Basically if you want to be safe against this, just like any other piece of software/website/service - have a really secure password. Larger passwords are exponentially harder to crack (as long as they aren't a common password), especially with a combination of symbols, uppercase, lowercase, and numbers.
@@e1woqf Split the bill. Both get it for half price then. Used to be common until people were scared by the "it could be a P. or a T. using your connection, getting you into trouble.". This is why you should know, and get on with, your neighbours.
Amazing. A standard dictionary attack against a WPA handshake. It's truly revolutionary! I'm sure it'll be able to crack 99% of networks out there, especially the ones with non-dictionary passwords generated automatically by ISPs
You get it! I like the idea of this thing, and will definitely be making one just because this seems a lot easier than carrying around, powering up, and running commands on my Pi 2 but the reality is that this doesn't do anything you can't already do with a laptop and a WiFi adapter. I got all excited when I heard "Automatically" but I guess I needed to remind myself that a 16 year brutce force/dictionary attack is still "Automatic" if it runs itself the whole time.......
Well you need a dictionary that includes the default password lists of your local isps. For example in my area there are 3 major isps and their entire password lists add 600k entries to my dictionary. At least on a laptop that only represents a few minutes of time (I imagine a pi might add 10s of minutes)
@@Matt18001 where I do live we have router provided by the internet provider, with randomized 20 chars pass, made of digits, uppers and lowers, no default lass, so even with brute force, 20 chars would take an eternity, better to go phishing 😉 But using this tool with dictionary on a whole day of walking in a big town can still bring results thanks to the huge quantity of handshakes collected, some may be weak.
Another way to protect yourself is to upgrade your wifi to WPA3, which doesn't have the same auth vulnerability with its handshake. Not every little smart device is compatible with it yet of course, but computers are
Does assigning and limiting IP Adddresses help? Maybe some routers can send a notification when a New device is attempting to access the network. A lot of the world does Not have the skill or money to upgrade to the latest tech or Use IP Provided Routers.
@@nin1ten1do So are a lot of people who are smarter than both of us lol And eventually, one day a backdoor will be found, and a new standard will subsequently be released to replace WPA3 when that happens just like with how WPA3 is replacing WPA2
@@KOOLAIDxK1D No, not entirely clickbait. The pwnagotchi can be loaded with a plugin that automatically sends the intercepted hashes to an online cracking service, which emails you if it gets a hit. Doesn't get everything, but its still functional.
while whitelisting MAC addresses is helpful and a good step, a fair few devices can spoof any MAC address they want (Hell, my home sever here has that option for both it's adapters in regular desktop Linux, Mint to be precise). As an aside, a hacking tool has no business being that cute.
Two connected network devices can Not have the same Mac address from my understanding. Both devices would receive some but probably not all data. The device would not function properly. This would Alert the network normal users at homes. I like increasing password length and adding special characters as AI and advances in computing make it possible to Crack shorter passwords or passwords not using special characters.
@BangBangBang. pretty sure that IS done because of how trivial it is. How often I'm not sure, but settling up a whitelist still is the security equivalent of using a $5 chain lock on your front door.
@@DFX2KX Exactly, his "logic" is very "special". Trivial things like this are just automatically done by most scripts. Getting a list of allowed mac adresses is standard procedure just in case there is a white list. Precisely because it is so trivial you just exclude this potential source of problems. Diagnosing randomly refused or dropped connections is way more of a hassle then just doing stuff like this from the start. There is no downside to just doing this every time if there are any devices online.
Came across this channel in one of your shorts, and began watching your full length videos - really liking the presentation and the content - you have yourself a new sub here.
So it doesnt actually let you hack any wifi. It does what every other wifi hacking method does. It captures the packages and youre STILL relying on bruteforce/dictionary attack on the hashes. This makes this otherwise cute little tool pretty moot as theres tons of tools out there can you could do this with that would be cheaper to build and smaller.
@@johndoe__8 Its just about capturing the handshakes. You can get an arduino IDE board for like $10 or so. And a cheap wifi antenna for about the same. The rest is code
This device claims it attacks any wifi hotspot, which is an overclaim. Without even finishing the rest of the video, I can make some guesses. It will work with something like EAP-TLS, and it likely uses WPA2 handshake vulnerability, which is majorly fixed in WPA3. And After I finish the video my assumption is true. I am usually very careful when I hear it works on anything. 99% of the time, it's a troll.
Sort of, yes, it is the only thing that will just always work with minimal effort. But many people still make severe mistakes in password choice. But I agree, router defaults have become more sensible during the last 20 years. Doesn't prevent people from changing them to less sensible options.
