Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,510 --> 00:00:06,480
Now one of the major obstacles that you might find while trying to gain access to a network is if the
2
00:00:06,480 --> 00:00:09,040
network does not broadcast its name.
3
00:00:09,060 --> 00:00:15,120
So if the network is hidden if the network is hidden then you won't be able to connect to the network
4
00:00:15,180 --> 00:00:17,670
even if it does not use any password.
5
00:00:17,910 --> 00:00:22,920
And if it uses a password then you won't be able to use the attacks that we're going to talk about in
6
00:00:22,920 --> 00:00:24,480
future lectures.
7
00:00:24,480 --> 00:00:30,540
So you literally want to be able to do anything until you know the name of the network.
8
00:00:30,570 --> 00:00:36,560
So just to show you an example here I have my own network and I've said it to be hidden.
9
00:00:36,600 --> 00:00:40,580
So I checked this box which says Musk says ID.
10
00:00:40,590 --> 00:00:44,440
Now this could be called something else for you again but for me that's the name of it.
11
00:00:44,910 --> 00:00:47,330
And I've called the network test AP.
12
00:00:47,580 --> 00:00:53,130
So the network actually has a name but it just doesn't broadcast the name in the air.
13
00:00:53,130 --> 00:00:56,570
I've also said the network to not to use any security.
14
00:00:56,700 --> 00:01:00,720
So people can connect as long as they know what the network name.
15
00:01:00,720 --> 00:01:05,700
So if we go here on the Windows machine I just want to show you an example if we go on Wi-Fi networks
16
00:01:07,620 --> 00:01:10,470
you'll see that there is a hidden network around us.
17
00:01:11,040 --> 00:01:17,700
But if we try to connect to the network if I click on it and click on Connect the first thing that it's
18
00:01:17,700 --> 00:01:21,370
going to ask me is to enter the name of the network.
19
00:01:21,480 --> 00:01:25,160
Therefore we can't actually connect to it if we don't know its name.
20
00:01:25,350 --> 00:01:27,050
And if the network is using encryption.
21
00:01:27,060 --> 00:01:32,640
So if it's using a password for the network then we won't be able to launch the crack in attacks if
22
00:01:32,640 --> 00:01:33,990
we don't know the name.
23
00:01:33,990 --> 00:01:40,260
So if your target network is hidden the first step is always to try and determine the name of that network
24
00:01:40,530 --> 00:01:46,220
regardless of whether it uses encryption if it uses a password or if it does not use a password.
25
00:01:46,230 --> 00:01:51,390
So in this lecture I'm going to cover how to determine the name of hidden networks and how to connect
26
00:01:51,390 --> 00:01:52,570
to the network.
27
00:01:52,990 --> 00:01:58,440
Now I'm going to go to my Cali machine and the men on Arrow dump and you on my wireless card in monitor
28
00:01:58,440 --> 00:01:58,920
mode.
29
00:01:58,920 --> 00:01:59,880
So we did this before.
30
00:01:59,880 --> 00:02:01,020
All I do is.
31
00:02:01,170 --> 00:02:01,940
Don't be angry.
32
00:02:02,010 --> 00:02:07,250
And then I put the name of the wireless card which is Mounseer.
33
00:02:07,470 --> 00:02:12,880
And if I hit enter as you can see I can see all my networks around me and we can see them to hit the
34
00:02:13,000 --> 00:02:18,210
network around us and hit the network is actually this one.
35
00:02:18,210 --> 00:02:23,740
So you can see that we can actually get all the information of that network so we can get its MAC address.
36
00:02:23,820 --> 00:02:29,390
We can see its distance we can see the beacons we can see the data if there was a lot of data sent.
37
00:02:29,550 --> 00:02:30,740
We can see the encryption.
38
00:02:30,750 --> 00:02:32,100
So in our case it's open.
39
00:02:32,100 --> 00:02:33,270
It's not using encryption.
