Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,740 --> 00:00:05,070 And this lecture we're going to talk about an attack called the authentication attack. 2 00:00:05,070 --> 00:00:11,910 This attack basically allows us to disconnect any device from any network even if that network uses 3 00:00:11,910 --> 00:00:12,810 encryption. 4 00:00:12,810 --> 00:00:17,820 Even if we don't know the key to that network and even if we're not connected to that network. 5 00:00:18,000 --> 00:00:23,250 So we're still in the pre-conception attack section which means all the attacks that we're talking about 6 00:00:23,250 --> 00:00:26,430 work without the need to connect to the network. 7 00:00:26,640 --> 00:00:31,320 So we're going to be targeting that and network that we don't know it's password and we're not actually 8 00:00:31,320 --> 00:00:32,170 connected to. 9 00:00:32,550 --> 00:00:38,970 And we'll be able to disconnect any device from any network as long as the device and the network are 10 00:00:38,970 --> 00:00:40,950 within our Wi-Fi range. 11 00:00:42,340 --> 00:00:48,520 We're going to change our MAC address and pretend to be the target computer and send the request to 12 00:00:48,520 --> 00:00:54,760 the router tell on it that I want to disconnect from you then we're going to change our MAC address 13 00:00:54,940 --> 00:01:01,510 and pretend to be the router and tell the client tell our target computer that I'm the router and I'm 14 00:01:01,510 --> 00:01:06,130 going to disconnect you right now because you requested to be disconnected by doing that. 15 00:01:06,220 --> 00:01:10,500 We'll be able to disconnect the target computer from the router. 16 00:01:10,510 --> 00:01:15,190 So again we're going to pretend to be the target computer and tell the router that we want to disconnect 17 00:01:15,580 --> 00:01:19,860 then we're going to pretend to be the router and tell the computer I'm going to disconnect you. 18 00:01:20,140 --> 00:01:23,890 And by doing so we'll be able to disconnect that computer. 19 00:01:23,890 --> 00:01:26,790 All of this is going to be done using a tool called a replay. 20 00:01:26,800 --> 00:01:29,340 And you sir I should not going to be doing that manually. 21 00:01:29,380 --> 00:01:32,140 The tool will be doing everything for us. 22 00:01:32,170 --> 00:01:33,430 So let me show you how we do that. 23 00:01:33,430 --> 00:01:35,490 It's very simple and very easy. 24 00:01:35,500 --> 00:01:42,590 First of all I'm going to run dump and jihad against my target network and I'm going to be targeting 25 00:01:42,590 --> 00:01:44,140 a different network right now. 26 00:01:44,300 --> 00:01:47,150 And that's again one of my networks. 27 00:01:47,330 --> 00:01:51,570 It's called UPC and it ends up with 9 1 6. 28 00:01:52,070 --> 00:01:58,860 And in this particular example I'm going to try to disconnect this Windows machine from the Internet. 29 00:01:58,990 --> 00:02:03,610 So just to show you its MAC address so we know if I do IP config Oh 30 00:02:07,480 --> 00:02:15,140 you'll see that the MAC address for this computer is 0 0 to 1 and ends up with 0 6 so if we go here 31 00:02:15,800 --> 00:02:17,300 we can see that. 32 00:02:17,330 --> 00:02:23,870 I'm just going to Control-C to stop this and we can see that we have that machine in the Windows machine 33 00:02:23,870 --> 00:02:30,350 is shown up here in the second section of a dump and g which is the section that contains the connected 34 00:02:30,410 --> 00:02:32,310 devices are the connected clients. 35 00:02:32,330 --> 00:02:38,330 As we said before and we can see that the Windows computer is showing up here with this mac address. 36 00:02:38,420 --> 00:02:42,540 So if we want to disconnect that computer we can do that use an airplane. 37 00:02:42,540 --> 00:02:48,330 And as I said and the command is going to be very simple it's going to be a replay and you know play 38 00:02:48,330 --> 00:02:52,610 airplanes can be used to do a lot of things and we'll see that in future lectures. 39 00:02:52,610 --> 00:02:55,760 For now we want to use it to do a deal authentication attack. 40 00:02:55,850 --> 00:03:02,690 So we're going to tell it that I want to run a D authentication attack off then we're going to specify 41 00:03:02,690 --> 00:03:05,670 the number of the authentication packets to send. 42 00:03:05,870 --> 00:03:12,770 And we're going to use a very large number so we keep sending these packets and the device stays disconnected. 43 00:03:12,960 --> 00:03:16,440 Then we're going to give it the MAC address of the target access point. 44 00:03:16,440 --> 00:03:20,070 So this is the target wireless network or access point. 