Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,630 --> 00:00:07,050 Another method of increasing the number of data rapidly and a network that has no clients associated 2 00:00:07,050 --> 00:00:15,060 with it or if it has very low traffic is car chop chop attack and this method and instead of directly 3 00:00:15,060 --> 00:00:21,580 injecting the R.P. packet that we capture we're going to try to determine the keystream for this package. 4 00:00:21,750 --> 00:00:25,120 Once we do that then we can create a new package. 5 00:00:25,230 --> 00:00:30,570 So we're going to forge a new package and inject this new package into the traffic. 6 00:00:30,570 --> 00:00:35,010 This will force the access point to create a new package with a new ID. 7 00:00:35,220 --> 00:00:38,840 We're going to capture it and inject it back into the traffic. 8 00:00:38,880 --> 00:00:45,010 We'll keep doing this until the number of data is high enough to crack the worki. 9 00:00:45,060 --> 00:00:50,430 So the start of the attack is going to be very similar to the one in the previous video. 10 00:00:50,520 --> 00:00:55,590 The first thing we're going to do is launch a dome against the target network. 11 00:00:56,070 --> 00:00:58,410 So I'm just going to call this chop chop test. 12 00:01:08,190 --> 00:01:09,230 And here we go. 13 00:01:09,390 --> 00:01:12,160 We have our target network here. 14 00:01:12,200 --> 00:01:17,030 The second attack that we're going to try to do is the fake authentication attack. 15 00:01:17,390 --> 00:01:24,080 Again we do this so that the target doesn't ignore us. 16 00:01:24,130 --> 00:01:28,610 And as you can see we're successfully associated with the terrorist network. 17 00:01:28,810 --> 00:01:36,380 Now the third attack is going to be our core chop shop attack in which we are going to try to capture 18 00:01:36,380 --> 00:01:41,450 a packet and determine its keystream. 19 00:01:41,530 --> 00:01:44,860 So it's going to be very similar to the 20 00:01:48,490 --> 00:01:51,810 fake authentication attack it's going to paste here. 21 00:01:52,100 --> 00:02:02,160 So instead of having fake art it's just going to be chop chop and then instead of a we're going to have 22 00:02:02,160 --> 00:02:04,070 V for OBSS ID. 23 00:02:04,300 --> 00:02:13,550 So a replay and you chop chop the MAC address of the target network and then my own MAC address and 24 00:02:13,550 --> 00:02:16,750 then the name of the wife I carried with my daughter. 25 00:02:17,090 --> 00:02:24,090 We can get my own MAC address from a config LAN zero and then my MAC address will show up like this. 26 00:02:25,640 --> 00:02:29,770 So I'll just do another association with the target network. 27 00:02:34,880 --> 00:02:39,760 And then I'm going to do my choke attack now. 28 00:02:39,910 --> 00:02:42,390 Airplanes is just waiting for a package. 29 00:02:42,580 --> 00:02:43,960 Once it capture that packet. 30 00:02:43,960 --> 00:02:48,470 It's going to ask me Do I want to decrypt it and determine it's keystream or not. 31 00:02:48,460 --> 00:02:49,800 So we're just going to wait for it. 32 00:02:51,670 --> 00:02:53,030 I'm going to say yes please. 33 00:02:58,140 --> 00:03:03,470 And now it's working to try and determine the keystream for the target access point 34 00:03:34,180 --> 00:03:34,940 OK. 35 00:03:35,320 --> 00:03:38,240 Now I've received the video. 36 00:03:38,460 --> 00:03:45,700 Just want to show you that we've reached 86 percent. 37 00:03:45,850 --> 00:03:48,990 We can still actually use this keystream it might work. 38 00:03:49,000 --> 00:03:51,660 It might not work but we can still try and. 39 00:03:51,750 --> 00:03:59,080 And sometimes I remember I had like 64 percent and I still was able to forge a packet and inject it 40 00:03:59,190 --> 00:04:01,490 and successfully injected into the traffic. 41 00:04:01,810 --> 00:04:08,850 So let's try this now the keystream is saved into this file. 42 00:04:08,970 --> 00:04:12,970 So now the next step is to force fake packets. 43 00:04:13,110 --> 00:04:17,770 We're going to do this using packet forge. 