You can use aircrack, wifite, reaver, etc.. but all these method will only work if the wordlist being used has to have the actual password within in or else its useless. So for those reading don’t assume that your breaking into everyone’s wifi using this method as it did his, the password to his network he already added into a wordlist that he used to basically cross reference using aircrack nothing special.
@@VikramSinghRajput0001 One way is to create an access point that has the same name as the original one. You will need 2 Wi-Fi adapters. One for jamming clients and one for the malicious access point a.k.a Evil Twin. Jammer should emit stronger signals or be close in range to disrupt communication and possibly kick devices out of the network. AP will not have any password but a web-server set up. When your Wi-Fi connection drops frequently (because of the jammer), you'll open up your Wi-Fi settings to see what's happening, and at that moment you will discover the Evil Twin AP, which you will probably connect with "there's a glitch" on mind. And when you do so, your phone automatically opens a website which will greet you with a fake warning message eg. "firmware update", "2step auth". And there will be an input field where you enter the password of the AP.
Because you already captured the handshake during deauth, you are be able to hash whatever user entered and compare if they match with the captured one. This allows you to tell users what they entered is fake and build one layer of trust. This is a bit involved process, but tools like EvilTwin and Airgeddon will make it a piece of cake. You can look them up on GitHub.
i dont know if these password lists will ever find anything.. i mean even if i use Rockyou that has 14 million passwords.. it's still not gonna have my password. I only have my wife's name and some numbers and characters and still didn't find it.. i mean not all lists will have it all..
The final part is the most haunting because the cracking process is not as easy as it might look so your best bet is to create your own password list using crunch if you already know a thing or two about the target or you can crack the password online with servers equipped with very fast GPUs but this last choice will cost you money. Personally I prefer to use CRUNCH combined with a good computer that has a powerful GPU and a lot of ram
yes its easy to deauth a device and capture a handshake.. i crack with a different machine running windows. you might get a better understanding if you learn the method shown in the video before moving on to using more advanced tools without comprehending how it works
If you capture a Handshake or a PMKID with Airgeddon, you choose the WPA/WPA2 Offline Decryption Menu option and then you choose the option: Aircrack + Crunch Brute force attack on the Handshake/PMKID capture file, it tells me to write the length of the key, how do you know the length of the key? How do you know if it has only uppercase letters, if it has only lowercase letters, if it has only numbers, if it has only symbols or if the key has characters of all types?
This method is only efficient if you have a previously collected data with you, like the 4 way handshake capture and a ton of info on the password. It's not for entirely finding a password, and it doesn't work like the movies, sometimes you gotta get out there and collect necessary info before doing something, or the wireless owner should be dumb enough to use passwords that are in public wordlists for years.
hello. after running command "airodump-ng wlan0" my wifi adapter doesn't showing me clients. do you know what to do.please help me my wifi adapter is in monitor mode.
My bsssid. Doesn’t have any stations after I ran a airodump-c capture even though I have my phone and other devices connected to the network… pls any idea on what to do
Not so fast. When I tried going to monitor mode, something came up saying 2 filths are doing some crap and I have to kill the interfering processes. When I did that one alone were killed which was my NetworkManager which it disabled. What do I do because I don't know
Yeah, remember this is just for demonstration purposes. The network manager if it gets disabled, you have to restart the interface. Or just reboot your virtual machine
second time going over this video in conjunction with many other leading ethical hacking/ kali linux videos and i appreciate your thoroughness in explanation and the way you show it as well. keep it up .
Just let my neighbour know his password after I shutdown his network to prove my point. I used a 500,000 word dictionary based on animals, characters, popular names ect. I found the password @ 48% and 2:36 seconds. Strange that my pci Ac1300 refuses to go into monitor mode but mu $5 Asus UsbN13 has no problem's? 🤔 Could it be a driver error?
@@jeremym-i6x what? decrypt it instead of matching it through the wordlists? I don't get you but it seems like it'll be a better way to hack the password which I'll never find in wordlists...