45 00:03:20,190 --> 00:03:21,760 And this is the MAC address of it. 46 00:03:21,780 --> 00:03:23,300 It's the same as this 47 00:03:26,830 --> 00:03:28,590 then we're going to say minus. 48 00:03:28,810 --> 00:03:34,210 To give that the machine that we want to disconnect and in our example we want to disconnect the Windows 49 00:03:34,210 --> 00:03:34,890 machine. 50 00:03:35,080 --> 00:03:38,030 And this is its MAC address. 51 00:03:38,270 --> 00:03:42,610 So I'm going to copy it and I'm going to paste it here. 52 00:03:44,470 --> 00:03:49,050 And finally we're going to give it the interface that has monitor mode enabled on it. 53 00:03:49,050 --> 00:03:52,330 And for me it's called Mohn 0. 54 00:03:52,370 --> 00:03:54,610 I get the command is very simple. 55 00:03:54,610 --> 00:03:56,350 It's a replay ngi. 56 00:03:56,500 --> 00:03:58,750 That's the program that we're going to use. 57 00:03:58,780 --> 00:04:02,350 We're learning that we want to do the authentication attack. 58 00:04:02,350 --> 00:04:07,600 We're going to use a very large number of packets to keep the target's computer disconnected and we 59 00:04:07,600 --> 00:04:09,520 want to target this network. 60 00:04:09,520 --> 00:04:14,830 So this is the s s I.D. or the MAC address of the target access point or network. 61 00:04:15,310 --> 00:04:21,670 And we want to disconnect this specific device from that network so we're under disconnect in one device 62 00:04:21,670 --> 00:04:22,590 from that network. 63 00:04:22,690 --> 00:04:27,220 And we gave it the MAC address of that device and that's my Windows device. 64 00:04:27,220 --> 00:04:32,260 So now let's just go back here to the Windows device and again you can see the MAC address here. 65 00:04:32,410 --> 00:04:38,530 If we click here on the Wi-Fi you'll see that this machine is actually connected over Wi-Fi and it's 66 00:04:38,530 --> 00:04:39,840 connected to that network. 67 00:04:39,850 --> 00:04:48,070 The UPC 0 9 1 6 at the end and if we go to the browser and open something you'll see that we have internet 68 00:04:48,070 --> 00:04:57,140 connection so if you go to Google dotcom you can see that this computer is actually connected to the 69 00:04:57,140 --> 00:04:58,120 Internet. 70 00:04:58,220 --> 00:05:05,900 So I'm going to go here and I'm going to hit enter to run this attack. 71 00:05:05,920 --> 00:05:10,610 Now if we go to the Windows machine and try to open anything. 72 00:05:10,690 --> 00:05:13,080 So let's go to being dot com for example. 73 00:05:15,380 --> 00:05:18,290 You'll see that we lost our internet connection. 74 00:05:18,290 --> 00:05:22,890 And if you look here on the Wi-Fi icon you'll see that it's actually not connected anymore. 75 00:05:23,180 --> 00:05:27,950 And we can see that this is our network and again we're still we're not connected to it. 76 00:05:28,130 --> 00:05:34,910 And even if we try to go and connect to it we won't be able to connect because the Linux machine is 77 00:05:34,910 --> 00:05:40,790 constantly sending the authentication packets preventing this machine from connecting. 78 00:05:40,790 --> 00:05:43,110 So again it looks like as if it's connected. 79 00:05:43,320 --> 00:05:50,060 But if we go here and try to open something you'll see that we have no internet connection now and clicking 80 00:05:50,060 --> 00:05:53,430 on the try again and nothing is happening. 81 00:05:53,480 --> 00:05:57,190 If we give it a bit more time we actually going to get disconnected again. 82 00:05:58,160 --> 00:06:02,420 Now being is not loading even if we go and try Google. 83 00:06:02,580 --> 00:06:09,270 And again we lost the connection right here and we're back to basically disconnected like completely 84 00:06:09,270 --> 00:06:10,110 disconnected. 85 00:06:10,110 --> 00:06:13,700 It's not like we're connected to the network and we don't have internet access. 86 00:06:13,710 --> 00:06:16,140 We're actually completely disconnected from the network. 87 00:06:16,320 --> 00:06:21,300 And Windows is constantly trying to connect back but as soon as it connects back it gets disconnected 88 00:06:21,300 --> 00:06:27,870 again because this machine is constantly sending these the authentication packets. 89 00:06:27,870 --> 00:06:32,950 Now again this attack works without the need to know the key or the password to the target network. 90 00:06:33,090 --> 00:06:39,930 And it works against all operating systems so against Windows Linux OSS ex iPhone Android whatever as 91 00:06:39,930 --> 00:06:46,140 long as the device uses Wi-Fi you can use this attack and kick them out of any network that they're 92 00:06:46,140 --> 00:06:46,970 connected to. 93 00:06:47,840 --> 00:06:53,030 Now to exit out of this attack you can just press control-C at the same time and it will terminate. 9904