Need help? Join my Discord: discord.com/invite/usKSyzb Menu: Overview: 0:00 Alfa Card Setup: 2:09 Start Wifite: 2:48 Select WiFi network: 3:31 Capture handshake: 4:05 Convert cap to hccapx file: 5:20 Copy file to hashcat: 6:31 Hashcat: 6:50 View GPUs: 7:08 hashcat options: 7:52 Start hashcat: 8:45 Cracked: 10:31 It's really important that you use strong WiFi passwords. Otherwise it's easy to use hashcat and a GPU to crack your WiFi network. Make sure that you are aware of the vulnerabilities and protect yourself. Disclaimer: Video is for educational purposes only. All equipment is my own. Make sure you learn how to secure your networks and applications. Need help? Join my Discord: discord.com/invite/usKSyzb ================ Network Adapters: ================ Alfa AWUS036NHA: amzn.to/3qbQGKN Alfa AWUSO36NH: amzn.to/3moeQiI ================ Previous videos: ================ Kali Installation: ruclips.net/video/VAMP8DqSDjg/видео.html One command wifite: ruclips.net/video/TDVM-BUChpY/видео.html ================ Connect with me: ================ Discord: discord.davidbombal.com Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal RUclips: ruclips.net/user/davidbombal ================ Support me: ================ Join thisisIT: bit.ly/thisisitccna Or, buy my CCNA course and support me: DavidBombal.com: CCNA ($10): bit.ly/yt999ccna Udemy CCNA Course: bit.ly/ccnafor10dollars GNS3 CCNA Course: CCNA ($10): bit.ly/gns3ccna10 ====================== Special Offers: ====================== Cisco Press: Up to 50% discount Save every day on Cisco Press learning products! Use discount code BOMBAL during checkout to save 35% on print books (plus free shipping in the U.S.), 45% on eBooks, and 50% on video courses and simulator software. Offer expires December 31, 2020. Shop now. Link: bit.ly/ciscopress50 ITPro.TV: itpro.tv/davidbombal 30% discount off all plans Code: DAVIDBOMBAL Boson software: 15% discount Link: bit.ly/boson15 Code: DBAF15P Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Sir I love your videos thank you I am studying electronic and communication engineering and as a interest I am learning Kali Linux so i hope one day I can combine Kali Linux and electronic circuits to test some compony systems so o have a question is there any way to crack WPA/WPA2 ,complicated passwords like include capital letters , letters and numbers except John or evil twin or gigabytes of data password. Thank you
I install kali linux 2020.3 in VMWare. And i never can use my wireless, I learn in other video on youtube but is not work. My wireless problem is more, that interface is nothing, not detect, can't scan. I try to download newest driver, follow people instruction, buy new wireless usb adapter. But all this step is not working, I can't scan other Wi-Fi. I try my wi-fi in windows, I try my wireless usb adapter in windows all going normally. Please help me , thank's
Hi @DavidBombal I just passed the CCNA 200-301 on 12-Dec-2020, with 947 points. Thank you so much your channel helped a lot to clarify some doubts. I am looking to continue learning and help other people. Thanks 👌🏾✨
@@davidbombal your videos worth keeping people awake! . I recently got my hands dirty with CyberSecurity, starting from CEH. its very interesting and I am loving it!
@Kamey well, it depends on the eagerness and hunger for learning! What you really value! Now will you sacrifice a little bit your sleep in order to sleep peacefully in the future or will you always say, “will do it tomorrow!” And I am sure that “ tomorrow” will never come!
videos are sooo thorough, they are great, especially for this type of topic where commands, tools, and difficult to understand to those that have just started
This was a great explanation of how to use hashcat. I just tried cracking the NTLMv2 hash from my sandbox and it took 45 minutes on an RTX 2080 MaxQ. Masking really helped speed it up, I didn't want it to take forever. Although Howsecureismypassword says it would take 8 hours. If it was a real machine I would probably change that :)
I'd like to see you crack different router vendors because these x-digits only passwords are kinda rare and vendors are not stupid. You are more likely to run into routers that uses a letter and number combination with upper/lower case chars, some even go as far as using a password that looks like a MAC address.
In some cases you have to do some data gathering and use that to create a custom wordlist (using crunch for example) and plug in any relevant data such as birthdate of network owner name of owner's pet and so on
If I were to assume you are home, the information you provided in your wireless scan seems enough to get a very good idea of where that is. Of course some war driving would be involved.
Anyone looking to do this now would need to convert the .cap file to hc22000 instead of .hccapx if you receive the 'separator unmatched' error in hashcat; You can convert with: hcxpcapngtool -o outputname.hc22000 handshake*.cap
Good morning sir. Your tutorial was great and English as Second language learners may take time. Now Myanmar formerly called BURMA. The citizens are on the road and bagging the DEMOCRACY with peacefully. They are arms less and include students, workers and elderly too. But seen arms force are shooting with life arms and killing. In order to good success or winning their New Generation Kids are try to help with hacking. There are more students will do the same. Please help them sir. Hope you will understand their life in distress and need peaceful calling DEMOCRACY. Trust on you sir.
True, but that's why it's important to get as much information as possible before cracking. AT&T 2-wire boxes have this same problem, but 10 numbers, not 8, but still trivial to brute force. Always try a dictionary attack before resorting to brute force. People make poor choices, and sometimes vendors do too. AT&T has stepped up their game a lot by increasing the length and using numbers, letters and some special characters. For some reason, all the letters are lower case and I believe there might be patterns in the format.