The deauth doesnt appear to be limiting my victim device in any way, and im not able to capture the handshake at all, even if i manually reconnect my victim device. The MAC adresses for both the AP and the victim device are correct, but the victim device still has internet, and no handshake is ever captured.. I already "hacked" it by using Fern, but with a custom wordlist that included the wifi pwd on purpose, just to test that it worked - so in theory it should work using AirCrack too.. Any advice? :) Oh, and any tips for how i could bruteforce instead of using a wordlist too? :D 💜
I have a router that creates a guess wireless network.. where they connect and it brings them to a web page and they have to enter the password. How can I approach getting access into this router via that route
when your wifi card goes into monitor mode, you lose the wifi connection but you can still continue with whatever capture / attack you're trying to do. You can turn off monitor mode after and it will start working again
I always use WPA 2 and WPA3 on another router with a 25 character password very mixed and I keep WPS disabled. I just got a new router which allows me to install and use wireguard as my VPN server for 40 bucks. Im using mullvad with my linux setup. However 1 flaw in my new router is it shows WPS is enabled and there is no option to disable it. With the password Im using is my router/VPN server still OK ? I used kali with a program Wifite to try and crack the WPS setup I have and it didn't work. I haven't tried every tool but wonder if I should make my password longer or not bother ?? I only had success with a WPS exploit when the password was pretty weak. Could they still get my wps pin ? Maybe Im being extra paranoid but just wondering.
That’s a really good question. The best way to do is try to crack it. But if you ran Wifite I didn’t crack it. I think you should be in good shape. There’s probably other tools out there, but I wouldn’t get too crazy about it.
I am a new pentester and I wanted to ask that I have captured a handshake but cannot crack it using airmon-ng is there any other tool which I can use to crack the handshake without using wordlist because I have used almost 30 million wordlist but still can't crack the handshake
No matter how much I try, only some (2nd and 4th) EAPOL packets are captured. Does anyone know a solution? Fixing the channel, manually reconnecting the device to the AP, or sending a deauth packet doesn't work. Despite extensive searching, I haven't been able to find a solution. Please please help me😭😭
It takes too much time but failing even I created a different file with contain the right password and select that file during the process still failing
Hello , question… what if you know a part of the password and the wordlists do not contain the password , can you use -t %%%%%% instead of -w for wordlists or how would you do that
Forgive me if this is a stupid question. I understand that if you are running Linux as a virtual machine you need a usb wifi adapter. But if you are running a live installation and have access to the computer's onboard wifi adapter, do you still need a usb wifi adapter?
Notice that all the passwords hacked were weak. Cracking a 28 digit password with multiple special characters is nearly impossible even on WPA2. It would have to be a weak password for this to be possible.
thats the word list, is a database of possible passwords, actually this method to crack a wifi password is not good, it is limited in the words that you have on that list, if the password is not there, you'll not crack it. So, is not very useful in most cases
Bro I ran iwconfig on my Rooted A51F and by wlan0 it says : IEEE Mode:Managed Frequency:2.412 Ghz Bit Rate :43.3 mb/s ........ What da heck does that mean
Can u make a video step by step on how to do cracking etc. From the moment u start up computer. Do u run soemthing to mask ur ip etc and how to set up files in folders to make easier access. Im having issues with alot these tools ans trying tonrun them. Some i cant even start up or forgot. Other i can type right in and it turns blue and i hit enter and it goes. I want all my tools to start up upon typing it in and hitting enter. Im having issues with missing files too. Its all a mess. Need some help
Hey idk if you will see this, but let's say i wanna use a router as my network adapter, how do i set it as my main network adapter? Should i just connect it to my laptop through ethernwt wire and type airmond-mg eth? ( i am newbie)
Found your channel when I was looking for a Windows Server Training playlist and have been loving it so far! Nice content... and also nice beard, damn! Você tem um admirador do Brasil ;)
Dear Pat, thank you for such a useful tutorial. Unfortunately, I am even less than a beginner and the operation is broken up because of the network disconnecting me during the process. I am using Kali Linux 24.2. I'm following step by step exactly as you are showing us! Thank you! My aim is to be second Kevin Mitnick
thank u so much it's very helpful and i like your honesty you're legit , i have just one question : is the password.txt file automatically generated or it's a word list that you have created ?
