Time
31 minutes
Difficulty
Intermediate
CEU/CPE
1

Video Transcription

00:00
Hello. My name is Dustin, and welcome to wireless networks
00:04
Air Crack N G. And why you shouldn't be using Web.
00:07
So WEP or the Wired equivalent Privacy has been an encryption used by wireless routers for quite a long time. It has since been replaced by W. P. A and W pay, too, because of the flaws in it.
00:22
But you will see a lot of residences and businesses that are still using
00:27
old routers. Configure with Webb.
00:30
So what's wrong with Web? Weap uses our C four for encryption.
00:35
RC four requires initialization vectors or Ivy's to be random.
00:41
The problem with RC four and wept, though, is that it repeats the Ivies about every 6000 frames or so. So if you can capture enough ivy's, you can actually easily decipher that wept key
00:55
in this lab. We're going to attack. We're going to attack a weapon network
00:59
using air crack N. G.
01:00
So first we're just gonna go over the steps and then we're actually gonna hop in the lab and go through each one, go over the commands, and then we'll actually do it. So for the first step, we're going to need to verify our wireless adapter.
01:15
So we want to make sure we're putting the right adapter and monitor mode so we can start capturing that traffic.
01:22
And that is the next step. Put that adapter into monitor mode.
01:26
After that, we're going to start capturing traffic to see what networks are around us. And then from there we will actually choose of the target networking. That's going to be the network that is running wept for encryption.
01:40
Then we'll actually start a capture on the access point itself. And this is with weapons. You're just patient here. You can capture enough of those Ivy's
01:49
in order to crack it. But we're going to speed up the process a little bit, and I'm going thio connect the device to it,
01:56
and then we can actually inject a AARP attack on it. Um,
02:00
and that will speed up the traffic quite a bit. And then once we've got enough Ivy's, we're going to use aircraft to actually crack that password. So let's go ahead and hop into the lab here.
02:15
All right, so
02:16
we're in the lab. Let's make this a little bit bigger.
02:20
So again, the first step is to verify our wireless adapter. In order to do that, we just do a pseudo i f config
02:29
and you could see. Actually, my wireless adapter is already in monitor moat because I was testing this out a little bit ago. But you can see our wireless adapter is normally just w Land zero, and then, since it is in monitor mode, it's actually M o n on it. So
02:46
now that we have our wireless adapter, the next step would be to put it into monitor mode.
02:51
In order to do that, it's just Air Mon dash n G
02:55
start and then our interface, which is W Land Zero. And it's actually making me probably in the air here.
03:02
And yeah, it says, Monitor Motors already enabled.
03:08
All right, so we do have our wireless adapter now into monitor mode. So let's go ahead and start capturing traffic. And that was a row dump
03:19
groups and Sonny Dash N G
03:22
w land zero.
03:25
All right, so let's see what networks have got around here. So it's just going through the channels. You can see up top that it's just kind of scrolling through channels to see what networks we've got in the area.
03:37
looks like I already found the one we need. So you can hit control C to stop. And the one we're looking for is the actually the only weapon network in the area.
03:47
And that is this one.
03:50
And so now we're gonna start a specific capture on that, um, that access point. So in order to do that, you can type in a row dump dash N G
04:00
dash, dash, be a society. And that is the V s s I d. Right here.
04:08
So right, Click copy,
04:11
right Click paste.
04:13
And then we do need to do the channel. And that was on Channel one,
04:20
and we're gonna write it out to a file, and we'll just mean a web crack, since that's our goal here. W land zero. Mom,
04:30
enter. Okay, so now we are monitoring this specific access point. You can see we've actually got a device connected to it already, so that is good.
04:42
Now we're going to actually run our our attack to kind of speed up the process. This is where if you're patient and you had some time, you could just let it run. Its gonna capture those frames in those ivy's
04:56
and eventually you'll have enough to crack it. But we're going to speed up the process a little bit. So let's go ahead and open another terminal. While that is still running. You want to leave that running,
05:06
and we're actually gonna do the, uh, like, set an AARP attack. So this is where you could do a replay. Make sure you spell it right. Dash nd
05:17
and and dash B. That's R B s I d So need make this a little bit smaller real quick.
05:25
And so that is this one right here.
05:30
Copy. Looks like I missed the e.
05:33
Least it looks right.
05:35
And then dash each host.
05:40
That is this right here. Hoops.
05:45
You can get a
05:46
There we go. All right, click copy.
05:50
Pace that.
05:53
And again. W lan zero mon. Let's go ahead and enter here.
06:00
All right, so it's waiting for, um, that,
06:03
um that beacon frame to come through, and I'm gonna speed it up here
06:10
because we're actually gonna just reconnect to it.
06:17
You'll be able to see when this other device connects.
06:23
There we go. As you can see, it's already going through all the AARP requests and sending all the packets to get those I V s.
06:30
So we will let it run for just a little bit here,
06:34
and you can see as just cruising right on through. We've already got over 12,000 frames and 1100 beacon, so let's just let it go for just a little bit more,
07:04
all right? I think we've got more than enough to crack. This one's a pretty easy password as well. So we'll go ahead and hit control C over here on our AARP attack. That will stop that when we can exit out of there.
07:17
Let's open up this other terminal, make a little bit bigger here,
07:21
and we will control. See here. So you've captured more than enough. So now what will want to do is actually run air crack to crack that file. So let's go and make sure we've got our file. In order to do that, he can type l s. And you can see we've got plenty of stuff here. The one we're looking for
07:39
is the web crackers. That's what we named it dot cap and
07:43
right here.
07:45
So this is the file will actually use with air, crack, crack, dash and G.
07:50
And it was wet. Crack
07:54
death 01 dot c a. P.
07:57
And this should go pretty quick, I bet. So let's let it go. Yeah, So it it took, uh,
08:03
3600 keys, and it already found it. So now we actually have the key. It did return it so we could connect to that network now. So as you can see, it's, um it's really easy to crack Web networks, especially if you're patient. You'd actually don't need to run the AARP attack and stuff. You know, just
08:22
sit there impassively, monitor that traffic
08:24
to get enough, um, Ivy's in order to crack it.

Up Next

Wireless Network Fundamentals for Security Practitioners

In this course, the instructor covers the basics about wireless protocols which includes LTE, Bluetooth, Z-Qave, and zigbee. The instructor also goes more in-depth with Aircrack-NG by discussing the tools used to test the wifi networks, explaining how to install the tools on various OS, and demonstrating an Aircrack-NG lab.

Instructed By

Instructor Profile Image
Dustin Parry
Network Security Engineer
Instructor