1
00:00:07,400 --> 00:00:09,739
- [Presenter] Let's go over aircrack-ng.

2
00:00:09,739 --> 00:00:13,380
Aircrack-ng is actually one
of the most popular tools

3
00:00:13,380 --> 00:00:17,170
or suite of tools that can be
used for wireless pen testing.

4
00:00:17,170 --> 00:00:19,870
So within the aircrack-nging suite,

5
00:00:19,870 --> 00:00:21,950
'cause it's actually a suite of tools,

6
00:00:21,950 --> 00:00:22,920
you have different tools

7
00:00:22,920 --> 00:00:26,310
that can allow you to
monitor wireless traffic.

8
00:00:26,310 --> 00:00:29,160
Either, also perform
packet capture, right.

9
00:00:29,160 --> 00:00:31,730
So, you can also export
that packet captures,

10
00:00:31,730 --> 00:00:34,530
and any other data to text files,

11
00:00:34,530 --> 00:00:36,370
so that you can do you know,

12
00:00:36,370 --> 00:00:39,210
further analysis by
other third party tools.

13
00:00:39,210 --> 00:00:41,220
Like Work Shark, and you
know, some other ones, right.

14
00:00:41,220 --> 00:00:44,670
So, now it also provides a series of tools

15
00:00:44,670 --> 00:00:46,900
for attacking the wireless network.

16
00:00:46,900 --> 00:00:50,490
Wireless access points and
of course wireless routers,

17
00:00:50,490 --> 00:00:52,130
and also the wireless clients, right.

18
00:00:52,130 --> 00:00:55,460
So, you can perform replay attacks,

19
00:00:55,460 --> 00:00:59,420
the authentication attacks,
create fake access points,

20
00:00:59,420 --> 00:01:02,680
and also perform other attacks
using packet injection.

21
00:01:02,680 --> 00:01:06,290
Now talking about packet
injection, you need to make sure

22
00:01:06,290 --> 00:01:09,730
that you have a wireless
card that is compatible,

23
00:01:09,730 --> 00:01:12,400
and capable of doing packet injection.

24
00:01:12,400 --> 00:01:14,420
And as you know, in lesson three,

25
00:01:14,420 --> 00:01:16,270
I cover the different wireless adapters

26
00:01:16,270 --> 00:01:17,930
that I personally use.

27
00:01:17,930 --> 00:01:21,030
And I also have some
recommendations in there.

28
00:01:21,030 --> 00:01:25,060
And then, so I definitely advise
you to revise that lesson,

29
00:01:25,060 --> 00:01:25,990
and also make sure

30
00:01:25,990 --> 00:01:28,150
that you have a compatible
wireless adapter,

31
00:01:28,150 --> 00:01:29,960
before you start actually
playing with these tools, right.

32
00:01:29,960 --> 00:01:34,690
So, now aircrack-ng comes
by default in Cal Linux,

33
00:01:34,690 --> 00:01:36,430
but you can actually download it for-

34
00:01:36,430 --> 00:01:38,270
from the website that
I'm highlighting here.

35
00:01:38,270 --> 00:01:41,650
So, aircrack-ng.org.

36
00:01:41,650 --> 00:01:44,300
Now, you can also check their Wiki

37
00:01:44,300 --> 00:01:47,020
for a few troubleshooting tips, right.

38
00:01:47,020 --> 00:01:49,710
So, in case that you're
running to province

39
00:01:49,710 --> 00:01:51,750
with the wireless adapter,
like I mentioned before

40
00:01:51,750 --> 00:01:53,630
or whatever operating system

41
00:01:53,630 --> 00:01:55,830
that you will be running aircrack-ng from.

42
00:01:55,830 --> 00:01:58,560
Now, I typically use it in Cali.

43
00:01:58,560 --> 00:02:00,180
Since it works, you
know, most of the time.

44
00:02:00,180 --> 00:02:02,730
Assuming that you have a
comparable wireless adapter.