The saddest thing about this 8s that there has been a fix available, for years, that would prevent an outside wifi source to force a deauth on a connected device. Why haven't manufacturers implemented this fix? It wouldn't close the hole completely, but it would sure lengthen the time to perform a handshake capture. The hacker would have to wait for a device to come along and connect to the target network, instead of being able to immediately sniff who's connected and tell the router to deauth one of them.
@@Unknown-yn4pk no, the time grows exponentially. One more printable character and it's about 75 times longer. One more on top of that and it's another 75 times longer again. Brute forcing, even with a top end card is still extremely slow. My gtx960 can do 130k hashes per second, about 20% as fast as the top end card. It took exactly two hours to brute force my home wifi even with hinting from a mask specifically constructed for my PSK, so it only guessed letters (case insensitive) where there were letters and only numbers where there were numbers. Without the hints, it would have taken years. Dictionary attacks are the only "practical" solution, unless you have knowledge of the structure of default passwords.
Good morning sir. Your tutorial was great and English as Second language learners may take time. Now Myanmar formerly called BURMA. The citizens are on the road and bagging the DEMOCRACY with peacefully. They are arms less and include students, workers and elderly too. But seen arms force are shooting with life arms and killing. In order to good success or winning their New Generation Kids are try to help with hacking. There are more students will do the same. Please help them sir. Hope you will understand their life in distress and need peaceful calling DEMOCRACY. Trust on you sir.
Good morning sir. Your tutorial was great and English as Second language learners may take time. Now Myanmar formerly called BURMA. The citizens are on the road and bagging the DEMOCRACY with peacefully. They are arms less and include students, workers and elderly too. But seen arms force are shooting with life arms and killing. In order to good success or winning their New Generation Kids are try to help with hacking. There are more students will do the same. Please help them sir. Hope you will understand their life in distress and need peaceful calling DEMOCRACY. Trust on you sir.
👉🏻| First of all, this guy isn’t a teacher, he is a genius! . Congrats for video, knowledge is power, thanks for sharing an information of quality. 🤙🏻😉👏🏻😎
Hello David, Lots of love from India. I'm following you since a long time now and I'm a big fan of yours and I watch all your videos regularly 🙂 I'm closing following your Ethical hacking tutorials and getting to learn a lot about it. I have a small request to make a video tutorial on "reaver" wireless testing tool. Thanks ☺️
I imagine the default wifi password was never meant to be long term secure, but simply a step up (and maybe legal requirement in some jurisdictions) to not use the same hardcoded password across all devices. Yes, they could have done a better job. Even if all they did was an sha256 of the 8-digit number and use the first 8 characters of that hash, it would increase the search space by ~429x (bump to to 10 and it's ~109951x harder). Of course, if someone knew it is just the hash of an 8-digit number, they could just compute all potential passwords up front, making it a custom wordlist attack.
yeah im trying to bruteforce my password its says the next big bang lol but i only have a 970m graphics card in my laptop i wish i was running his cards lol
Might be helpful to post the captured handshake file so individuals that do not have a capable wireless device can still work through the exercise. Good stuff David.
a good cheap laptop to get is a dell latitude 7440 or above. others will probably work too but the network card in the e7440 and also the e7470 both support monitor mode, plus the laptops are cheap, less than 200 dollars.
Thank you for these videos. I’m in cybersecurity and one of my classes is ethical hacking and I’ve learned more watching your videos than I have in my classes. I finally bought a pc and installed kali on it and been using it to check my network.
If you think this is bad, the Netcomm modem/routers that we shipped from our ISP was a1b2c3d4e5. I've used it a number of times throughout my city. I've got a Google Map list of all the places I know I can rely on for WiFi if I'm in a pinch. I've never even considered using software like this!
Hi David, could you show how to use hashcat with multiple GPUs. For example, if there is an unused mining rig, how to organize remote access and launch hashcat using the power of all its video cards. Thank you for the informative video!
Thx god to let me find ur amazing perfect youtube channel. thx my Teacher . Am an IT student this is last year for me and am gonna graduate and this year we study only cyber security so u helped me a lot as ethical hacker .
Uhh yeah? I mean, I watch a lot of how to make explosive videos. It's indeed just for educational purposes only. I want to learn the chemistry. I also just find it fascinating. I blow it up on my garden. It's just so.. satisfying when something you make is working. I also usually tweak the formula a bit to my liking. I would never blow someone else's garden or house lol.
@@Zaynersyy I don't think you get the joke here lol What he is saying is that the uu literally teaches us how to use a software that usually used for malicious purposes and than says it's for educational purposes only
if you want to be safe with your internet you need to know how it works to crack your password this is ethical hacking and if you use it against someone you'll go to jail
Hello David! Thanks for your video! Did you try the same with hashcat after v6 when they've replaced 2500 with 22000? I am struggling on that. All the best and thank you for everything you are doing for the InfoSec community!
Nice video sir...some people make 10 minute videos and I get bored to watch them but even if you make a 20 minute video...I don't feel bored at all......
David just want to say loved your videos and they are pretty simple and easy to understand as well i wanted to make a request if you could make a video on evil twin attack as well that would be great
David thanks for all your hard work i mean it mate. The quality is on another level. 1) If possible on your next video about hashcat could you explain witch modern GPU`s works better . Is amd still a no ? 2) My problem when i was trying to hash my password ( honestly it was mine) is that i use most of the possible letters and symbols combos(paranoid much...too much hacking videos) and i couldn`t for the life of me figure out what was the right symbols to put behind the ''?''. I want the ''All'' symbol ! Plus a question : in mask attack is there a way to exclude passwords that has sequentially numbers letters and symbols ? Like 111111555 or ffffff8888 ? I believe that this would significantly cut down the time. ( currently after next big bang). Doing research found that crunch can generate a wordlist provided you configured right but the amount of terabytes its too damn high and not a valid option for me. Going down the rabbit hole i found that there is a way to "pipe" this process directly to hashcat. I haven't tried this yet cause of luck of know how and i probably wont cause also i don't have a spare pc if it goes bam!. Sorry for the rant.