Does this work on WPA3? Video only mentions WPA and WPA2. Also, how about WPA2-enterprise, i.e. EAP-TLS? Should work, since "hack any wifi network" would include that.
First of all you did not create it and it is not new... Those exist for a long time... Second of all it just works for wpa (an already old and vulnerable protocol...) Which no one should use anyways... . And third of all it just catches hashes No passwords... To get a password from a hash youll essentially need to brute force try all password... And hope youll find the right one ... So more of an gimmick than a useful tool to hack wifi routers...
@@TonySmith-zq2hx to my knowledge even hashcat brut-forces to some extent... Sure you can optimize around the human psychology, or commonly used passwords but the rest is brute force... Bc hash-fcn are ment to be one way fcn. (Easy in one way. More or less impossible in the other direction.)
Because I use Home Assistant, I am only using giving access to known MAC addresses. Not that I am afraid my password will get cracked, it is best to plan for the worst case. For visitors I my router offers a second WiFi network. It even has a third network for Home Assistant appliances, but two will do because of using the MAC addresses. Hint: I use the MAC addresses to give every appliance a fixed IP via DHCP. I found out the hard way after a router failure appliances were not reconnecting perfectly to H.A. thus having fixed IP's makes live a lot easier.
ive had mine for a few years. Nothing new about any of this. Automated capture >> sort ssid's based on isp provider >> generate custom wordlists per isp type >> free wifi. WPA3 has been shipped with products for a while.... but is never enabled by default. Even though your password may be 12+, if it uses common dictionary words its still a shit password
It gives hacker password hash, which can be used for getting the password via brute force attack. Basically, that's the only option for hacking WPA2 network (at least, for now), but there's two main issues 1. Any Android or iOS (jailbroken) smartphone can do the same thing, so there's not much point in specific device. Sure, it works automatically on any detected network and it automatically transfers hash files to PC that is used for bruteforcing, but it's not like you can set up any phone to do the same thing. 2. WPA3 networks are protected from this attack, so it isn't of any use for them.
Also, I'd like to add that they say that this device is using AI for password generating, but I'm not sure if AI is making password bruteforcing significantly faster. Moreso, this AI is still used not on device, but on PC that is doing bruteforcing, so it's not like you can't just download its code and use it on any PC with any hash, be it hash that you got from the phone or from the laptop.
I'm a bit confused. It surely is too slow to crack anything, even a dictionary would be way too slow. So what is it doing? Only collecting handshakes? At some point the video talks about online cracking, if this is needed, how would it be connected to the internet? How would it be "safe" to use? Seems more like a toy than a tool.
Video is misguided. The device just collects unauthorized handshakes which are called IV. You need a lot of them. With that, you would need to run it through a very large dictionary to find the password. Then once found, you can test the password on that network with a wifi device. Ppl watching this and thinking they can just sit next to a wifi network and get in with a click of a button are wrong. The entire point, make your wifi password hard and long. Set up layers in your network. Different vlans, Mac auth, honeypot for unknown device, etc.
mac address spoofing is a thing, I've done it on hotel wifi before. You find mac address of an already connected device, and spoof it. So I don't quite agree with mac address filtering. Also phones nowadays use random mac addresses. The best way to protect against this kind of hack is to use a strong password, the reason this thing works is because of weak wifi passwords. None wants to type a 20+ character password on a printer, but if you want to be safe you should.
No one wants to type a 20 character password, and they shouldn't be doing that anyway. Plopping in a 40 character password is trivial when you use a password manager like Enpass, or any of the dozens of other ones available. I like Enpass because they don't store your database, YOU do. If you're not using a password manager, I can pretty much guarantee you are using the same password on multiple websites... which is a really stupid thing to do.
Printer, Fridge, Motor Vehicle (try typing on steering wheel buttons) Many things a password manager doesnt solve but its still better to use one.....@@JamesColeman
@@username-mc7jw and now are the problem - you need to login to the password manager which requires the internet, .... which could be accessed through wifi ...
This is all well & good except for 2 things… 1. No mention is given to the time it takes to crack passwords. 2. Cracking WiFi passwords for more networks, does NOT reduce the cracking time needed for WiFi passwords in the future. Btw… my WiFi is password 50+ random characters. Lol. 😈
This just collects hashes ? I was kind of interested at first. There are rooted android phones that can do this without all the extra trouble involved with this gadget.
So they said it works with WEP and wpa what about WPA-Enterprise or WPA2-Enterprise or WPA3-Enterprise And if that's the case that it work then maybe the industry needs to look into a different way to do Wi-Fi authentication
So if your wi fi is being hacked, you automatically know the perp is near by? They have to be in range in order to be able to hack your wi-fi is that correct? Yes or no?