i like to use KONSOLE and split the view, makes it easy to airodump in one terminal while you aireplay in a second terminal, all in same window.. u cant sudo apt install it though, has to be built from script also bro, not to bust your chops, but your cap file is gonna be polluted with deauth packets, you dont even need to start airodump writing the output until AFTER you deauth the device.. if you watch the number of lost frames you can see exactly when the device's connection gets reset, and then start airodump -w
You can use aircrack, wifite, reaver, etc.. but all these method will only work if the wordlist being used has to have the actual password within in or else its useless. So for those reading don’t assume that your breaking into everyone’s wifi using this method as it did his, the password to his network he already added into a wordlist that he used to basically cross reference using aircrack nothing special.
So what works better ? For hacking an Wifi
Thank you Sir. So what are the other methods?
Is there any other method to get without word list?
so plz tell me is there any other powerfull method to get the password...without the wordlist method
@@VikramSinghRajput0001 One way is to create an access point that has the same name as the original one. You will need 2 Wi-Fi adapters. One for jamming clients and one for the malicious access point a.k.a Evil Twin. Jammer should emit stronger signals or be close in range to disrupt communication and possibly kick devices out of the network. AP will not have any password but a web-server set up.
When your Wi-Fi connection drops frequently (because of the jammer), you'll open up your Wi-Fi settings to see what's happening, and at that moment you will discover the Evil Twin AP, which you will probably connect with "there's a glitch" on mind. And when you do so, your phone automatically opens a website which will greet you with a fake warning message eg. "firmware update", "2step auth". And there will be an input field where you enter the password of the AP.
Because you already captured the handshake during deauth, you are be able to hash whatever user entered and compare if they match with the captured one. This allows you to tell users what they entered is fake and build one layer of trust. This is a bit involved process, but tools like EvilTwin and Airgeddon will make it a piece of cake. You can look them up on GitHub.
i dont know if these password lists will ever find anything.. i mean even if i use Rockyou that has 14 million passwords.. it's still not gonna have my password. I only have my wife's name and some numbers and characters and still didn't find it.. i mean not all lists will have it all..
The final part is the most haunting because the cracking process is not as easy as it might look so your best bet is to create your own password list using crunch if you already know a thing or two about the target or you can crack the password online with servers equipped with very fast GPUs but this last choice will cost you money. Personally I prefer to use CRUNCH combined with a good computer that has a powerful GPU and a lot of ram
yes its easy to deauth a device and capture a handshake.. i crack with a different machine running windows.
you might get a better understanding if you learn the method shown in the video before moving on to using more advanced tools without comprehending how it works
If you capture a Handshake or a PMKID with Airgeddon, you choose the WPA/WPA2 Offline Decryption Menu option and then you choose the option: Aircrack + Crunch Brute force attack on the Handshake/PMKID capture file, it tells me to write the length of the key, how do you know the length of the key?
How do you know if it has only uppercase letters, if it has only lowercase letters, if it has only numbers, if it has only symbols or if the key has characters of all types?
This method is only efficient if you have a previously collected data with you, like the 4 way handshake capture and a ton of info on the password. It's not for entirely finding a password, and it doesn't work like the movies, sometimes you gotta get out there and collect necessary info before doing something, or the wireless owner should be dumb enough to use passwords that are in public wordlists for years.
3:30 lol
hello. after running command "airodump-ng wlan0" my wifi adapter doesn't showing me clients. do you know what to do.please help me my wifi adapter is in monitor mode.
Nice video man, a question , what's the second MAC Address while using aireplay-ng at 5:57 minutes?
Been doing this kind of work since 97. I like your style my man. Cheers
Awesome! Thank you! I appreciate that 😎
@@InfoSecPat of course! Lot of changes happening soon with the pentesting industry... Looking forward to seeing more.
2:54
followed along and it doesnt show anything after airodump-ng wlan0. my nic is in monitor mode
My bsssid. Doesn’t have any stations after I ran a airodump-c capture even though I have my phone and other devices connected to the network… pls any idea on what to do
Ever figured it out brother?
not airodump -c, airodump -d (or --bssid) is the switch for bssid mac
In the last click. They given me that message (Failed to open Capture-Par-01.cap (2):No such file or directory
Not so fast. When I tried going to monitor mode, something came up saying 2 filths are doing some crap and I have to kill the interfering processes.