2 года назад
haha there is a way... use random number and each time you increase the random seed. for sure the number sequence will not be repeated
Thank you. Amazing Video. It emphasises why we should have a strong password. Especially in Wireless. Is it really this simple to capture wireless handshakes?
Good morning sir. Your tutorial was great and English as Second language learners may take time. Now Myanmar formerly called BURMA. The citizens are on the road and bagging the DEMOCRACY with peacefully. They are arms less and include students, workers and elderly too. But seen arms force are shooting with life arms and killing. In order to good success or winning their New Generation Kids are try to help with hacking. There are more students will do the same. Please help them sir. Hope you will understand their life in distress and need peaceful calling DEMOCRACY. Trust on you sir.
It's so easy! Just need to have the right tools. You can send out deauth packets to kick users off their own network then when they reconnect capture the handshake.
David did not bumble.... Great content! I'm wondering if hashcat generates detailed logs, I'm researching a new protocol that requires seeing how the handshake deals with incorrect keys.
They recently changed -m 2500 to -m 22000 and when I try to run it I’m getting separator unmatched errors with no results. Does anyone know how I can fix this?
In my perspective, this 8-digit key has been designed to offer a moderately secure means of authentication with the wifi router, thereby introducing an additional layer of security as you configure your own key.
Hey David, I'm following these instructions, but I keep getting an error saying that "The plugin 2500 is deprecated and was replaced with plugin 22000." When I switch my -m to 22000 instead of 2500, I get a bunch of separator errors. Do you or anyone else know how to fix this?
Okay I'm a little late to the mark here so I guess you have resolved this yourself but for anyone that is struggling still, You need to convert the .cap file to .hc22000 not .hccapx because hashcat no longer supports that format and there is more to a hash file than meets the eye so I would say disabling checks most probably wouldn't work. Use hcxpcapngtool (which I imagine you already have installed since you're watching this) and run $ hcxpcapngtool -o outputfilename.hc22000 handshake*.cap (what ever your input file is called) and yes there are no args for the input and this took me about 15 minutes to figure out... shamefully
Besides Cracking tools and dictionary attacks , I suggest you try some phishing attacks with some powerful tools like airgeddon , fluxion , wifi-phisher . They are amazing tools with everything included . With these you will no longer have to wait if you phish your target successfully Thanks
@@davidbombal Haha.. That would be great but i use Alpha-Galatic complex passwords for my WPA-Infinity Router :P , (just kidding, made all that up) . But in reality people have tough time remembering their passwords so they just use their phone numbers. Also, if you could make a video on recent SolarFlare & Solar winds attack, that would be great !
@@moonshinestv1084 No he didn't... He used what's called an 8 digit mask. It tries every number (0-9) for one to eight digits. WPA requires a minimum of 8 characters, and if someone is using all digits it will most likely be 8, 9 or 10 digits long (because people don't remember long strings of numbers easily so they will either use a minimum length string or birthday which is 8 characters, a SSN which is 9, or a phone number which is 10)
u can use crunch to generate wordlists with all letters and specify how many characters crunch u can search the usage in google...i dont remeber the format
Hello David I have been looking around but I don't seem to find an answer, following this tutorial on the current version of hashcat will say that -m 2500 is depracated and should use 22000 instead, But when I do 22000 with the file wap2.hccpax that we created in this tutorial it comes with separator errors. Would you have an idea of how to get around this? Thanks in advance :)
You can do barely nothing. At most you can try searching for some default passwords examples of the router you captured the handshake from and then see how does that router generates the password and hopefully you will find some patterns. Keep in mind that WPA, WPA2 and i think WPA3 passwords can NOT be shorter than 8 characters. A part from 8 characters, other most common password lenghts are 10, 12, 14 and 16 and 20. Those are impossible to crack with a normal pc as you would need a lot of them.
On my First try, the entire system shut down. Second try with all fan blasting, Success!! It took 3 minutes 4 seconds to crack. & yes it was a TP-link. Thanks
Hey dude, i got a message when i run the command: hashcat.exe -I , it says "Unsupported AMD HIP runtime version '0.0.3240' detected! Falling back to OpenCL..." . How can i fix this problem? Need some advice bro. Thanks a lot!!
sir i love you i don't have linux but i am gonna download it and soon gonna practicing all these kinda stuff cause its meant for me to learn it in 2021 and i hope you keep uploading all these kinda i am really excited and i always wanted to have something like that and that is hacking skill
Probably this is what my mother experiencing when I explaining her how to update a driver on her laptop... :D Poor her! I will do it better after this thank you! :D even if it was not the purpose of your video!
Good morning sir. Your tutorial was great and English as Second language learners may take time. Now Myanmar formerly called BURMA. The citizens are on the road and bagging the DEMOCRACY with peacefully. They are arms less and include students, workers and elderly too. But seen arms force are shooting with life arms and killing. In order to good success or winning their New Generation Kids are try to help with hacking. There are more students will do the same. Please help them sir. Hope you will understand their life in distress and need peaceful calling DEMOCRACY. Trust on you sir.
