ECCouncil 312-50v11 Certified Ethical Hacker v11 Exam exam dumps vce, practice test questions, study guide & video training course to study and pass quickly and easily. ECCouncil 312-50v11 Certified Ethical Hacker v11 Exam exam dumps & practice test questions and answers. You need avanset vce exam simulator in order to study the ECCouncil CEH 312-50v11 certification exam dumps & ECCouncil CEH 312-50v11 practice test questions in vce format.
Now, before leaving this section and moving into the Gaining Access section, where I'm going to teach you how to break the different encryptions and gain access to networks, I want to spend one more lecture talking about a really useful attack that still falls under the preconnection attacks under this section. The attack that I want to talk about is the deauthentication attack. This attack allows us to disconnect any device from any network before connecting to any of these networks, and without the need to know the password for the network to do this, we're going to pretend to be the client that we want to disconnect by changing our Mac address to the Mac address of that client and telling the router that I want to disconnect from you. Then we're going to pretend to be the router again by changing our Mac address to the router's Mac address, and tell the client that you requested to be disconnected. So I'm going to disconnect you. This will allow us to successfully disconnect or de-authenticate any client from any network. Now, we're actually not going to do this manually. We're going to use a tool called Airplay NG to do that. From the previous lecture, we know that this Mac address right here belongs to an Apple Computer. And like I said, this Apple computer is actually my computer right here. And as you can see, this host machine is connected to this network right here, which is the same as the one that you see in here, and it actually has Internet access. So if I just look for "test," you'll see that I'm connected and that I can look for things. I can use Google, so I have a proper working Internet connection. Now, we're going to come back here, and we're going to use a tool called ArippleNg to launch the de-authentication attack and disconnect this Mac computer from the Internet. So we're going to type the name of the program, which is Arupayng. We're going to tell it that I want to run a de-authentication attack. Then I'm going to give it the number of deauthentication packets that I want to send. So I'm going to give it a really large number so that it keeps sending these packets to both the router and the target device. Therefore, I'll disconnect my target device for a very long period of time, and the only way to get it back connected is to hit Ctrl-C and quit a replay ng. Next, I'm going to give a replay of the Mac address of my target network. So I'm going to do A and give it the Mac address, which I'm going to copy from here. Then I'm going to use C to give it the Mac address of the client that I want to disconnect. And the client that I want to disconnect is this client right here, which is Apple Computer, like we said. So I'm going to copy it and paste it here. If your target network operates at 5 GHz, you must add a capital D to the command in this section. But my target, as you can see, uses 2.4 GHz. Therefore, I don't need to do this, and I'm simply going to add my wireless card in waiter mode, which is mon 0. Now, it's very important to understand that this command will only disconnect the target client from the specified network. So if there are other networks that the target client can connect to, it will automatically connect to them. So in many cases, it might connect to the 5 GHz version of the network, or it might connect to a completely different network that it already knows the password to. And if it's a mobile device, it might even continue to have Internet access through its mobile data plan. So it might seem like the attack did not work, but it actually worked. And the client just disconnected from this network and is using another network to solve this. All you have to do is simply open up a new terminal window and run the exact same command, but this time targeting the new network that the client connected to. I actually covered that along with more advanced topics in my Advanced Network Hacking Course. Check out the bonus lecture, the last lecture ofthis course, for more information about my Advanced NetworkHacking course and all of the other courses thatyou can take along with this course. So, a very, very simple command We're typing a to play ng. This is the name of the programme that we're going to use. We're doing DAUTH to tell a replay engine that I want to run a de-authentication attack. I'm giving it a really large number of packets so that it keeps sending the deauthentication packets to both the router and the client and keeps the client disconnected. I'm using A to specify the Mac address of the target router or the target access point. Then I'm using a dash () to specify the Mac address of the client. Finally, I'm giving it 10, which is the name of my wireless adapter in monitor mode. Now you can run this command like this, and in most cases it will work, but in very rare cases, this command will fail unless Aerodyp is running against the target network. So what I'm going to do now is go back to my first terminal in here, and I'm going to runarrow dump Ng using the command that we saw before. And I don't want to write anything to a file, so I'm going to remove the right argument. So I'm just doing a normal Aerodyne ng command. I'm literally just giving it the BSSID of my target network, and I'm giving it the target channel, and then I'm just going to hit enter. We've seen how to do this; we spent a full lecture on it. That's why I did it really quick. And then I'm going to go back to the command that we wrote so far, and I'm going to hit Enter. Now, as you can see, Airplay NG is in the process of sending deauthentication packets. And if we go back here and lookup, you can see that I actually lost my connection, and I'm trying to connect back. So obviously, if I try to look for anything, so let's say test two, you'll see that I'll get stuck, and nothing will load for me. So the only way for me to connect back is if I go back here, if I quit this by doing CTRL C, quit this again, and now my machine should be able to connect back and restore its connection. This is actually very, very handy in so many ways. It's very useful in social engineering cases where you could disconnect clients from the target network and then call the user and pretend to be a person from the IT department and ask them to install a virus or a backdoor, telling them that this would fix their issue. You could also create another fake access point and get them to connect to the fake access point, and then start spying on them from that access point. We'll look at how to do that later in the course. And you can also use this to capture the handshake, which is what happened here, actually. And this is vital when it comes to WPA cracking. And we'll talk about this once we get to the WPA cracking section. So, like I said, this is a small attack that can be used as a plug-in to other attacks or to make other attacks possible.
