Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:01,150 --> 00:00:09,070
Okay now that we have created our fake access point and it's working perfectly against CPS hate STDs
2
00:00:09,460 --> 00:00:15,610
and all web sites it's automatically show in it's logon screen and the logon screen looks exactly like
3
00:00:15,610 --> 00:00:18,040
the logon screen that the people are used to.
4
00:00:18,040 --> 00:00:23,380
We are ready to move to the next step which is the authenticating users.
5
00:00:23,440 --> 00:00:30,400
So you're going to go ahead use airplay ngi and authenticate all users or some users from the actual
6
00:00:30,400 --> 00:00:36,510
network so that they connect to your version to a network and enter their password in there.
7
00:00:36,520 --> 00:00:41,620
Now I'm not going to be covering that because I've already covered how to run a authentication attack
8
00:00:41,660 --> 00:00:44,930
again single multiple and all clients before.
9
00:00:45,100 --> 00:00:50,560
So I'm going to skip over this and I'm going to assume that you already authenticated your clients and
10
00:00:50,560 --> 00:00:55,730
your client is now or clients are connecting to your fake access point.
11
00:00:55,780 --> 00:01:02,200
The final step is going to be sniffing the log in and the password that they're going to be entering.
12
00:01:02,200 --> 00:01:08,110
Now I've also covered sniffing before but this is the end result of everything that we have done so
13
00:01:08,110 --> 00:01:08,440
far.
14
00:01:08,440 --> 00:01:10,060
So I can help to show it.
15
00:01:10,210 --> 00:01:17,320
And I'm also going to do it using a slightly different way just to show you a handier way for this particular
16
00:01:17,320 --> 00:01:18,800
scenario.
17
00:01:19,120 --> 00:01:21,560
So I'm going to go to my caddie machine.
18
00:01:21,760 --> 00:01:27,240
So I already have my wireless access point running and it's called the Royal Wi-Fi version too.
19
00:01:27,250 --> 00:01:33,730
As you know now all I have to do is just capture the packets and I'm just going to use something a little
20
00:01:33,730 --> 00:01:34,440
bit different.
21
00:01:34,440 --> 00:01:38,570
Like I said because I think this is going to be more convenient.
22
00:01:38,620 --> 00:01:46,140
So we're going to use a tool called the shark and this is actually what wireshark uses when sniffing
23
00:01:46,140 --> 00:01:47,500
for data.
24
00:01:47,670 --> 00:01:56,080
We're going to set the interface 2.0 and we're going to use Dasch W to store the data in a file and
25
00:01:56,080 --> 00:02:06,010
that's called this royal wife I that cup so there isn't a very simple command we're doing teeshirt we're
26
00:02:06,020 --> 00:02:12,650
giving it the interface that we want to sniff the data on and I'm using zero because none zero is the
27
00:02:12,650 --> 00:02:16,250
wireless adapter that we're using to broadcast the signal.
28
00:02:16,280 --> 00:02:21,890
So any request to target sends they're actually going to send it to the router and the router in this
29
00:02:21,890 --> 00:02:31,070
case is lan 0 because it's what broke broadcasting our signal Worster everything using the dash w option
30
00:02:31,460 --> 00:02:35,100
into a file called Royal Wi-Fi.
31
00:02:35,180 --> 00:02:40,910
I'm going to hit enter and as you can see this is not going to display anything for me.
32
00:02:40,910 --> 00:02:43,860
This is literally just going to capture packets.
33
00:02:43,890 --> 00:02:47,070
Store them in a file called Royal Wi-Fi Cup.
34
00:02:47,420 --> 00:02:53,670
So that's why it's really handy because I can just let this run and then come back to it later on open
35
00:02:53,680 --> 00:02:56,650
it and Wireshark and analyze it.
36
00:02:56,660 --> 00:02:58,790
So let's go to the Windows machine.
37
00:03:00,480 --> 00:03:02,980
And let's connect royal Wi-Fi.
38
00:03:08,810 --> 00:03:14,720
And as you can see as we've seen before when you try to lie again when you connect you'll automatically
39
00:03:14,720 --> 00:03:16,600
get the log in page.
40
00:03:16,610 --> 00:03:23,300
Now we're assuming that you should of by now you should have ran the authentication attack so that nobody
41
00:03:23,300 --> 00:03:28,670
can connect to the actual network and they can only connect to your fake AP.
42
00:03:28,910 --> 00:03:30,480
So they're going to go on English.
43
00:03:30,620 --> 00:03:35,870
This is not going to be suspicious at all to them because this is exactly the same page that they're
44
00:03:35,870 --> 00:03:38,190
used to enter their information on.
45
00:03:38,810 --> 00:03:44,800
So the user is going to put their user name which is and I'm going to put the password which is one
46
00:03:44,800 --> 00:03:46,300
two three four five six
47
00:03:48,980 --> 00:03:58,330
I'm going to click on Logan and as you can see it's automatically tell me could not get portal configuration.
48
00:03:58,330 --> 00:04:03,160
So the person is going to think that there is an error or something is going wrong.
49
00:04:03,160 --> 00:04:10,570
Now let's go back to the Callimachi and I'm going to stop this by doing Control-C and then I'm going
50
00:04:10,570 --> 00:04:11,800
to open Wireshark
51
00:04:15,270 --> 00:04:20,160
and we'll analyze the file that contains the data that we just captured.
52
00:04:20,820 --> 00:04:32,230
So I'm going to go to File Open and the file that we just created is called Royal y Fido's Cup.
53
00:04:32,390 --> 00:04:33,390
Gonna click on open
54
00:04:36,420 --> 00:04:40,280
and as you can see we have all the packets that we captured so far.
55
00:04:40,280 --> 00:04:48,120
And here now what we're looking for and what we're interested in is TTP packet's because as you remember
56
00:04:48,120 --> 00:04:54,900
we added a form in the same old page and we said that for him to use a post request.
57
00:04:55,410 --> 00:05:01,460
And that's why I said if we are that it's going to be very easy for us to analyze and find the username
58
00:05:01,470 --> 00:05:03,210
and password.
59
00:05:03,210 --> 00:05:11,030
So in the filter and here I'm just going to type in TTP and that will show me only the TTP packets that
60
00:05:11,030 --> 00:05:13,820
were sent over this network.
61
00:05:14,190 --> 00:05:19,140
And as you can see here all these requests are get through quest.
62
00:05:19,250 --> 00:05:24,470
Now again we set the method in our forums that we either manually to use post.
63
00:05:24,470 --> 00:05:27,880
So we're going to look for something that says post in here.
64
00:05:30,180 --> 00:05:30,600
OK.
65
00:05:30,610 --> 00:05:33,890
And we have a post request in here.
66
00:05:34,030 --> 00:05:42,550
Now if we click on the Hastey MLA form you can see that we have a form item called username and the
67
00:05:42,550 --> 00:05:44,290
value for that was.
68
00:05:44,920 --> 00:05:51,250
And then we have another form item and the value for that is 1 2 3 4 5 6.
69
00:05:51,670 --> 00:05:55,840
So we managed to capture the username and password right now.
70
00:05:56,170 --> 00:06:02,090
And all we have to do is just go in and log into that network news in the username and password.
7480
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.