40
00:02:33,390 --> 00:02:38,850
But if it was using encryption then you'll see it uses WEP or WPA or whatever its use in.
41
00:02:39,180 --> 00:02:43,120
The only thing that's hidden is the name of the network so you can see it here.
42
00:02:43,170 --> 00:02:45,800
We actually don't have the name of the network.
43
00:02:46,320 --> 00:02:51,130
So basically when a network is configured to be hidden it only hides the network name.
44
00:02:51,240 --> 00:02:57,510
But it still broadcasts in it its existence it still Telen all the devices around other that exist.
45
00:02:57,630 --> 00:02:58,940
My mac addresses this.
46
00:02:58,980 --> 00:03:02,300
My channel is this and it's given all the information except the name.
47
00:03:02,310 --> 00:03:05,960
And basically what it's saying is if you know my name then you can connect to me.
48
00:03:07,570 --> 00:03:13,300
So what we're going to do now is we're going to run a dump and against this specific network because
49
00:03:13,300 --> 00:03:14,590
that's our target.
50
00:03:14,800 --> 00:03:16,860
And we've done this in previous lectures again.
51
00:03:16,870 --> 00:03:18,670
But I'm just going to do it real quick here.
52
00:03:18,880 --> 00:03:26,670
So I'm going to copy its MAC address and I'll get an error down punji and I'm going to specify the SS
53
00:03:26,680 --> 00:03:29,100
ID of the target network which is the MAC address
54
00:03:32,320 --> 00:03:36,130
and then I'm going to specify the channel which is 6 for this target network.
55
00:03:39,150 --> 00:03:44,340
And then I'm going to give as my wireless card and monitor mode which is zero.
56
00:03:44,360 --> 00:03:47,270
So again we run this command a lot of times it's a point.
57
00:03:47,300 --> 00:03:50,180
You were given at the MAC address of the target network.
58
00:03:50,420 --> 00:03:55,490
And then we're given the channel which is six and then we get with the wireless card name in monitor
59
00:03:55,490 --> 00:03:56,380
mode.
60
00:03:56,420 --> 00:04:02,570
I'm going to hit enter and you can see now it's a dump and he is running against this specific network.
61
00:04:02,570 --> 00:04:08,150
Now in many cases if the target network is a bit active you'll actually be able to get the name of it
62
00:04:08,240 --> 00:04:11,210
simply by run up against it.
63
00:04:11,570 --> 00:04:16,970
And our case we can see that the network is not active so we don't know and he is not able to determine
64
00:04:16,970 --> 00:04:19,760
its name.
65
00:04:19,930 --> 00:04:24,970
But what we can also see is we can see that there is a client connected to the network right here because
66
00:04:24,970 --> 00:04:27,280
we said the second section of Erol Don't be angry.
67
00:04:27,310 --> 00:04:32,850
Show us the connected devices so we can see that there is a device connected to this network and that
68
00:04:32,850 --> 00:04:36,730
device has this MAC address.
69
00:04:36,740 --> 00:04:41,690
So what we're going to do now is we're going to use audio authentication attack like we did it before
70
00:04:42,170 --> 00:04:45,350
and we're going to disconnect this device from this network.
71
00:04:45,710 --> 00:04:50,930
But the difference is we're actually going to disconnected for a very short period of time so that it
72
00:04:50,930 --> 00:04:56,750
automatically reconnects to the target network and when it does that it's going to send the network
73
00:04:56,750 --> 00:04:58,170
name in the air.
74
00:04:58,520 --> 00:05:04,730
Since we have a dump engines running it will be able to capture that name and it will show it to us
75
00:05:04,730 --> 00:05:07,550
here and then we'll know the name of the network.
76
00:05:07,970 --> 00:05:10,020
So again the attack is going to be very simple.
77
00:05:10,010 --> 00:05:14,920
Oregon to do is we're going to do a deal authentication attack for a very short period of time.