Morning David, Cheers for the video. Your cracking time would have been quicker if you had cleaned the cap. HS had to crack 4 of the same wpa captures ? . Thanks again Kev
@@davidbombalOk possibly bad cap at my side. Really enjoy your tutorials. May I ask where your accent is from. You sound like someone who would enjoy Biltong. Cheers Kev
Well oh well. 8 years, 182 days for me. I'd rather mine bitcoins )) Jokes aside, great video! As always. David's videos are the only videos on RUclips I'm watching only if I have my notepad ready to take notes
If you are having the problem that you cannot use the method 2500 because it got deprecated, like me, just try downloading the version 6.1.1 from the website and allow it to work from your antivirus
Modern routers has a default Key of 8-10 digts alphanumeric, also uppercase letters, it is 49 probs per digit, 49^8 are literally imposible to crack, unless you live 1294132959351951 years
just a quick note, /usr is pronounced as U-S-R, it stands for unix system resources. just saying this because many beginners will think that the /usr directory has something to do with the user.
Is it a router or a router? Tomato or tomato? Is it Linux or Linux? Etc or etc? Seems others also disagree with you about usr: www.linode.com/community/questions/3714/how-do-you-pronounce-usr
What i understood from these videos is That..You can only crack passwords of your own network because you Know the Pattern.. If you don't know the Pattern Dictionary Attack is the only Solution to it...And it might work Might Not depending upon how naive wifi owner is.
![Stromae, Pomme - “Ma Meilleure Ennemie” (from Arcane Season 2) [Official Visualizer]](http://i.ytimg.com/vi/1F3OGIFnW1k/mqdefault.jpg)
Need help? Join my Discord: discord.com/invite/usKSyzb
Menu:
Overview: 0:00
Alfa Card Setup: 2:09
Start Wifite: 2:48
Select WiFi network: 3:31
Capture handshake: 4:05
Convert cap to hccapx file: 5:20
Copy file to hashcat: 6:31
Hashcat: 6:50
View GPUs: 7:08
hashcat options: 7:52
Start hashcat: 8:45
Cracked: 10:31
It's really important that you use strong WiFi passwords. Otherwise it's easy to use hashcat and a GPU to crack your WiFi network. Make sure that you are aware of the vulnerabilities and protect yourself.
Disclaimer: Video is for educational purposes only. All equipment is my own. Make sure you learn how to secure your networks and applications.
Need help? Join my Discord: discord.com/invite/usKSyzb
================
Network Adapters:
================
Alfa AWUS036NHA: amzn.to/3qbQGKN
Alfa AWUSO36NH: amzn.to/3moeQiI
================
Previous videos:
================
Kali Installation: ruclips.net/video/VAMP8DqSDjg/видео.html
One command wifite: ruclips.net/video/TDVM-BUChpY/видео.html
================
Connect with me:
================
Discord: discord.davidbombal.com
Twitter: twitter.com/davidbombal
Instagram: instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
RUclips: ruclips.net/user/davidbombal
================
Support me:
================
Join thisisIT: bit.ly/thisisitccna
Or, buy my CCNA course and support me:
DavidBombal.com: CCNA ($10): bit.ly/yt999ccna
Udemy CCNA Course: bit.ly/ccnafor10dollars
GNS3 CCNA Course: CCNA ($10): bit.ly/gns3ccna10
======================
Special Offers:
======================
Cisco Press: Up to 50% discount
Save every day on Cisco Press learning products! Use discount code BOMBAL during checkout to save 35% on print books (plus free shipping in the U.S.), 45% on eBooks, and 50% on video courses and simulator software. Offer expires December 31, 2020. Shop now.
Link: bit.ly/ciscopress50
ITPro.TV:
itpro.tv/davidbombal
30% discount off all plans Code: DAVIDBOMBAL
Boson software: 15% discount
Link: bit.ly/boson15
Code: DBAF15P
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Sir I love your videos thank you I am studying electronic and communication engineering and as a interest I am learning Kali Linux so i hope one day I can combine Kali Linux and electronic circuits to test some compony systems so o have a question is there any way to crack WPA/WPA2 ,complicated passwords like include capital letters , letters and numbers except John or evil twin or gigabytes of data password. Thank you
how to hack wifi using wsl2 kali linux ?
Your chair is sick, what is it mate?
what if wps is disabled. is still work or not?
I install kali linux 2020.3 in VMWare. And i never can use my wireless, I learn in other video on youtube but is not work. My wireless problem is more, that interface is nothing, not detect, can't scan. I try to download newest driver, follow people instruction, buy new wireless usb adapter. But all this step is not working, I can't scan other Wi-Fi. I try my wi-fi in windows, I try my wireless usb adapter in windows all going normally. Please help me , thank's
Hi @DavidBombal I just passed the CCNA 200-301 on 12-Dec-2020, with 947 points. Thank you so much your channel helped a lot to clarify some doubts. I am looking to continue learning and help other people. Thanks 👌🏾✨
Bruh I'm stuck on no hashes loaded in the last step also congrats on the ccna I've heard it's really hard
Cant Even get to run it lol
Uh.. I feel want to sleep... It's 2:54 am now ... Bye David.. gud night
Sorry to keep you awake 😔
@@davidbombal your videos worth keeping people awake! . I recently got my hands dirty with CyberSecurity, starting from CEH. its very interesting and I am loving it!
@@davidbombal David I was wondering when will u start the Christmas giveaways ?????
@Kamey well, it depends on the eagerness and hunger for learning! What you really value! Now will you sacrifice a little bit your sleep in order to sleep peacefully in the future or will you always say, “will do it tomorrow!” And I am sure that “ tomorrow” will never come!
