All language subtitles for 3. WEP Cracking Basics

af Afrikaans
sq Albanian
am Amharic
ar Arabic Download
hy Armenian
az Azerbaijani
eu Basque
be Belarusian
bn Bengali
bs Bosnian
bg Bulgarian
ca Catalan
ceb Cebuano
ny Chichewa
zh-CN Chinese (Simplified)
zh-TW Chinese (Traditional)
co Corsican
hr Croatian
cs Czech
da Danish
nl Dutch
en English
eo Esperanto
et Estonian
tl Filipino
fi Finnish
fr French
fy Frisian
gl Galician
ka Georgian
de German
el Greek
gu Gujarati
ht Haitian Creole
ha Hausa
haw Hawaiian
iw Hebrew
hi Hindi
hmn Hmong
hu Hungarian
is Icelandic
ig Igbo
id Indonesian
ga Irish
it Italian
ja Japanese
jw Javanese
kn Kannada
kk Kazakh
km Khmer
ko Korean
ku Kurdish (Kurmanji)
ky Kyrgyz
lo Lao
la Latin
lv Latvian
lt Lithuanian
lb Luxembourgish
mk Macedonian
mg Malagasy
ms Malay
ml Malayalam
mt Maltese
mi Maori
mr Marathi
mn Mongolian
my Myanmar (Burmese)
ne Nepali
no Norwegian
ps Pashto
fa Persian
pl Polish
pt Portuguese
pa Punjabi
ro Romanian
ru Russian
sm Samoan
gd Scots Gaelic
sr Serbian
st Sesotho
sn Shona
sd Sindhi
si Sinhala
sk Slovak
sl Slovenian
so Somali
es Spanish
su Sundanese
sw Swahili
sv Swedish
tg Tajik
ta Tamil
te Telugu
th Thai
tr Turkish
uk Ukrainian
ur Urdu
uz Uzbek
vi Vietnamese
cy Welsh
xh Xhosa
yi Yiddish
yo Yoruba
zu Zulu
or Odia (Oriya)
rw Kinyarwanda
tk Turkmen
tt Tatar
ug Uyghur
Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 1 00:00:01,050 --> 00:00:02,860 So from the previous lecture, 2 2 00:00:02,860 --> 00:00:05,870 we know, in order to crack WEP, 3 3 00:00:05,870 --> 00:00:09,370 we need to first capture a large number of packets, 4 4 00:00:09,370 --> 00:00:12,650 this means that we'll capture a large number of IVs, 5 5 00:00:12,650 --> 00:00:14,970 the IVs, because they are short, 6 6 00:00:14,970 --> 00:00:16,480 they will be repeated, 7 7 00:00:16,480 --> 00:00:21,020 therefore we'll be able to use a tool called aircrack-ng 8 8 00:00:21,020 --> 00:00:23,180 to run statistical attacks 9 9 00:00:23,180 --> 00:00:25,453 and crack the WEP key. 10 10 00:00:26,290 --> 00:00:29,330 So, we're using airodump-ng to capture the data 11 11 00:00:29,330 --> 00:00:31,240 and we've seen how to do this before, 12 12 00:00:31,240 --> 00:00:33,270 then we're using aircrack-ng 13 13 00:00:33,270 --> 00:00:36,650 to analyze this data and break the key. 14 14 00:00:36,650 --> 00:00:38,503 Let's see how to do this in practice. 15 15 00:00:39,550 --> 00:00:43,270 So I already have my wireless adapter in monitor mode. 16 16 00:00:43,270 --> 00:00:45,440 And it's called mon0. 17 17 00:00:45,440 --> 00:00:48,010 I've also already run airodump-ng 18 18 00:00:48,010 --> 00:00:50,450 to list all the networks around me 19 19 00:00:50,450 --> 00:00:53,576 and as you can see, I have only one network using WEP. 20 20 00:00:53,576 --> 00:00:56,850 This is called Test AP3 21 21 00:00:56,850 --> 00:00:59,360 and this is my actual network 22 22 00:00:59,360 --> 00:01:00,850 that I use every day. 23 23 00:01:00,850 --> 00:01:02,900 I've just configured it to use WEP 24 24 00:01:02,900 --> 00:01:04,990 to make this lecture. 25 25 00:01:04,990 --> 00:01:07,100 The main reason why I'm targeting the network 26 26 00:01:07,100 --> 00:01:08,560 that I use daily 27 27 00:01:08,560 --> 00:01:11,030 because like I said, for this to work, 28 28 00:01:11,030 --> 00:01:14,340 we need to capture a large number of packets 29 29 00:01:14,340 --> 00:01:17,203 and therefore we need a busy network, 30 30 00:01:17,203 --> 00:01:19,630 a network that gets used constantly 31 31 00:01:19,630 --> 00:01:22,430 to capture a large number of packets. 32 32 00:01:22,430 --> 00:01:24,070 If the network is idle, 33 33 00:01:24,070 --> 00:01:26,530 then the process is a little bit complex 34 34 00:01:26,530 --> 00:01:29,260 and I will cover that in the next lecture. 35 35 00:01:29,260 --> 00:01:32,120 So for now, let's focus on the simplest form 36 36 00:01:32,120 --> 00:01:36,300 which is how to break into a busy network. 