78
00:05:15,100 --> 00:05:19,030
That's going to disconnect the target device for a split second.
79
00:05:19,130 --> 00:05:24,400
So they won't even feel it and the operating system will automatically connect back to the network when
80
00:05:24,410 --> 00:05:28,590
it does that it's going to send the network name in the air and we're Sniffen on that channel.
81
00:05:28,610 --> 00:05:32,570
So we'll be able to capture that name and we'll know the network name.
82
00:05:32,660 --> 00:05:37,480
So I'm going to split the screen and you've actually run this attack before.
83
00:05:37,660 --> 00:05:41,780
So I'm just going to do it here again and it will be a chance for you to revise it.
84
00:05:41,950 --> 00:05:43,510
So we're going to do a replay ngi
85
00:05:46,050 --> 00:05:56,350
Diot and then we're going to put the MAC address of the target network after the argument and then I'm
86
00:05:56,350 --> 00:06:02,110
going to do mine a C and then I'll give the MAC address of the client that I want to disconnect and
87
00:06:02,110 --> 00:06:03,230
it's this one right here.
88
00:06:08,350 --> 00:06:15,980
And finally I'm going to put the name of the wireless card in monitor mode which is Montsoreau Now I
89
00:06:15,980 --> 00:06:22,860
actually forgot to specify the number of the authentication packets to send in the previous videos we
90
00:06:22,860 --> 00:06:29,400
actually used a really big number in here so that we can keep the target computer disconnected for as
91
00:06:29,400 --> 00:06:30,930
long as possible.
92
00:06:31,020 --> 00:06:34,550
In this video we actually want them to be disconnected for a split second.
93
00:06:34,650 --> 00:06:38,850
So I'm going to use four packets usually two is sufficient.
94
00:06:38,860 --> 00:06:42,840
But I'm just going to use for just to make sure that the target device will get disconnected.
95
00:06:43,080 --> 00:06:45,830
So it's all because we're using a very small number.
96
00:06:45,880 --> 00:06:49,050
It'll be disconnected for a very short period of time.
97
00:06:49,170 --> 00:06:53,500
And the target person who is used in that network will not even feel that.
98
00:06:53,520 --> 00:06:57,320
So the same command that we did before nothing different airplanes.
99
00:06:57,500 --> 00:07:03,030
We're doing the authentication attack and we're using a very small number of packets because we don't
100
00:07:03,030 --> 00:07:06,780
want the target person to feel that they got disconnected.
101
00:07:06,780 --> 00:07:13,560
We gave the MAC address of the target network after the option and then we gave the MAC address of the
102
00:07:13,560 --> 00:07:14,010
client.
103
00:07:14,020 --> 00:07:16,660
I want to disconnect after the C option.
104
00:07:16,890 --> 00:07:17,730
I'm going to her Antar
105
00:07:21,330 --> 00:07:27,000
and as you can see nearly after sending two packets we were able to determine the name of the network.
106
00:07:27,000 --> 00:07:32,740
So right here in Arizona and it's on us that was the name of the network is test a.p.
107
00:07:32,940 --> 00:07:39,060
And now if the network is open like in our case we can just go ahead and connected that network or if
108
00:07:39,060 --> 00:07:44,820
the network is using encryption like whipped WPA or WPA to then we actually know the name of the network
109
00:07:44,820 --> 00:07:50,490
now and you'll be able to launch the attacks that you're going to learn in the next lectures against
110
00:07:50,490 --> 00:07:53,780
that network and then determine its key.
111
00:07:54,150 --> 00:07:56,100
So the attack was very simple.
112
00:07:56,100 --> 00:08:02,130
All we had to do is run aero dump energy against our specific target network and then the authenticate
113
00:08:02,130 --> 00:08:07,320
one of the clients for a very short period of time and they'll automatically get connected to the network
114
00:08:07,530 --> 00:08:10,120
when they do that we'll know the network name.
12192
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.