When I did that one alone were killed which was my NetworkManager which it disabled.
What do I do because I don't know
Yeah, remember this is just for demonstration purposes. The network manager if it gets disabled, you have to restart the interface. Or just reboot your virtual machine
3:33 WAP!!🤣🤣🤣🤣🤣
I did not understand how to activate the new tab because I opened a new tab, turned on the root, and followed the steps, but it did not work
2:53 why my terminal shows no BBSID scanned. There’s just a blank space. Help me.
Same
You need external wifi adaptor
second time going over this video in conjunction with many other leading ethical hacking/ kali linux videos and i appreciate your thoroughness in explanation and the way you show it as well. keep it up .
Just let my neighbour know his password after I shutdown his network to prove my point.
I used a 500,000 word dictionary based on animals, characters, popular names ect. I found the password @ 48% and 2:36 seconds.
Strange that my pci Ac1300 refuses to go into monitor mode but mu $5 Asus UsbN13 has no problem's? 🤔
Could it be a driver error?
any know why the Password.txt it doesn't appear to me?
me too. Can u fixed it
I have to first unzip it in your kali Linux app
I remember doing this in 2010 with WEP passcodes and Linux BackTrack
Same bro ! I cant believe its still the same process in 2024 , why cant you just capture the handshake and decrypt it instead of a wordlist
@@jeremym-i6xthe thing is wpa2 is too secute to decrypt
@@jeremym-i6x what? decrypt it instead of matching it through the wordlists? I don't get you but it seems like it'll be a better way to hack the password which I'll never find in wordlists...
Wait, does that mean it's actually possible to crack my neighbor's WiFi?
@@jeremym-i6xhow do you do that ?
Wlan0 text does not appear on me. I have a Linux installed on virtualbox. 1:50
The deauth doesnt appear to be limiting my victim device in any way, and im not able to capture the handshake at all, even if i manually reconnect my victim device.
The MAC adresses for both the AP and the victim device are correct, but the victim device still has internet, and no handshake is ever captured..
I already "hacked" it by using Fern, but with a custom wordlist that included the wifi pwd on purpose, just to test that it worked - so in theory it should work using AirCrack too..
Any advice? :)
Oh, and any tips for how i could bruteforce instead of using a wordlist too? :D 💜
You must be really in a close range if you're using your internal wifi adapter, to be able to do a deauth
why i dont have EAPOL files in wireshark ? and when i trakc my iphone under "Notes" it doesnt say "EAPOL" , nothing stands there...
I have a router that creates a guess wireless network.. where they connect and it brings them to a web page and they have to enter the password. How can I approach getting access into this router via that route
Hey im in the end step when i will put the word list in and i can put it in even the rockyou.txt
When I type iwconfig, I do not get the wlan0 option, do I need to install a driver for it?
sudo apt-get install iwconfig
Why when i do check kill i lose wifi
when your wifi card goes into monitor mode, you lose the wifi connection but you can still continue with whatever capture / attack you're trying to do.
You can turn off monitor mode after and it will start working again
Skip it it's not mandatory
Because it’s putting your WiFi card in monitor mode
you probably try to crack ur own wifi
I was wondering the same thing
02:45 not showing any network what to do I have tried many way but not working
I always use WPA 2 and WPA3 on another router with a 25 character password very mixed and
I keep WPS disabled. I just got a new router which allows me to install and use wireguard as my
VPN server for 40 bucks. Im using mullvad with my linux setup. However 1 flaw in my new router
is it shows WPS is enabled and there is no option to disable it. With the password Im using is
my router/VPN server still OK ? I used kali with a program Wifite to try and crack the WPS setup
I have and it didn't work. I haven't tried every tool but wonder if I should make my password longer
or not bother ??
I only had success with a WPS exploit when the password was pretty weak. Could they still get my
wps pin ? Maybe Im being extra paranoid but just wondering.