37 37 00:01:36,300 --> 00:01:39,723 So I'm gonna copy the BSSID of this network. 38 38 00:01:41,400 --> 00:01:45,340 And I'm gonna run airodump-ng against this network only. 39 39 00:01:45,340 --> 00:01:47,620 So I showed you how to do this before. 40 40 00:01:47,620 --> 00:01:50,010 I'm gonna do airodump.ng. 41 41 00:01:50,010 --> 00:01:55,010 I'm gonna do --bssid to specify the BSSID of the network. 42 42 00:01:55,470 --> 00:01:57,850 Then I'm gonna do --channel 43 43 00:01:57,850 --> 00:01:59,780 to specify the channel of the network 44 44 00:01:59,780 --> 00:02:02,053 and we can see it's running on number one. 45 45 00:02:03,590 --> 00:02:06,210 And I'm gonna do --write 46 46 00:02:06,210 --> 00:02:09,830 to store everything that we capture into a file 47 47 00:02:09,830 --> 00:02:12,423 and let's call this file basic_wep. 48 48 00:02:13,820 --> 00:02:16,590 And then I'm gonna specify my wireless adapter 49 49 00:02:16,590 --> 00:02:18,543 in monitor mode which is mon0. 50 50 00:02:19,670 --> 00:02:21,250 So we ran this command before 51 51 00:02:21,250 --> 00:02:23,260 in the targeted sniffing lecture. 52 52 00:02:23,260 --> 00:02:25,890 All we're doing is we're running airodump.ng 53 53 00:02:25,890 --> 00:02:28,940 against a specific network with this MAC address, 54 54 00:02:28,940 --> 00:02:32,020 with this channel and we're storing everything in a file 55 55 00:02:32,020 --> 00:02:33,557 called basic_wep. 56 56 00:02:34,750 --> 00:02:36,190 I'm gonna hit Enter 57 57 00:02:36,190 --> 00:02:38,930 and as you can see, airodump.ng is working 58 58 00:02:38,930 --> 00:02:40,730 against my target network 59 59 00:02:40,730 --> 00:02:42,660 and if you notice, 60 60 00:02:42,660 --> 00:02:44,730 you'll see the data in here 61 61 00:02:44,730 --> 00:02:47,240 is increasing really, really fast. 62 62 00:02:47,240 --> 00:02:49,310 So this is something that I told you, 63 63 00:02:49,310 --> 00:02:50,680 I'll talk about it later 64 64 00:02:50,680 --> 00:02:53,410 when we were talking airodump.ng 65 65 00:02:53,410 --> 00:02:56,570 because I didn't want to talk about IVs 66 66 00:02:56,570 --> 00:02:58,410 at that early stage. 67 67 00:02:58,410 --> 00:03:01,350 So basically what you see under the Data column 68 68 00:03:01,350 --> 00:03:03,680 is the number of useful packets 69 69 00:03:03,680 --> 00:03:06,100 that contain a different IV 70 70 00:03:06,100 --> 00:03:09,490 that we can use in order to crack the key. 71 71 00:03:09,490 --> 00:03:11,790 So the higher this number is, 72 72 00:03:11,790 --> 00:03:14,020 the more likely we will be able 73 73 00:03:14,020 --> 00:03:15,850 to crack the key. 74 74 00:03:15,850 --> 00:03:18,420 As you can see, this number is increasing very fast 75 75 00:03:18,420 --> 00:03:20,960 because like I said, this is a busy network 76 76 00:03:20,960 --> 00:03:23,380 that is being used at the moment 77 77 00:03:23,380 --> 00:03:26,860 by my own computers and my own devices. 78 78 00:03:26,860 --> 00:03:29,170 If yours isn't increasing fast, 79 79 00:03:29,170 --> 00:03:31,790 then don't worry, we will tackle this problem 80 80 00:03:31,790 --> 00:03:33,033 in the next lectures. 81 81 00:03:33,880 --> 00:03:36,710 So for now, we're capturing a lot of data 82 82 00:03:36,710 --> 00:03:38,430 and this should actually be enough 83 83 00:03:38,430 --> 00:03:40,230 to crack the key. 84 84 00:03:40,230 --> 00:03:41,600 So what I'm gonna do, 85 85 00:03:41,600 --> 00:03:44,580 I'm gonna go down to my other terminal in here 86 86 00:03:44,580 --> 00:03:47,030 and if we actually list the files, 87 87 00:03:47,030 --> 00:03:49,370 you'll see that we have the capture file 88 88 00:03:49,370 --> 00:03:52,020 that we specified in the write argument 89 89 00:03:52,020 --> 00:03:56,580 and like I said, we're always interested in the .cap file. 90 90 00:03:56,580 --> 00:03:58,600 So all we have to do right now 91 91 00:03:58,600 --> 00:04:00,210 is do step two in here. 92 92 00:04:00,210 --> 00:04:02,600 Run aircrack-ng against the file 93 93 00:04:02,600 --> 00:04:04,903 that we captured in order to crack the key. 94 94 00:04:06,030 --> 00:04:08,360 So I'm gonna do aircrack.ng 95 95 00:04:10,240 --> 00:04:11,940 followed by the file name 96 96 00:04:11,940 --> 00:04:14,973 which is basic_wep-01.cap. 97 97 00:04:17,280 --> 00:04:18,723 I'm gonna hit Enter. 