1 00:00:07,140 --> 00:00:10,500 - Let's go over a high level introduction of Aireplay 2 00:00:10,500 --> 00:00:14,150 and basically the functionality of Aireplay. 3 00:00:14,150 --> 00:00:16,310 Aireplay is actually used to inject frames, right? 4 00:00:16,310 --> 00:00:17,640 So that's actually the main purpose. 5 00:00:17,640 --> 00:00:19,666 The main purpose is actually to generate traffic. 6 00:00:19,666 --> 00:00:21,650 So then you can use it 7 00:00:21,650 --> 00:00:25,290 with other tools like Aircrack-ng to crack a weapon 8 00:00:25,290 --> 00:00:28,960 WPA pressure keys in, you know, 9 00:00:28,960 --> 00:00:29,810 different environments right? 10 00:00:29,810 --> 00:00:32,020 So there are different attacks that you 11 00:00:32,020 --> 00:00:33,630 can launch using Aireplay. 12 00:00:33,630 --> 00:00:36,900 Basically you can do the authentication attacks. 13 00:00:36,900 --> 00:00:38,980 You can do fake authentication attacks. 14 00:00:38,980 --> 00:00:42,210 You can do replay ARP attacks and many others, right? 15 00:00:42,210 --> 00:00:46,480 So the Aircrack website goes over all of them 16 00:00:46,480 --> 00:00:49,470 and they have all the syntax references to launch 17 00:00:49,470 --> 00:00:50,670 these type of attacks, you know 18 00:00:50,670 --> 00:00:53,070 and I'm actually showing here their website 19 00:00:53,070 --> 00:00:54,340 but let's just go 20 00:00:54,340 --> 00:00:57,010 over a fake authentication attack real quick 21 00:00:57,010 --> 00:01:00,510 just to introduce the capabilities of Aireplay 22 00:01:00,510 --> 00:01:03,540 and also this way you can inject packets with 23 00:01:03,540 --> 00:01:07,040 the specific wireless adapter that we're actually using. 24 00:01:07,040 --> 00:01:10,150 So first launch Airodump to the channel 25 00:01:10,150 --> 00:01:12,770 and the BSS ID that we used in the previous lesson. 26 00:01:12,770 --> 00:01:16,720 So you will also need to know the Mac address 27 00:01:16,720 --> 00:01:18,200 of your wireless adapter, right? 28 00:01:18,200 --> 00:01:19,033 You can do this 29 00:01:19,033 --> 00:01:23,346 by invoking the IP a show command, and here you go. 30 00:01:23,346 --> 00:01:25,370 That's the Mac address of our adapter. 31 00:01:25,370 --> 00:01:28,310 So, you know, make that as a reference then basically 32 00:01:28,310 --> 00:01:32,720 we're invoking the Aireplay command with dash one. 33 00:01:32,720 --> 00:01:37,720 So, so minus one, to specify a fake authentication attack 34 00:01:37,830 --> 00:01:40,900 then you can specify the re-association timing 35 00:01:40,900 --> 00:01:44,250 in seconds in our case, we'll just use zero. 36 00:01:44,250 --> 00:01:47,450 And then you use the minus E option 37 00:01:47,450 --> 00:01:49,280 and specify the ESS ID 38 00:01:50,120 --> 00:01:52,330 of the network that we want to attack 39 00:01:52,330 --> 00:01:56,550 which in this case is actually Corp-net in this example. 40 00:01:56,550 --> 00:02:00,930 And then you use minus A to specify the Mac address 41 00:02:00,930 --> 00:02:04,190 of the access point that we, you know 42 00:02:04,190 --> 00:02:05,420 we want to actually attack. 43 00:02:05,420 --> 00:02:08,180 And then minus H to specify the Mac address 44 00:02:08,180 --> 00:02:10,490 of our wireless interface. 45 00:02:10,490 --> 00:02:14,840 Then at the end we specify our wireless interface 46 00:02:14,840 --> 00:02:16,180 and there you go. 47 00:02:16,180 --> 00:02:17,570 We were able to actually send a 48 00:02:17,570 --> 00:02:20,500 fake authentication request and you see authentication 49 00:02:20,500 --> 00:02:24,000 successful and association successful as well. 50 00:02:24,000 --> 00:02:26,670 So that means that we're able to actually also 51 00:02:26,670 --> 00:02:28,810 inject packets into the air. 52 00:02:28,810 --> 00:02:31,253 So our wireless adapter is successful.