --> 00:00:29,880
This attack allow us to disconnect any device,
10
10
00:00:29,880 --> 00:00:34,000
from any network, before connecting to any of these networks
11
11
00:00:34,000 --> 00:00:38,540
and without the need to know the password for the network.
12
12
00:00:38,540 --> 00:00:42,430
To do this, we're going to pretend to be the client
13
13
00:00:42,430 --> 00:00:45,960
that we want to disconnect, by changing our MAC address
14
14
00:00:45,960 --> 00:00:49,360
to the MAC address of that client, and tell the router
15
15
00:00:49,360 --> 00:00:51,513
that I want to disconnect from you.
16
16
00:00:52,430 --> 00:00:55,710
Then, we're going to pretend to be the router, again,
17
17
00:00:55,710 --> 00:00:59,260
by changing our MAC address to the router's MAC address
18
18
00:00:59,260 --> 00:01:02,000
and tell the client that you're requested
19
19
00:01:02,000 --> 00:01:06,070
to be disconnected, so I'm going to disconnect you.
20
20
00:01:06,070 --> 00:01:09,210
This will allow us to successfully disconnect,
21
21
00:01:09,210 --> 00:01:13,283
or de-authenticate any client from any network.
22
22
00:01:14,700 --> 00:01:17,420
Now, we're actually not going to do this manually,
23
23
00:01:17,420 --> 00:01:21,363
we're gonna use a tool called aireplay-ng to do that.
24
24
00:01:22,670 --> 00:01:25,195
From the previous lecture, we know that this MAC
25
25
00:01:25,195 --> 00:01:29,610
address right here, belongs to an Apple computer, and like
26
26
00:01:29,610 --> 00:01:33,640
I said, this Apple computer is actually my computer
27
27
00:01:33,640 --> 00:01:34,870
right here.
28
28
00:01:34,870 --> 00:01:38,550
And, as you can see, this host machine is connected to this
29
29
00:01:38,550 --> 00:01:42,210
network right here, which is the same as the one that you
30
30
00:01:42,210 --> 00:01:46,020
see in here, and it actually has internet access.
31
31
00:01:46,020 --> 00:01:49,480
So, if I just look for test, you'll see that I'm connected
32
32
00:01:49,480 --> 00:01:51,960
and I can look for things, I can use google.
33
33
00:01:51,960 --> 00:01:54,883
So, I have a proper working internet connection.
34
34
00:01:55,720 --> 00:01:59,530
Now, we're gonna come back here, and we're gonna use a tool
35
35
00:01:59,530 --> 00:02:03,970
called aireplay-ng, to launch the de-authentication attack,
36
36
00:02:03,970 --> 00:02:07,943
and disconnect this MAC computer from the internet.
37
37
00:02:09,020 --> 00:02:11,639
So, we're gonna type the name of the program, which is
38
38
00:02:11,639 --> 00:02:15,799
aireplay-ng, we're gonna tell it that I want to run
39
39
00:02:15,799 --> 00:02:20,710
a de-authentication attack, then, I'm gonna give it
40
40
00:02:20,710 --> 00:02:25,710
the number of de-authentication packets that I want to send.
41
41
00:02:25,840 --> 00:02:28,840
So, I'm gonna give it a really large number, so that
42
42
00:02:28,840 --> 00:02:32,790
it keeps sending these packets to both the router,
43
43
00:02:32,790 --> 00:02:37,310
and the target device, therefore, I'll disconnect my target
44
44
00:02:37,310 --> 00:02:41,090
device for a very long period of time, and the only way
45
45
00:02:41,090 --> 00:02:45,400
to get it back to connect is to hit Control + C and quit
46
46
00:02:45,400 --> 00:02:46,233
aireplay-ng.
47
47
00:02:47,750 --> 00:02:51,760
Next, I'm gonna give aireplay-ng the MAC address
48
48
00:02:51,760 --> 00:02:53,940
of my target network.
49
49
00:02:53,940 --> 00:02:58,570
So, I'm gonna do -a and give it the MAC address, which
50
50
00:02:58,570 --> 00:03:00,403
I'm gonna copy from here.
51
51
00:03:02,320 --> 00:03:07,320
Then, I'm gonna use -c to give it the MAC address of the
52
52
00:03:07,410 --> 00:03:10,300
client that I want to disconnect.
53
53
00:03:10,300 --> 00:03:13,500
And, the client that I want to disconnect is this client
54
54
00:03:13,500 --> 00:03:16,920
right here, which is the Apple computer like we said.
55
55
00:03:16,920 --> 00:03:20,573
So, I'm gonna copy it, and paste it here.
56
56
00:03:21,990 --> 00:03:23,000
And finally,
57
57
00:03:23,000 --> 00:03:26,710
I'm gonna give it the name of my wireless adapter in
58
58
00:03:26,710 --> 00:03:30,743
monitor mode, and in my case it's called mon zero.
59
59
00:03:31,730 --> 00:03:34,130
So, a very, very simple command.