@@arshidshafi378 30th February
Menu:
Overview: 0:00
Alfa Card Setup: 2:09
Start Wifite: 2:48
Select WiFi network: 3:31
Capture handshake: 4:05
Convert cap to hccapx file: 5:20
Copy file to hashcat: 6:31
Hashcat: 6:50
View GPUs: 7:08
hashcat options: 7:52
Start hashcat: 8:45
Cracked: 10:31
videos are sooo thorough, they are great, especially for this type of topic where commands, tools, and difficult to understand to those that have just started
When I saw the title WPA2 I was shocked and very eager to learn but it was just some easy numbers which we all know is possible
This was a great explanation of how to use hashcat. I just tried cracking the NTLMv2 hash from my sandbox and it took 45 minutes on an RTX 2080 MaxQ. Masking really helped speed it up, I didn't want it to take forever. Although Howsecureismypassword says it would take 8 hours. If it was a real machine I would probably change that :)
What if i don't know the password Pattern Could You Explain??
MaxQ 😂
I'd like to see you crack different router vendors because these x-digits only passwords are kinda rare and vendors are not stupid. You are more likely to run into routers that uses a letter and number combination with upper/lower case chars, some even go as far as using a password that looks like a MAC address.
In some cases you have to do some data gathering and use that to create a custom wordlist (using crunch for example) and plug in any relevant data such as birthdate of network owner name of owner's pet and so on
more so in the UK
@@nameless191 He's talking about the default passwords not the ones set up by the owner.
Try that on a password after you throw some letters into the mix LOL, but it is a good video at the end of the day, liked and subscribed.
I am brand new to DAW and soft soft - these tutorials are excellent an very helpful to get soone like up and running. Appreciate
I'd love to see you deploy attacks like these on a raspberry pi setup. Great content as always.
Great suggestion. This one won't work very well because we need decent GPUs
@@davidbombal I think I got about 600 keys/s lol
If I were to assume you are home, the information you provided in your wireless scan seems enough to get a very good idea of where that is. Of course some war driving would be involved.
This is a very interesting video and demonstration.
Thanks.
Glad you liked it!
Hello
Anyone looking to do this now would need to convert the .cap file to hc22000 instead of .hccapx if you receive the 'separator unmatched' error in hashcat; You can convert with:
hcxpcapngtool -o outputname.hc22000 handshake*.cap
Finally a video wich i can send to my family so they will stop asking why a random device connected to them thanks David
Great content as per usual keep it up David, this vidoes are very well made!
Thank you Terry!
Good morning sir. Your tutorial was great and English as Second language learners may take time. Now Myanmar formerly called BURMA. The citizens are on the road and bagging the DEMOCRACY with peacefully. They are arms less and include students, workers and elderly too. But seen arms force are shooting with life arms and killing. In order to good success or winning their New Generation Kids are try to help with hacking. There are more students will do the same. Please help them sir. Hope you will understand their life in distress and need peaceful calling DEMOCRACY. Trust on you sir.
Great video sir! If you could make a video on cracking a password on Kali with Hashcat I think it would benefit a lot of people. Love the grind!
It is literally the same command structure as far as switches go.
add one symbol and litre and it gone to 13 years 🤭
True, but that's why it's important to get as much information as possible before cracking. AT&T 2-wire boxes have this same problem, but 10 numbers, not 8, but still trivial to brute force. Always try a dictionary attack before resorting to brute force. People make poor choices, and sometimes vendors do too. AT&T has stepped up their game a lot by increasing the length and using numbers, letters and some special characters. For some reason, all the letters are lower case and I believe there might be patterns in the format.
The saddest thing about this 8s that there has been a fix available, for years, that would prevent an outside wifi source to force a deauth on a connected device. Why haven't manufacturers implemented this fix? It wouldn't close the hole completely, but it would sure lengthen the time to perform a handshake capture. The hacker would have to wait for a device to come along and connect to the target network, instead of being able to immediately sniff who's connected and tell the router to deauth one of them.
nope, it would take less than extra 3 minutes on at least gtx1660
@@Unknown-yn4pk no, the time grows exponentially. One more printable character and it's about 75 times longer. One more on top of that and it's another 75 times longer again. Brute forcing, even with a top end card is still extremely slow. My gtx960 can do 130k hashes per second, about 20% as fast as the top end card. It took exactly two hours to brute force my home wifi even with hinting from a mask specifically constructed for my PSK, so it only guessed letters (case insensitive) where there were letters and only numbers where there were numbers. Without the hints, it would have taken years. Dictionary attacks are the only "practical" solution, unless you have knowledge of the structure of default passwords.
@@tonyfremont btw if I'm right my pass have a 12 character example 5hc73k90f7k3 i nead use a
?h?h?h?h?h?h?h?h?h?h?h?h right?
Finally the one that I'm looking for! Amazing video!! Id love to see an evil twin attack!
Thank you Nawid! All in good time :)
Good morning sir. Your tutorial was great and English as Second language learners may take time. Now Myanmar formerly called BURMA. The citizens are on the road and bagging the DEMOCRACY with peacefully. They are arms less and include students, workers and elderly too. But seen arms force are shooting with life arms and killing. In order to good success or winning their New Generation Kids are try to help with hacking. There are more students will do the same. Please help them sir. Hope you will understand their life in distress and need peaceful calling DEMOCRACY. Trust on you sir.
Great stuff, David! Thank for for the excellent explanation!
Hello
In this video i think you forget or leave the blur part which i seen your previous videos
You are a awesome teacher , You explain topic very smoothly.