That’s a really good question. The best way to do is try to crack it. But if you ran Wifite I didn’t crack it. I think you should be in good shape. There’s probably other tools out there, but I wouldn’t get too crazy about it.
I am a new pentester and I wanted to ask that I have captured a handshake but cannot crack it using airmon-ng is there any other tool which I can use to crack the handshake without using wordlist because I have used almost 30 million wordlist but still can't crack the handshake
Im at that point of life again where i think i can become a hacker
The method of that video really works to you?
Same here
i tried this on an semi-installed ubuntu distro (wsl) wlan0 didin't appear but on my kali bootable it shows any fixes to make it work on my ubuntu?
Would be helpful if you explained what the switches are
No matter how much I try, only some (2nd and 4th) EAPOL packets are captured. Does anyone know a solution? Fixing the channel, manually reconnecting the device to the AP, or sending a deauth packet doesn't work. Despite extensive searching, I haven't been able to find a solution. Please please help me😭😭
It takes too much time but failing even I created a different file with contain the right password and select that file during the process still failing
How you make home/kali on terminal pls hellp
Bro i did all the steps carefully but doesn't found any eapol file and because of it i can't run dictionary attack on it
Why does "airodump-ng --help" immediately appear when I press airodump-ng -c? Please explain
In the de authentication process, how do I know what's my access point?
Nice tutorial.
Thanks for the comment!
Hello , question… what if you know a part of the password and the wordlists do not contain the password , can you use -t %%%%%% instead of -w for wordlists or how would you do that
you'd have to generate your own wordlist based on your knowledge of the password
Use hashcat and mask attack. Like passw?a?a?a
Please make a video on channel changing issue in airodump-ng because no video on RUclips regarding this issue
Forgive me if this is a stupid question. I understand that if you are running Linux as a virtual machine you need a usb wifi adapter. But if you are running a live installation and have access to the computer's onboard wifi adapter, do you still need a usb wifi adapter?
Is a must
My built in NIC can be put into monitor mode too. I guess the difference is the range.
hell, even if you use Usb wifi adapter, you need to find the right USB wifi adapter, not just any adapter.
When I use "airodump-ng wlan0" no connection appears even if time elapses, what can I do?
It's because you don't have a wifi adapters
Use wlan0mon
Do we need to have to be connected to internet to perform this attack. Pls someone answer me please
No, you don’t have to be connected to the Internet
Can anybody suggest me the wireless adapter which supports monitor and pentresting
wonderful explanation job🙏
Glad you liked it. Thank you
KEY NOT FOUND
for me i try it in my wifi and thats what i have i think thats beause the password in CAPITALletter
4:35 does the file need to exist or is ti automatically created? what file format is it?
Everything is going well, but when I enter the (ls) command, there is no such thing as password.txt. help sir thanks
While using wireshark i am facing problem failed to create compose table
Please provide me solution i am not able to save file on /home/kali
did you find answer , i also have problem like your
Its a really worthy 10minutes Thanks for ur efforts ❤
My pleasure 😊
hey after the airodump ng wlan0 command it doesnt show any networks but it switches between channels and all that
did u find a solution for this?
Notice that all the passwords hacked were weak. Cracking a 28 digit password with multiple special characters is nearly impossible even on WPA2. It would have to be a weak password for this to be possible.
When ever i try to send death packets i keep getting bssid not found
There s no password.txt like in 9:10, what did i miss
if password dont in the list filr it wont try to test it so hack fail .. it is bad way !!
I wanna see this done with no dictionary and only rainbow tables
yeah mate mine is just showing 2 with no wreless extenstions on it??
Just make sure the driver is installed for your wireless card
I didn't get the password txt file
I don’t see my password.txt 😢
Me too
thats the word list, is a database of possible passwords, actually this method to crack a wifi password is not good, it is limited in the words that you have on that list, if the password is not there, you'll not crack it. So, is not very useful in most cases
🤦🏻♂️🤦🏻♂️🤦🏻♂️
Bro I ran iwconfig on my Rooted A51F and by wlan0 it says : IEEE Mode:Managed Frequency:2.412 Ghz Bit Rate :43.3 mb/s ........