60
60
00:03:34,130 --> 00:03:37,290
We're typing aireplay-ng, this is the name of the program
61
61
00:03:37,290 --> 00:03:41,390
that we're going to use, we're doing --deauth to tell
62
62
00:03:41,390 --> 00:03:45,440
aireplay-ng that I want to run a de-authentication attack,
63
63
00:03:45,440 --> 00:03:49,020
I'm givin' it a really large number of packets, so that it
64
64
00:03:49,020 --> 00:03:52,380
keeps sending the de-authentication packets
65
65
00:03:52,380 --> 00:03:55,450
to both the router and the client, and keep the client
66
66
00:03:55,450 --> 00:04:00,450
disconnected, I'm using -a to specify the MAC address of the
67
67
00:04:00,710 --> 00:04:05,320
target router, or the target access point, then I'm using -c
68
68
00:04:06,170 --> 00:04:09,233
to specify the MAC address of the client.
69
69
00:04:10,200 --> 00:04:13,280
Finally, I'm givin' it mon zero, which is the name
70
70
00:04:13,280 --> 00:04:16,193
of my wireless adapter in monitor mode.
71
71
00:04:17,430 --> 00:04:20,810
Now, you can run this command like this, and in most cases
72
72
00:04:20,810 --> 00:04:25,240
it would work, but in very rare cases, this command will
73
73
00:04:25,240 --> 00:04:29,450
fail unless airodump-ng is running against the target
74
74
00:04:29,450 --> 00:04:31,100
network.
75
75
00:04:31,100 --> 00:04:33,800
So, what I'm gonna do now is, I'm gonna go back to my
76
76
00:04:33,800 --> 00:04:37,840
first terminal in here, and I'm going to run airodump-ng
77
77
00:04:37,840 --> 00:04:41,030
using the command that we seen before, and I don't want
78
78
00:04:41,030 --> 00:04:44,134
to write anything to our file, so I'm going to remove the
79
79
00:04:44,134 --> 00:04:45,663
write argument.
80
80
00:04:47,320 --> 00:04:50,550
So, I'm just doin' a normal airodump-ng command.
81
81
00:04:50,550 --> 00:04:54,780
I'm literally just givin' it the BSSID of my target network,
82
82
00:04:54,780 --> 00:04:58,210
and I'm givin' it the target channel, and then I'm just
83
83
00:04:58,210 --> 00:04:59,300
gonna hit Enter.
84
84
00:04:59,300 --> 00:05:02,060
We seen how to do this, we spent a full lecture on it,
85
85
00:05:02,060 --> 00:05:04,087
that's why I did it really quick.
86
86
00:05:04,087 --> 00:05:06,970
And then I'm gonna go back to the command that we wrote
87
87
00:05:06,970 --> 00:05:09,690
so far, and I'm gonna hit Enter.
88
88
00:05:09,690 --> 00:05:12,970
Now, as you can see, aireplay-ng it's telling me that it's
89
89
00:05:12,970 --> 00:05:16,850
sending the de-authentication packets, and if we go back
90
90
00:05:16,850 --> 00:05:21,850
here and look up, you can see that I actually lost
91
91
00:05:22,280 --> 00:05:25,393
my connection, and I'm trying to connect back.
92
92
00:05:26,600 --> 00:05:29,815
So, obviously if I try to look for anything, so let's say
93
93
00:05:29,815 --> 00:05:34,815
test 2, you'll see I'll get stuck and nothing will load
94
94
00:05:35,530 --> 00:05:36,363
for me.
95
95
00:05:37,430 --> 00:05:41,220
So, the only way for me to connect back is, if I go back
96
96
00:05:41,220 --> 00:05:46,220
here, if I quit this by doing Control+C, quit this again,
97
97
00:05:46,397 --> 00:05:50,220
and now my machine should be able to connect back,
98
98
00:05:50,220 --> 00:05:52,023
and restore its connection.
99
99
00:05:53,020 --> 00:05:56,260
This is actually very,very handy in so many ways.
100
100
00:05:56,260 --> 00:05:59,010
It's very useful in social engineering cases,
101
101
00:05:59,010 --> 00:06:02,810
where you could disconnect clients from the target network,
102
102
00:06:02,810 --> 00:06:06,940
and then call the user and pretend to be, a person from the
103
103
00:06:06,940 --> 00:06:11,210
IT Department and ask them to install a virus or a backdoor,
104
104
00:06:11,210 --> 00:06:13,930
telling them that this would fix their issue.
105
105
00:06:13,930 --> 00:06:17,560
You could also set, create other fake access point and get
106
106
00:06:17,560 --> 00:06:20,730
them to connect to the fake access point, and then start
107
107
00:06:20,730 --> 00:06:23,380
spying on them, from that access point.
108
108
00:06:23,380 --> 00:06:26,080
And, we'll see how to do that later on in the course.
109
109
00:06:26,080 --> 00:06:29,040
And, you can also use this to capture the handshake,
110
110
00:06:29,040 --> 00:06:31,670
which is what happened in here, actually.
111
111
00:06:31,670 --> 00:06:36,100
And, this is vital when it comes to WPA cracking and we'll
112
112
00:06:36,100 --> 00:06:40,143
talk about this once we get to the WPA cracking section.
113
113
00:06:41,360 --> 00:06:45,760
So, like I said, this is a small attack that can be used as
114
114
00:06:45,760 --> 00:06:49,973
a plug into other attacks to make other attacks possible.
10898
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.