45
00:02:02,730 --> 00:02:04,210
And that they, you know,

46
00:02:04,210 --> 00:02:07,710
they also made a few adjustments for you,

47
00:02:07,710 --> 00:02:09,710
that, you know, will
allow you to, you know,

48
00:02:09,710 --> 00:02:11,660
reduce the amount of headaches

49
00:02:11,660 --> 00:02:13,580
that you probably will encounter

50
00:02:13,580 --> 00:02:15,470
with different comparability issues,

51
00:02:15,470 --> 00:02:16,303
and probably,

52
00:02:16,303 --> 00:02:17,770
you know, different kernel issues,

53
00:02:17,770 --> 00:02:19,220
depending on your environment.

54
00:02:19,220 --> 00:02:20,053
Right?

55
00:02:20,053 --> 00:02:21,060
So again, you know, I
actually just use it,

56
00:02:21,060 --> 00:02:22,600
you know typically outta the box,

57
00:02:22,600 --> 00:02:25,060
fairly simple in Cali, right.

58
00:02:25,060 --> 00:02:27,830
Now this is a link for their Wiki,

59
00:02:27,830 --> 00:02:30,010
as I was mentioning before.

60
00:02:30,010 --> 00:02:33,000
And I'll advise you to, of
course, you know, revise it.

61
00:02:33,000 --> 00:02:36,900
And they have really good
troubleshooting tips,

62
00:02:36,900 --> 00:02:37,956
in there for you, right.

63
00:02:37,956 --> 00:02:39,720
Now in the next few lessons,

64
00:02:39,720 --> 00:02:42,780
we will cover each of
the most popular tools

65
00:02:42,780 --> 00:02:45,420
that are part of these,
you know, suite of tools,

66
00:02:45,420 --> 00:02:47,210
part of aircrack-ng.

67
00:02:47,210 --> 00:02:51,060
Now in lesson five, we will
go over on how to crack WEP.

68
00:02:51,060 --> 00:02:55,310
And also in lesson six, we will
go over how to crack a WPA,

69
00:02:55,310 --> 00:02:56,820
with pressure keys.

70
00:02:56,820 --> 00:02:58,740
But let's quickly glance at the tools

71
00:02:58,740 --> 00:03:00,760
that part of this suite, right.

72
00:03:00,760 --> 00:03:04,170
So, first you have airbase, right.

73
00:03:04,170 --> 00:03:06,900
So, airbase dash NG, so
everything, you know,

74
00:03:06,900 --> 00:03:08,970
ends with an NG here. Right.

75
00:03:08,970 --> 00:03:11,190
So, airbase is a multi-purpose tool

76
00:03:11,190 --> 00:03:13,630
that is actually created
for attacking clients,

77
00:03:13,630 --> 00:03:17,710
instead of the actual access
point or the wireless router.

78
00:03:17,710 --> 00:03:20,420
Right? So, now aircrack.

79
00:03:20,420 --> 00:03:25,170
It's WEP, and also WPA key
cracking program, right.

80
00:03:25,170 --> 00:03:28,083
So, and that's what we're
gonna be using whenever we go,

81
00:03:28,941 --> 00:03:29,774
and crack both, you know,

82
00:03:29,774 --> 00:03:32,480
WEP and WPA later in the course.

83
00:03:32,480 --> 00:03:35,590
There's also air-DCAP, right.

84
00:03:35,590 --> 00:03:36,690
And that's a-

85
00:03:36,690 --> 00:03:39,977
the encryption tool that
capture, decrypt WPA,

86
00:03:42,284 --> 00:03:45,940
WEP, and WPA to a capture files, right.

87
00:03:45,940 --> 00:03:49,250
Now there's also air-decloak.

88
00:03:49,250 --> 00:03:53,280
And basically, this tool is
used to remove web cloaking,

89
00:03:53,280 --> 00:03:54,113
right?

90
00:03:54,113 --> 00:03:55,570
And from a capture file.