@10:11 - NOT true anymore. Many devices nowadays use a random MAC to connect by default (unless turned off). This is done for privacy, but also breaks things like static DHCP and knowing if a "new" MAC is an intruder, or just a random one from an existing device. Of course, anyone could just clone a valid device's MAC and use it to hide.. making the security advice given almost useless.
You don't need the gateway for SSH access to the device if it is on the same subnet, in particular the standard /24 pushed by DHCP on 99% of all home networks. Just saying, because I am picky. - Great video BTW.
It's cute, simple and cheap, just wow! And than a very nice video fully explaining how the product is made and how to use it, just AMAZING!! Definitely gonna check out the product!! :3
@@LEGENDS-ex9td It is probably something you can find online, you may not be able to buy it Ready to use, But you can buy all the parts and make one yourself.
MAC-Whitelisting is just an absolute basical protection. Zero trust is mandatory for all clients communicating in your network. The problem is not a hacker getting into your wifi. The problem starts, when he finds loads of open ports and loose listeners within the network...
It’s a little frustrating that it’s 2023, and the pwnagotchi project uses a Raspberry Pi Zero W for the example, and the Wi-Fi actually uses 802.11 b/g/n.
It also is bullshit clickbait. It's just a dictionary brute force attack, same as you can do from your laptop or phone. If you have a decent password there is zero chance this thing does anything.
So if the password is next to hashed also be salted or pepperd it does not work? Arent wifi passwords also salted? Also because the real power comes from the software running on the device, not the raspberry it self. Doing most of the work by api web services. Why not run it on a smart phone? A person looking at a smartphone is a lot less suspisious then someone looking to this device.
It's a novelty item that was popular 3 or 4 years ago as a fun DIY project, the idea being you have a (kinda sorta) Tamagotchi toy that's _also_ capturing handshakes. In reality though, sure, you could just use a phone or some other less obvious device. (and a strong password of 12+ characters, WPA3 etc. all defeat this, it's old news - not to say hash attacks don't still _work_ of course, _plenty_ of bad passwords/WPA2 still out there)
this is no different from using wifisher or airmon-ng tools. in the end this "toy" won't crack the password since you need to take the cap file and run it against a massive dictionary to hash the password to plain text.
I dont understand , how are you sniffing packets without connecting external wifi adaptor capable of packet injection and monitor mode ? The onboard wifi chip on pi zero does not allow you to do so as far as i know it .
Could be. This voice used to have a real body attached to it in the videos (older videos were fronted by an actual English human) but he/they could've cloned his voice.
@@xTerminatorAndy Well he didn't clarify and didn't mention the web UI either. So.. that's not clear and as I am not psychic I can't tell entirely what he meant, neither can you.
@@MissFoxification true I'm not psychic, but he literally said "UNLIKE THE FLIPPER". So although English is only my 3rd language, I am convinced that I understood the meaning perfectly.
@@xTerminatorAndy Really, got nothing better to do with your life or did you type youtube instead of reddit by mistake because I am not invested in your BS.
It doesnt actually crack a password though. It just saves a handshake? You would still need to run a brute force or dictionary attack which would make 99% of these handshakes useless. Wps on 2.4ghz is still the easier way.
You haven't, or wont "hack" a network in seconds...you will (probably) capture some handshakes that need to be run through something like hashcat...and with modern ssid passwords being so complex you'll be there a long time to crack it. Alarmist vid iym
Cute. But the WiFi pineapple did this about 10 years ago. It doesn’t actually hack anything. You still need to crack the hashes which will take a very long time
GLHF with my long password consisting of randomly generated characters, the heat death of the universe is waiting. You need to enter the password once, so why not use something secure.
Its a great tool, hard to believe it was mostly made by one person, too bad the project has been dead for a long while. Also you are making it sound like cracking hashes is cheap/easy, its usually not with strong password requirements ;).
Bro the Pwnagotchi is not as powerful as you described. It just collects pcaps and decrypting is requires huge amounts of GPU power that is just not available to us. Only weak passwords are in danger.
Doesn't this mean having this device by your network causes vulnerabilities? What stops it from cracking your network and sending your password to it's true best friend, the developer
48 letter passwords with specialsigns and numbers, small and big letters will not help at your network against the Pwnagotchi, aditionally make your net invisible..