44 00:04:17,850 --> 00:04:22,820 We're going to put mine all zeros so that it creates an AARP packet for us. 45 00:04:23,040 --> 00:04:29,140 The MAC address of the target network and my own MAC address same as this page. 46 00:04:29,220 --> 00:04:31,250 So I'm just going to copy and paste them. 47 00:04:31,680 --> 00:04:33,490 Here we go. 48 00:04:33,660 --> 00:04:34,650 Then we're going to put 49 00:04:39,530 --> 00:04:47,480 destination IP we're just going to set it to 2 5 5 and then we're going to set the source and it's going 50 00:04:47,480 --> 00:04:51,810 to be 2 5 5 again that's just information that has to be there in the packet. 51 00:04:52,070 --> 00:04:58,810 And then we're going to use the option y to specify the name of the keystream file. 52 00:04:59,210 --> 00:05:05,070 And it's this file as you can see file that was created in the previous step. 53 00:05:05,070 --> 00:05:06,560 So we're going to pace that. 54 00:05:07,070 --> 00:05:10,790 And then the name of the first packet. 55 00:05:10,790 --> 00:05:12,700 So what do we want it to be called. 56 00:05:12,740 --> 00:05:13,700 So I'm going to call it 57 00:05:18,270 --> 00:05:22,320 chop chop or pocket 58 00:05:25,870 --> 00:05:28,580 and that should be in option options. 59 00:05:28,610 --> 00:05:30,760 So that's the option. 60 00:05:30,780 --> 00:05:32,550 So let's just go again over the command. 61 00:05:32,550 --> 00:05:37,900 It's packet's porch and G minus zero to make an IRP packet. 62 00:05:37,960 --> 00:05:45,770 The market was of the target network the MAC address of my Wi-Fi card then we put the destination IP 63 00:05:45,770 --> 00:05:54,220 source IP and then we put the file that we created and the previous step and the name of the first packet 64 00:05:54,230 --> 00:05:55,580 that's going to be created. 65 00:06:04,660 --> 00:06:11,320 Now the next step is where we're going to inject this first bucket into the traffic and to cause the 66 00:06:11,320 --> 00:06:13,890 number of data to increase rapidly. 67 00:06:13,900 --> 00:06:23,000 So I'm just going to go to fake authenticate myself again just here and then just really clear this 68 00:06:24,350 --> 00:06:30,450 play and get to inject our fake packet into the target network. 69 00:06:30,630 --> 00:06:38,310 So minus two for the replay attack and then or to choose the fake packet and then we put the name of 70 00:06:38,310 --> 00:06:47,970 our Wi-Fi card so minus two for a play or the name of our packet the first packet and Montsoreau. 71 00:06:47,970 --> 00:06:52,480 So I'm just going to associate myself again and I'm going to hit enter here. 72 00:06:52,620 --> 00:06:59,000 It's going to ask me Do I want to use this packet I'm going to say yes and here we go you can see the 73 00:06:59,000 --> 00:07:02,310 number of data increasing very very quickly. 74 00:07:02,330 --> 00:07:09,680 Again I only had 86 percent of the keystream I wasn't able to decrypt the whole keystream but the attack 75 00:07:09,680 --> 00:07:11,070 is still successful. 76 00:07:11,120 --> 00:07:17,150 That's why I've had good luck with this attack with networks that are far away or with net worth Stubber 77 00:07:17,190 --> 00:07:21,810 networks that the first method didn't work against. 78 00:07:21,990 --> 00:07:27,890 So all we have to do now is just wait for the data to reach around 20000 and fire up aircraft. 79 00:07:28,050 --> 00:07:34,000 And again as we did in the previous two videos and it's going to work it's going to get us the key straightaway 80 00:07:35,400 --> 00:07:37,870 we're just going to do it here. 81 00:07:38,110 --> 00:07:44,370 You know it's just that in the name of the file is chop chop with 82 00:07:51,130 --> 00:07:53,710 so choke choke test you're on. 83 00:08:01,440 --> 00:08:02,010 Here we go. 84 00:08:02,010 --> 00:08:11,430 As you can see we've got the key with 23000 Ivey's basically just going to go again through the steps 85 00:08:11,430 --> 00:08:12,660 of this method. 86 00:08:12,660 --> 00:08:14,810 So we capture the packet. 87 00:08:14,820 --> 00:08:19,310 We try to determine it's keystream we only determined 86 percent. 88 00:08:19,440 --> 00:08:25,310 We use that 86 to create a fake packet and then we injected that fake packets into the air. 9102