91
00:03:55,570 --> 00:03:58,220
Basically, what this web cloaking is,

92
00:03:58,220 --> 00:04:01,270
is a technique that is actually used for-

93
00:04:01,270 --> 00:04:04,470
by, you know, some wireless
network infrastructure devices

94
00:04:04,470 --> 00:04:07,730
that inserts frames into the air,

95
00:04:07,730 --> 00:04:11,060
with a goal of actually
fooling the attacker to think

96
00:04:11,060 --> 00:04:12,260
that they are real, right?

97
00:04:12,260 --> 00:04:15,670
So to think that this actually
inject frames are real,

98
00:04:15,670 --> 00:04:19,070
and to try to mess up the
statistical analysis, you know,

99
00:04:19,070 --> 00:04:20,440
of that attacking tool, right?

100
00:04:20,440 --> 00:04:23,900
So, basically this is used
to prevent an attacker

101
00:04:23,900 --> 00:04:25,740
from cracking the key, right.

102
00:04:25,740 --> 00:04:27,800
So, now this tool, what it does,

103
00:04:27,800 --> 00:04:32,800
is actually tries to remove
WEP cloaking for this purpose.

104
00:04:33,460 --> 00:04:34,720
You also have air-replay,

105
00:04:34,720 --> 00:04:36,590
which we are gonna be using later.

106
00:04:36,590 --> 00:04:39,933
It's used to inject and
replay wireless frames.

107
00:04:39,933 --> 00:04:43,440
Air-graph is actually to
graph wireless networks.

108
00:04:43,440 --> 00:04:46,930
Air-mon is the one that
enables you to enable,

109
00:04:46,930 --> 00:04:49,410
or disable monitor mode
on wireless interfaces.

110
00:04:49,410 --> 00:04:51,780
Right, so you're gonna see this in action,

111
00:04:51,780 --> 00:04:53,100
later in the course as well, right.

112
00:04:53,100 --> 00:04:54,830
So, you have also air-o-dump,

113
00:04:54,830 --> 00:04:56,899
which is actually to be able to capture,

114
00:04:56,899 --> 00:05:00,848
the row eight to eleven
frames over the air, right.

115
00:05:00,848 --> 00:05:02,250
Air-o-lib,

116
00:05:02,250 --> 00:05:07,250
it's actually a tool that that
is used to precompute WPA,

117
00:05:07,318 --> 00:05:11,080
and WPA, to pass phrases in the database,

118
00:05:11,080 --> 00:05:14,790
to use later with then aircraft-ng, right.

119
00:05:14,790 --> 00:05:16,570
You also have air-serve,

120
00:05:16,570 --> 00:05:19,400
which is actually a
wireless card, TCPIP server,

121
00:05:19,400 --> 00:05:20,880
that allows multiple applications

122
00:05:20,880 --> 00:05:23,340
to actually use a wireless card, right.

123
00:05:23,340 --> 00:05:27,070
Now, air-tun is used to
create virtual interfaces.

124
00:05:27,070 --> 00:05:29,350
There are virtual tunnel interfaces.

125
00:05:29,350 --> 00:05:33,520
And then, you also have
packet-forge-ng, which creates,

126
00:05:33,520 --> 00:05:35,710
you know, different types
of encrypted packets.

127
00:05:35,710 --> 00:05:38,540
That then can be used for injection at-

128
00:05:38,540 --> 00:05:39,830
you know, as well.

129
00:05:39,830 --> 00:05:41,750
Now again, you know, in
the next few lessons,

130
00:05:41,750 --> 00:05:44,239
we will go over the most popular tools

131
00:05:44,239 --> 00:05:46,120
that are part of this suite.

132
00:05:46,120 --> 00:05:46,953
And then later on,

133
00:05:46,953 --> 00:05:48,190
you're gonna actually see them in action.

134
00:05:48,190 --> 00:05:50,933
Whenever we crack WEP and also WPA.