98 98 00:04:19,780 --> 00:04:21,130 And as you can see, 99 99 00:04:21,130 --> 00:04:23,843 it's telling us that the key is found. 100 100 00:04:24,870 --> 00:04:26,550 So let me cancel this here 101 101 00:04:27,690 --> 00:04:30,370 and right now, we can connect 102 102 00:04:30,370 --> 00:04:33,890 to the target network which is called Test_AP3 103 103 00:04:33,890 --> 00:04:35,730 using this ASCII password, 104 104 00:04:35,730 --> 00:04:38,700 so you can literally just copy this and paste it 105 105 00:04:38,700 --> 00:04:41,403 or you can connect using this key. 106 106 00:04:42,340 --> 00:04:43,790 Now, in some cases, 107 107 00:04:43,790 --> 00:04:46,630 you will not see this ASCII password. 108 108 00:04:46,630 --> 00:04:48,830 That's why I'm gonna show you how to connect 109 109 00:04:48,830 --> 00:04:50,310 using this key right here 110 110 00:04:50,310 --> 00:04:52,033 because you'll always get this. 111 111 00:04:53,140 --> 00:04:54,813 So I'm gonna copy this. 112 112 00:04:56,200 --> 00:04:57,550 And I'm just gonna paste it here. 113 113 00:04:57,550 --> 00:05:00,090 You can paste it anywhere in a normal text editor 114 114 00:05:00,090 --> 00:05:01,880 or anywhere you want. 115 115 00:05:01,880 --> 00:05:03,200 And all you have to do 116 116 00:05:03,200 --> 00:05:04,970 is remove the colons 117 117 00:05:04,970 --> 00:05:07,513 that we see in here between the numbers. 118 118 00:05:08,781 --> 00:05:10,333 So I'm gonna remove this one, 119 119 00:05:11,446 --> 00:05:12,910 I'm gonna remove this one, 120 120 00:05:12,910 --> 00:05:15,500 this one and this. 121 121 00:05:15,500 --> 00:05:17,713 And now, we can just copy this. 122 122 00:05:19,080 --> 00:05:20,260 And just to show you, 123 123 00:05:20,260 --> 00:05:23,630 I'm actually gonna connect from my host machine. 124 124 00:05:23,630 --> 00:05:25,310 You can connect from Kali 125 125 00:05:25,310 --> 00:05:27,480 but when we enabled monitor mode, 126 126 00:05:27,480 --> 00:05:29,440 we killed a lot of processes 127 127 00:05:29,440 --> 00:05:32,705 and sometimes even after you restart these processes, 128 128 00:05:32,705 --> 00:05:34,700 getting connecting to your target 129 129 00:05:34,700 --> 00:05:36,230 will be a little bit buggy 130 130 00:05:36,230 --> 00:05:38,620 so it's best to literally just restart Kali 131 131 00:05:38,620 --> 00:05:40,030 and connect again. 132 132 00:05:40,030 --> 00:05:42,840 So just to save all of this time, 133 133 00:05:42,840 --> 00:05:45,040 I'm going to connect from here. 134 134 00:05:45,040 --> 00:05:47,040 I'm just gonna click here, 135 135 00:05:47,040 --> 00:05:50,430 I'm gonna connect to Test AP3. 136 136 00:05:50,430 --> 00:05:52,983 And I'm going to paste the password. 137 137 00:05:53,960 --> 00:05:55,960 So I'm just gonna click on Show the Password 138 138 00:05:55,960 --> 00:05:56,950 to show it to you. 139 139 00:05:56,950 --> 00:05:58,280 Again, the same password, 140 140 00:05:58,280 --> 00:06:00,240 we just remove the colons. 141 141 00:06:00,240 --> 00:06:02,420 I'm gonna click on Join. 142 142 00:06:02,420 --> 00:06:04,742 And as you can see, we managed to connect 143 143 00:06:04,742 --> 00:06:07,300 and we can test this connection 144 144 00:06:07,300 --> 00:06:11,010 by going to Google and perfect. 145 145 00:06:11,010 --> 00:06:12,840 As you can see, it's working 146 146 00:06:12,840 --> 00:06:16,853 and we managed to break the WEP encryption. 11854

Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.