The first encryption that we'll learn how to break is called WEP, or Wired Equivalent Privacy. This is an old encryption that can be easily broken. The reason why I'm still covering it in this course is, first of all, because, like I said, it's very simple, so it's a good starting point. It's also still used on occasion in some networks. Therefore, you can't really call yourself a hacker. And then if you see a network that uses Web, you'll get stuck, and you won't even be able to break into it. So in this lecture, I'm going to explain how the web works and what the weaknesses are that we can use to break it. And in the next lecture, you'll see how we can use this weakness in order to break WEP and get the key for any network that uses WEP. So basically, WEP uses an algorithm called RC4 to encrypt its data. So the way this works is that basically, if a client wants to send something to the router, let's say this text data, it will first encrypt it using a key. Therefore, this normal text will be converted into gibberish. As you can see here, this encrypted packet will be sent into the air. So if a hacker captures this packet, as we've seen before, if we open it, we'll see that it's full of gibberish. Even though it actually contains useful information, we won't be able to read it because it's encrypted. The access point will receive this encrypted packet and will be able to transform it back to its original form because it has the key. Therefore, it will actually be able to read the contents, which is data to send to the router. The same happens if the router wants to send something back to the client. It will first encrypt it using a key and send it to the client. The client will be able to decrypt it because it has the key. So the concept is always the same. The transmitter encrypts the data using a key and sends it to the receiver. The receiver is able to decrypt it because it also has the key. Therefore, anybody who captures the packet in the middle will get the packet, but they won't be able to see the contents because they do not have the key. So the algorithm and the way RC4 works are actually fine. The problem is with the way that WEP implements this algorithm. And to understand this, let's zoom in a little bit more on each step. So, going back to the first step, we have the client trying to send data to the router, and the data that it wants to send is data to send to the router. So in order to encrypt this, WEP tries to generate a unique key for each packet. So literally, each packet that's sent into the air tries to create a new unique key for it. To do that, it generates a random 24-bit initialization vector. The initialization vector is then added to the password of the network to form the actual key that people use to connect to the network. This generates a key stream, and then this key stream is used to encrypt this packet and transform it into gibberish. So basically, we have the keystream plus the data that we need to encrypt, which gives us the gibberish, and then the gibberish is sent into the air. But before sending this into the air, WEP will also append the initialization vector. This is the 24-bit random number that I said it creates in order to make sure that each packet has a unique key. The reason why it adds the initialization vector to the packet is because once the router receives this packet, it needs to be able to decrypt it. And to decrypt it, it needs the key and the ivy. But the router already has the key, so there is no need to send that. Therefore, we just need to send it by IV. So when the router receives the packet, it has the IV, it has the password, or it has the key. So it can generate a key stream and then use that key stream to transform this gibberish into its original form and read the packet. So if you think about what I said, you can probably guess what the weakness is. Basically, the Ivy is sent in plain text. So if you look at this, you can see the packet content is encrypted. So if someone captures this packet, they won't be able to read this, but they will be able to read the IV in plain text. Also, the size of the IV is only 24 bits. Now, considering the huge amount of traffic that can be generated on a WiFi network, this number is not big enough, and the IVs will start getting repeated in a busy network. This makes Weap vulnerable to statistical attacks. So we can use a tool called Aircrack NG to determine the key stream once we have enough repeated IVs. And from there, it will also be able to crack Weap and give us the key to the network. 2b1af7f3a8