What da heck does that mean
I can't password.txt, help please
Is it possible to perform this with Twitter authentication codes?
No, I don’t believe so.
its too slow to get handshake packet, maybe wait for couples of days
There is no password.txt in my ls bro
Yeah because that is wordlist i made. You will not have that.
and which type of file i need chose ? .cap?
I tryed and get errer for get password?
Can u make a video step by step on how to do cracking etc. From the moment u start up computer. Do u run soemthing to mask ur ip etc and how to set up files in folders to make easier access. Im having issues with alot these tools ans trying tonrun them. Some i cant even start up or forgot. Other i can type right in and it turns blue and i hit enter and it goes. I want all my tools to start up upon typing it in and hitting enter. Im having issues with missing files too. Its all a mess. Need some help
Disconnecting from currently networking is a chance to fix ? Help plsss
Additional note: If you want to get only the pcap file and not every other crap add - -output-format pcap
Hey idk if you will see this, but let's say i wanna use a router as my network adapter, how do i set it as my main network adapter? Should i just connect it to my laptop through ethernwt wire and type airmond-mg eth? ( i am newbie)
u can't
Hello whay thé password.twt not apear to me when i set ls what IS the problem
Found your channel when I was looking for a Windows Server Training playlist and have been loving it so far! Nice content... and also nice beard, damn!
Você tem um admirador do Brasil ;)
Thank you for the comment and watching the videos. I’m glad you enjoyed my videos 😎. I appreciate it.
Dear Pat, thank you for such a useful tutorial. Unfortunately, I am even less than a beginner and the operation is broken up because of the network disconnecting me during the process. I am using Kali Linux 24.2. I'm following step by step exactly as you are showing us! Thank you! My aim is to be second Kevin Mitnick
but you did not show how iso for the wordlist is in the terminal
That my wordlist I created
do i have to run the kalinux for the mac monterrey to read the 10.15 ?
I’m not sure what you’re asking. I’m sorry.
Hey i can able to find a station it's not showing here so how can i handshake
How to crack with not use Dictionary ?
You can use other techniques like automated Wi-Fi pen, testing tools
what’s the “password.txt” contains? That’s what’s important around there!
@InfoSecPat can aircrack-ng tool run on ubuntu linux?
He dasn't show the list network after start airmond ng wlan0
If seen nobody connected this network then what we do
When I reach the stage of Ibol, nothing appears
From where you got password.txt please explain
Its in the program
just out of curiosity why do i need an external wireless card even for laptop?
Cause it needs packet injection
How do I create temprorary access point like you did, that I can make audit on?
I just had an extra router that I utilize for this video
Can i use aircrack ng in termux android smartphones?
why you need to use a word list if you got the handshake?
What should I do if the password file I have does not contain the key?
You have to use a password list that may contain the file in this video. It’s only for educational purposes and understand how it’s done.
bro i cannot handshke whats my problem
you show us a revealed password but don't indicate how you actually did it and also what dictionary you used, upload it or tell us where it is?
if you think you can crack wpa2psk, forget it. it possible but not happening in real world
How to switch my wlan0 channel to fixed another channel?
thank u so much it's very helpful and i like your honesty you're legit , i have just one question : is the password.txt file automatically generated or it's a word list that you have created ?
he created his password his own.
Its more like bruteforce the password bro
Saçmalıktan ibaret world list te her sifre olmayabilir! Olsa bile milyonlarca kombinasyon ndemektir
i like to use KONSOLE and split the view, makes it easy to airodump in one terminal while you aireplay in a second terminal, all in same window.. u cant sudo apt install it though, has to be built from script
also bro, not to bust your chops, but your cap file is gonna be polluted with deauth packets, you dont even need to start airodump writing the output until AFTER you deauth the device.. if you watch the number of lost frames you can see exactly when the device's connection gets reset, and then start airodump -w
Why there's no password.txt in my file??
That file is my own
I don't get eapol caputer need help!!!
i didn't uderstand what can i put for replace Capture-Pat can someone help me i'm a beginner...
awesome video thank you sir
Glad you liked it