Thank you Alok. Not a big problem hopefully :)
Good morning sir. Your tutorial was great and English as Second language learners may take time. Now Myanmar formerly called BURMA. The citizens are on the road and bagging the DEMOCRACY with peacefully. They are arms less and include students, workers and elderly too. But seen arms force are shooting with life arms and killing. In order to good success or winning their New Generation Kids are try to help with hacking. There are more students will do the same. Please help them sir. Hope you will understand their life in distress and need peaceful calling DEMOCRACY. Trust on you sir.
👉🏻| First of all, this guy isn’t a teacher, he is a genius!
.
Congrats for video, knowledge is power, thanks for sharing an information of quality.
🤙🏻😉👏🏻😎
Hello David, Lots of love from India. I'm following you since a long time now and I'm a big fan of yours and I watch all your videos regularly 🙂 I'm closing following your Ethical hacking tutorials and getting to learn a lot about it.
I have a small request to make a video tutorial on "reaver" wireless testing tool. Thanks ☺️
Thank you! And great suggestion!
@@davidbombal thank you so much for your acknowledgement ❤️🙂 looking forward to it.
I imagine the default wifi password was never meant to be long term secure, but simply a step up (and maybe legal requirement in some jurisdictions) to not use the same hardcoded password across all devices. Yes, they could have done a better job. Even if all they did was an sha256 of the 8-digit number and use the first 8 characters of that hash, it would increase the search space by ~429x (bump to to 10 and it's ~109951x harder).
Of course, if someone knew it is just the hash of an 8-digit number, they could just compute all potential passwords up front, making it a custom wordlist attack.
yeah im trying to bruteforce my password its says the next big bang lol but i only have a 970m graphics card in my laptop i wish i was running his cards lol
@@mikebrandt5773does it work? on that graphics card
Might be helpful to post the captured handshake file so individuals that do not have a capable wireless device can still work through the exercise. Good stuff David.
a good cheap laptop to get is a dell latitude 7440 or above. others will probably work too but the network card in the e7440 and also the e7470 both support monitor mode, plus the laptops are cheap, less than 200 dollars.
@@RockG.o.d so with these dell laptops you don't need that Alpha wireless adapter?
@@WatchTheLadyOfHeaven313 that’s right.
Thank you for these videos. I’m in cybersecurity and one of my classes is ethical hacking and I’ve learned more watching your videos than I have in my classes. I finally bought a pc and installed kali on it and been using it to check my network.
Keep grinding we need more of these amazing videos
Yes
@@hackerindia313 yessir
Hello
@@hackerdaniel2761 what’s up man!
@@hackerdaniel2761 Hi
If you think this is bad, the Netcomm modem/routers that we shipped from our ISP was a1b2c3d4e5. I've used it a number of times throughout my city. I've got a Google Map list of all the places I know I can rely on for WiFi if I'm in a pinch. I've never even considered using software like this!
Hi David, could you show how to use hashcat with multiple GPUs. For example, if there is an unused mining rig, how to organize remote access and launch hashcat using the power of all its video cards. Thank you for the informative video!
Excellent presentation! Please go into detail in future videos.
Superb content as always David!
Much appreciated Rodrigo!
I love your material, still aspiring to be at least half the skill you are. Thank you
I tried hacking my own WiFi but realised I can't watch the video at the same time😂😂😂😂
😆
Thx god to let me find ur amazing perfect youtube channel. thx my Teacher . Am an IT student this is last year for me and am gonna graduate and this year we study only cyber security so u helped me a lot as ethical hacker .
*"This is how to make a BOMB"*
Disclaimer:This is for educational purposes only...
🤣🤣🤣
Uhh yeah? I mean, I watch a lot of how to make explosive videos. It's indeed just for educational purposes only. I want to learn the chemistry. I also just find it fascinating. I blow it up on my garden. It's just so.. satisfying when something you make is working. I also usually tweak the formula a bit to my liking. I would never blow someone else's garden or house lol.
@@Zaynersyy I don't think you get the joke here lol
What he is saying is that the uu literally teaches us how to use a software that usually used for malicious purposes and than says it's for educational purposes only
if you want to be safe with your internet you need to know how it works to crack your password this is ethical hacking and if you use it against someone you'll go to jail
I learnt so much!
I cracked my own TP-link as well. Thank you!
Can you someday may one video using Cain and Abel tool for Windows? (maybe)?
Hello David! Thanks for your video! Did you try the same with hashcat after v6 when they've replaced 2500 with 22000? I am struggling on that. All the best and thank you for everything you are doing for the InfoSec community!
Hey.. Are you facing some kind of error?
I did use it with 22000 successfully
@@tiloalodid u do it the exact same in the video but with 22000
This was amazing, I've got rtx 4050 laptop GPU. It should take less time. I will give it a try
Thank You So Much for a very easy to understand instructions
Mad Respect 🙏🏼
Nice video sir...some people make 10 minute videos and I get bored to watch them but even if you make a 20 minute video...I don't feel bored at all......
David just want to say loved your videos and they are pretty simple and easy to understand as well
i wanted to make a request if you could make a video on evil twin attack as well that would be great
Great teacher...❤️
Thank you Sudharshan!
Impressive!
I am surrounded by WPS networks 🤩
Therefore only 4 digits are necessary.
David thanks for all your hard work i mean it mate. The quality is on another level.
1) If possible on your next video about hashcat could you explain witch modern GPU`s works better . Is amd still a no ?
2) My problem when i was trying to hash my password ( honestly it was mine) is that i use most of the possible letters and symbols combos(paranoid much...too much hacking videos) and i couldn`t for the life of me figure out what was the right symbols to put behind the ''?''. I want the ''All'' symbol !
