Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:01,150 --> 00:00:09,070 Okay now that we have created our fake access point and it's working perfectly against CPS hate STDs 2 00:00:09,460 --> 00:00:15,610 and all web sites it's automatically show in it's logon screen and the logon screen looks exactly like 3 00:00:15,610 --> 00:00:18,040 the logon screen that the people are used to. 4 00:00:18,040 --> 00:00:23,380 We are ready to move to the next step which is the authenticating users. 5 00:00:23,440 --> 00:00:30,400 So you're going to go ahead use airplay ngi and authenticate all users or some users from the actual 6 00:00:30,400 --> 00:00:36,510 network so that they connect to your version to a network and enter their password in there. 7 00:00:36,520 --> 00:00:41,620 Now I'm not going to be covering that because I've already covered how to run a authentication attack 8 00:00:41,660 --> 00:00:44,930 again single multiple and all clients before. 9 00:00:45,100 --> 00:00:50,560 So I'm going to skip over this and I'm going to assume that you already authenticated your clients and 10 00:00:50,560 --> 00:00:55,730 your client is now or clients are connecting to your fake access point. 11 00:00:55,780 --> 00:01:02,200 The final step is going to be sniffing the log in and the password that they're going to be entering. 12 00:01:02,200 --> 00:01:08,110 Now I've also covered sniffing before but this is the end result of everything that we have done so 13 00:01:08,110 --> 00:01:08,440 far. 14 00:01:08,440 --> 00:01:10,060 So I can help to show it. 15 00:01:10,210 --> 00:01:17,320 And I'm also going to do it using a slightly different way just to show you a handier way for this particular 16 00:01:17,320 --> 00:01:18,800 scenario. 17 00:01:19,120 --> 00:01:21,560 So I'm going to go to my caddie machine. 18 00:01:21,760 --> 00:01:27,240 So I already have my wireless access point running and it's called the Royal Wi-Fi version too. 19 00:01:27,250 --> 00:01:33,730 As you know now all I have to do is just capture the packets and I'm just going to use something a little 20 00:01:33,730 --> 00:01:34,440 bit different. 21 00:01:34,440 --> 00:01:38,570 Like I said because I think this is going to be more convenient. 22 00:01:38,620 --> 00:01:46,140 So we're going to use a tool called the shark and this is actually what wireshark uses when sniffing 23 00:01:46,140 --> 00:01:47,500 for data. 24 00:01:47,670 --> 00:01:56,080 We're going to set the interface 2.0 and we're going to use Dasch W to store the data in a file and 25 00:01:56,080 --> 00:02:06,010 that's called this royal wife I that cup so there isn't a very simple command we're doing teeshirt we're 26 00:02:06,020 --> 00:02:12,650 giving it the interface that we want to sniff the data on and I'm using zero because none zero is the 27 00:02:12,650 --> 00:02:16,250 wireless adapter that we're using to broadcast the signal. 28 00:02:16,280 --> 00:02:21,890 So any request to target sends they're actually going to send it to the router and the router in this 29 00:02:21,890 --> 00:02:31,070 case is lan 0 because it's what broke broadcasting our signal Worster everything using the dash w option 30 00:02:31,460 --> 00:02:35,100 into a file called Royal Wi-Fi. 31 00:02:35,180 --> 00:02:40,910 I'm going to hit enter and as you can see this is not going to display anything for me. 32 00:02:40,910 --> 00:02:43,860 This is literally just going to capture packets. 33 00:02:43,890 --> 00:02:47,070 Store them in a file called Royal Wi-Fi Cup. 34 00:02:47,420 --> 00:02:53,670 So that's why it's really handy because I can just let this run and then come back to it later on open 35 00:02:53,680 --> 00:02:56,650 it and Wireshark and analyze it. 36 00:02:56,660 --> 00:02:58,790 So let's go to the Windows machine. 37 00:03:00,480 --> 00:03:02,980 And let's connect royal Wi-Fi. 38 00:03:08,810 --> 00:03:14,720 And as you can see as we've seen before when you try to lie again when you connect you'll automatically 39 00:03:14,720 --> 00:03:16,600 get the log in page. 40 00:03:16,610 --> 00:03:23,300 Now we're assuming that you should of by now you should have ran the authentication attack so that nobody 41 00:03:23,300 --> 00:03:28,670 can connect to the actual network and they can only connect to your fake AP. 42 00:03:28,910 --> 00:03:30,480 So they're going to go on English. 43 00:03:30,620 --> 00:03:35,870 This is not going to be suspicious at all to them because this is exactly the same page that they're 44 00:03:35,870 --> 00:03:38,190 used to enter their information on. 45 00:03:38,810 --> 00:03:44,800 So the user is going to put their user name which is and I'm going to put the password which is one 46 00:03:44,800 --> 00:03:46,300 two three four five six 47 00:03:48,980 --> 00:03:58,330 I'm going to click on Logan and as you can see it's automatically tell me could not get portal configuration. 48 00:03:58,330 --> 00:04:03,160 So the person is going to think that there is an error or something is going wrong. 49 00:04:03,160 --> 00:04:10,570 Now let's go back to the Callimachi and I'm going to stop this by doing Control-C and then I'm going 50 00:04:10,570 --> 00:04:11,800 to open Wireshark 51 00:04:15,270 --> 00:04:20,160 and we'll analyze the file that contains the data that we just captured. 52 00:04:20,820 --> 00:04:32,230 So I'm going to go to File Open and the file that we just created is called Royal y Fido's Cup. 53 00:04:32,390 --> 00:04:33,390 Gonna click on open 54 00:04:36,420 --> 00:04:40,280 and as you can see we have all the packets that we captured so far. 55 00:04:40,280 --> 00:04:48,120 And here now what we're looking for and what we're interested in is TTP packet's because as you remember 56 00:04:48,120 --> 00:04:54,900 we added a form in the same old page and we said that for him to use a post request. 57 00:04:55,410 --> 00:05:01,460 And that's why I said if we are that it's going to be very easy for us to analyze and find the username 58 00:05:01,470 --> 00:05:03,210 and password. 59 00:05:03,210 --> 00:05:11,030 So in the filter and here I'm just going to type in TTP and that will show me only the TTP packets that 60 00:05:11,030 --> 00:05:13,820 were sent over this network. 61 00:05:14,190 --> 00:05:19,140 And as you can see here all these requests are get through quest. 62 00:05:19,250 --> 00:05:24,470 Now again we set the method in our forums that we either manually to use post. 63 00:05:24,470 --> 00:05:27,880 So we're going to look for something that says post in here. 64 00:05:30,180 --> 00:05:30,600 OK. 65 00:05:30,610 --> 00:05:33,890 And we have a post request in here. 66 00:05:34,030 --> 00:05:42,550 Now if we click on the Hastey MLA form you can see that we have a form item called username and the 67 00:05:42,550 --> 00:05:44,290 value for that was. 68 00:05:44,920 --> 00:05:51,250 And then we have another form item and the value for that is 1 2 3 4 5 6. 69 00:05:51,670 --> 00:05:55,840 So we managed to capture the username and password right now. 70 00:05:56,170 --> 00:06:02,090 And all we have to do is just go in and log into that network news in the username and password. 7480