Plus a question : in mask attack is there a way to exclude passwords that has sequentially numbers letters and symbols ? Like 111111555 or ffffff8888 ?
I believe that this would significantly cut down the time. ( currently after next big bang).
Doing research found that crunch can generate a wordlist provided you configured right but the amount of terabytes its too damn high and not a valid option for me.
Going down the rabbit hole i found that there is a way to "pipe" this process directly to hashcat. I haven't tried this yet cause of luck of know how and i probably wont cause also i don't have a spare pc if it goes bam!.
Sorry for the rant.
haha there is a way... use random number and each time you increase the random seed. for sure the number sequence will not be repeated
Thanks for sharing and teaching. This video was nice and clear. Voice was great.
I needed this i like the idea to crack it in windows..thnks!!!
progression hits 69% *cracked* N I C E
Thank you. Amazing Video. It emphasises why we should have a strong password. Especially in Wireless.
Is it really this simple to capture wireless handshakes?
Agreed. Definitely need to use strong passwords. It is very simple if you are in range and clients are connected.
Good morning sir. Your tutorial was great and English as Second language learners may take time. Now Myanmar formerly called BURMA. The citizens are on the road and bagging the DEMOCRACY with peacefully. They are arms less and include students, workers and elderly too. But seen arms force are shooting with life arms and killing. In order to good success or winning their New Generation Kids are try to help with hacking. There are more students will do the same. Please help them sir. Hope you will understand their life in distress and need peaceful calling DEMOCRACY. Trust on you sir.
It's so easy! Just need to have the right tools. You can send out deauth packets to kick users off their own network then when they reconnect capture the handshake.
David did not bumble.... Great content!
I'm wondering if hashcat generates detailed logs, I'm researching a new protocol that requires seeing how the handshake deals with incorrect keys.
They recently changed -m 2500 to -m 22000 and when I try to run it I’m getting separator unmatched errors with no results. Does anyone know how I can fix this?
In my perspective, this 8-digit key has been designed to offer a moderately secure means of authentication with the wifi router, thereby introducing an additional layer of security as you configure your own key.
True but a lot of people keep the default password
Hey David, I'm following these instructions, but I keep getting an error saying that "The plugin 2500 is deprecated and was replaced with plugin 22000." When I switch my -m to 22000 instead of 2500, I get a bunch of separator errors. Do you or anyone else know how to fix this?
Same with me found anything?
Use earlier version of hashcat.... Like 4.0.1 or something like that.... And use -m 2500 in it..
You can use the same version as David's ie 6.1.1 and it will work ok. With the latest 6.2.5, it keeps throwing errors indeed.
If you're using kali linux try -m 2500 and put --deprecated-check-disable at the end and see if that works
Okay I'm a little late to the mark here so I guess you have resolved this yourself but for anyone that is struggling still, You need to convert the .cap file to .hc22000 not .hccapx because hashcat no longer supports that format and there is more to a hash file than meets the eye so I would say disabling checks most probably wouldn't work.
Use hcxpcapngtool (which I imagine you already have installed since you're watching this) and run $ hcxpcapngtool -o outputfilename.hc22000 handshake*.cap (what ever your input file is called) and yes there are no args for the input and this took me about 15 minutes to figure out... shamefully
Teacher, its so interesting on doing this as your guide thank u
why didn't you mention the problem "No hashes loaded"?
Would do well to
you found solution?
Dude you the bomb so glad I found your channe
Good Lesson Sir 🔥🔥🔥
Thank you Ujitha
Besides Cracking tools and dictionary attacks , I suggest you try some phishing attacks with some powerful tools like airgeddon , fluxion , wifi-phisher . They are amazing tools with everything included . With these you will no longer have to wait if you phish your target successfully
Thanks
May I ask why you switch to windows to use hashcat?
I'm assuming nvidia drivers are probably better on windows but I have no idea
Most of the time people use their mobile phone numbers as their Wifi Password ! Now you know how to begin :)
lol... how many digits in your telephone number?
@@davidbombal 10
@@NeelNarayan I'll create a video about that. Want to share your number :) Just kidding. I'll have to pick a good USA telephone number example.
@@davidbombal Haha.. That would be great but i use Alpha-Galatic complex passwords for my WPA-Infinity Router
:P , (just kidding, made all that up) . But in reality people have tough time remembering their passwords so they just use their phone numbers. Also, if you could make a video on recent SolarFlare & Solar winds attack, that would be great !
Just a question: How to guess How many characters we need to find ? I mean usualy we haven't any clue so how many " ? " to put in ?
He knew the wifi password and include it in the wordlist already lol thats y people say brute force sucks
@@moonshinestv1084 No he didn't... He used what's called an 8 digit mask. It tries every number (0-9) for one to eight digits. WPA requires a minimum of 8 characters, and if someone is using all digits it will most likely be 8, 9 or 10 digits long (because people don't remember long strings of numbers easily so they will either use a minimum length string or birthday which is 8 characters, a SSN which is 9, or a phone number which is 10)
u can use crunch to generate wordlists with all letters and specify how many characters
crunch
u can search the usage in google...i dont remeber the format
Those WiFi adapters are $70 now! You made the price go up lol
Hello David I have been looking around but I don't seem to find an answer, following this tutorial on the current version of hashcat will say that -m 2500 is depracated and should use 22000 instead, But when I do 22000 with the file wap2.hccpax that we created in this tutorial it comes with separator errors. Would you have an idea of how to get around this? Thanks in advance :)
same probleme here , did you find a solution?
same problem here to..
Same problems
Solution?
Same here
Fantastic now I don't need to pay for internet any more. Great Video
what if I don't know the password lenght?
You can do barely nothing. At most you can try searching for some default passwords examples of the router you captured the handshake from and then see how does that router generates the password and hopefully you will find some patterns.
Keep in mind that WPA, WPA2 and i think WPA3 passwords can NOT be shorter than 8 characters.
A part from 8 characters, other most common password lenghts are 10, 12, 14 and 16 and 20. Those are impossible to crack with a normal pc as you would need a lot of them.
wow...information knowledge for who is bigginer in this field
That's a great video,please make more videos
Finally found some quality content
💯💯💯💯
That is incredible.
It's a good job I never use default passwords.
Thumb up for the knowledge, I changed my password immediately after the video 😂
On my First try, the entire system shut down. Second try with all fan blasting, Success!! It took 3 minutes 4 seconds to crack. & yes it was a TP-link. Thanks
We trust you received the usual lecture form the local system Administrator. It usually boils down to those things = errors show
Thanks a lot , Yes pls we need more videos using hashcat.
very cool! :) I wish there were larger wordslists out there to download, perhaps per router model
@David Bombal Thanks for this video.
Excellent thank you, Would be good to see a Linux (kali) version using Hashcat
Hey dude, i got a message when i run the command: hashcat.exe -I , it says "Unsupported AMD HIP runtime version '0.0.3240' detected! Falling back to OpenCL..." . How can i fix this problem? Need some advice bro. Thanks a lot!!
LOVE your videos Great teacher securing my / SOHO / AS YOU SPEAK
sir i love you i don't have linux but i am gonna download it and soon gonna practicing all these kinda stuff cause its meant for me to learn it in 2021 and i hope you keep uploading all these kinda i am really excited and i always wanted to have something like that and that is hacking skill
sir rather than using wifite to automate capturing of handshake, you should use manual method by using aircrack-ng suite. Love your videos
? .... Why?
if your pro help me man
There are various tutorials that can help you to capture handshake manually using airodump-ng and aireplay-ng to perform a deauth attack.
Probably this is what my mother experiencing when I explaining her how to update a driver on her laptop... :D Poor her! I will do it better after this thank you! :D even if it was not the purpose of your video!
Good morning sir. Your tutorial was great and English as Second language learners may take time. Now Myanmar formerly called BURMA. The citizens are on the road and bagging the DEMOCRACY with peacefully. They are arms less and include students, workers and elderly too. But seen arms force are shooting with life arms and killing. In order to good success or winning their New Generation Kids are try to help with hacking. There are more students will do the same. Please help them sir. Hope you will understand their life in distress and need peaceful calling DEMOCRACY. Trust on you sir.
Legend has it if you do this with an RTX3090 it will finish in the past
The world's best teacher thanks
Yes please do more on hashcat!!
100 million possibilities - variations with répétions , since ?d?d... -> 10x10x10...x10 -> 10^8
It works fo default Password only.. it was amazing while cracking thanks for this video.,
Used a GTX6660S 6 G/ddr6 -> 6 mins for a bruteforce of 12 randomized characters :) (around 10 million p/s) :)
It took a second with no extra step man thanks a lot a hacking fun God bless ya man
What 12 year old timmys look up after getting roasted online
Morning David, Cheers for the video. Your cracking time would have been quicker if you had cleaned the cap. HS had to crack 4 of the same wpa captures ? . Thanks again Kev
No. I have tested this in the past. Same results.
@@davidbombalOk possibly bad cap at my side. Really enjoy your tutorials. May I ask where your accent is from. You sound like someone who would enjoy Biltong. Cheers Kev
Thank you so much for this educational video 😊
have you tried it successfully??
Hi amazing videos you make... Question can we set the time of discovering clients at WPA hacking?
Well oh well. 8 years, 182 days for me.
I'd rather mine bitcoins ))
Jokes aside, great video! As always. David's videos are the only videos on RUclips I'm watching only if I have my notepad ready to take notes
love you and your content so much :D
If you are having the problem that you cannot use the method 2500 because it got deprecated, like me, just try downloading the version 6.1.1 from the website and allow it to work from your antivirus
Modern routers has a default Key of 8-10 digts alphanumeric, also uppercase letters, it is 49 probs per digit, 49^8 are literally imposible to crack, unless you live 1294132959351951 years
just a quick note, /usr is pronounced as U-S-R, it stands for unix system resources. just saying this because many beginners will think that the /usr directory has something to do with the user.
Is it a router or a router? Tomato or tomato? Is it Linux or Linux? Etc or etc? Seems others also disagree with you about usr: www.linode.com/community/questions/3714/how-do-you-pronounce-usr
Would be nice to see Hashcat bruteforcing Windows 10 SAM file to decrypt Windows password
Thank you so much mister David. Very cool tutorial.
love the vidios , just got my wifi adaptor
Thanks for the amazing video.
A quick question after finishing your CCNA class on Udemey shall we need to buy and practice the dumps for the exam ?
Yes it is recommended, make sure to tell your exam instructor about this and you might get extra 10 mins depending on where you live.
Good luck.
@@8Jallin thanks for the reply, from where can I get the verified dumps
What i understood from these videos is That..You can only crack passwords of your own network because you Know the Pattern..
If you don't know the Pattern Dictionary Attack is the only Solution to it...And it might work Might Not depending upon how naive wifi owner is.
He literally did a brute force attack in this video?
It took me only 2 min xD (same GPU)
Thanks!