I changed my router setting that the SSID Invisible so for example if a guest come there is no way that he can use the Wi-Fi Unless I tell him the SSID and the password so that he can enter it manually
Just curious about the passwords attacks or types of passwords attack Which are not included in any dictionery or wordlists to bruteforce and find it What type of bruteforce will it be which do like in this method Aaa Aab Aac Aad And so on , all the way upto whatever the passwords it reaches What types of attack this called and also wanna know If i have a password so simple which are not included in any wordlists , dictionery , hashes or so on How much time will the method i mentioned can take to crack it ? How much
Wow...i want to be apart of the hacker community...i jave these ideas i just have trouble translating them into code❤😢 You guys seem chill...any advice?
never trust anyone who makes a :3 face
True :3
:3 fr
:3
3:
:3
Basically if you want to be safe against this, just like any other piece of software/website/service - have a really secure password. Larger passwords are exponentially harder to crack (as long as they aren't a common password), especially with a combination of symbols, uppercase, lowercase, and numbers.
Or use a LAN.
@@oneproudbrowncoat yeah carry a f wire and box around like a neanderthal
Most people don’t know 😈
Keep educate people but seriously there are 90 tries are successful of 100 times
using WPA3 PMF Enforced network would prevent it from getting the handshake i believe [well at least would help it out]
Does it find and hack wifi that doesn't broadcast its SSID?
My neighbors will usually give me their WiFi passwords if I ask nicely
Why would they do that?
@@e1woqf Split the bill. Both get it for half price then. Used to be common until people were scared by the "it could be a P. or a T. using your connection, getting you into trouble.". This is why you should know, and get on with, your neighbours.
Social engineering 👍
Saving GPU power 😂
Hypothetical post....Nowadays, nobody gives wifi password 😒 🙄
Amazing. A standard dictionary attack against a WPA handshake. It's truly revolutionary! I'm sure it'll be able to crack 99% of networks out there, especially the ones with non-dictionary passwords generated automatically by ISPs
You get it! I like the idea of this thing, and will definitely be making one just because this seems a lot easier than carrying around, powering up, and running commands on my Pi 2 but the reality is that this doesn't do anything you can't already do with a laptop and a WiFi adapter. I got all excited when I heard "Automatically" but I guess I needed to remind myself that a 16 year brutce force/dictionary attack is still "Automatic" if it runs itself the whole time.......
I wouldn't listen to the opinion of a sir named Dyatlov 😂😂😂
But you're right, dictionary are in most of cases useless in my experience.
Well you need a dictionary that includes the default password lists of your local isps. For example in my area there are 3 major isps and their entire password lists add 600k entries to my dictionary. At least on a laptop that only represents a few minutes of time (I imagine a pi might add 10s of minutes)
@@Matt18001 where I do live we have router provided by the internet provider, with randomized 20 chars pass, made of digits, uppers and lowers, no default lass, so even with brute force, 20 chars would take an eternity, better to go phishing 😉
But using this tool with dictionary on a whole day of walking in a big town can still bring results thanks to the huge quantity of handshakes collected, some may be weak.
No lol the video says ANY wifi network. Seriously this clickbait bullshit has to be stopped
Another way to protect yourself is to upgrade your wifi to WPA3, which doesn't have the same auth vulnerability with its handshake. Not every little smart device is compatible with it yet of course, but computers are
Does assigning and limiting IP Adddresses help? Maybe some routers can send a notification when a New device is attempting to access the network. A lot of the world does Not have the skill or money to upgrade to the latest tech or Use IP Provided Routers.
@@jbranche8024 Just use a strong password and you are safe against this attack.
Yes unfortunately very few devices even in late 2023 support WPA3.
dont care your pass i loking for backdoor..
@@nin1ten1do So are a lot of people who are smarter than both of us lol
And eventually, one day a backdoor will be found, and a new standard will subsequently be released to replace WPA3 when that happens just like with how WPA3 is replacing WPA2
so it's just an automated interceptor, we still send the data to a rig which will crack the password using hashcat
Yep, clickbait
you could run the recovered hash against a dictionary in the device. Or do the same thing I used to do and automatically upload them to a server
@@KOOLAIDxK1D No, not entirely clickbait. The pwnagotchi can be loaded with a plugin that automatically sends the intercepted hashes to an online cracking service, which emails you if it gets a hit. Doesn't get everything, but its still functional.
@@CMDR_John_Crichton now that sounds more like it
while whitelisting MAC addresses is helpful and a good step, a fair few devices can spoof any MAC address they want (Hell, my home sever here has that option for both it's adapters in regular desktop Linux, Mint to be precise).
As an aside, a hacking tool has no business being that cute.
Two connected network devices can Not have the same Mac address from my understanding. Both devices would receive some but probably not all data. The device would not function properly. This would Alert the network normal users at homes. I like increasing password length and adding special characters as AI and advances in computing make it possible to Crack shorter passwords or passwords not using special characters.
@jbranche8024 they cannot, no. But an attacker need only wait for said device to disconnect, or kick it off the net first
ah yes you're the guy recommending to do something that nobody does because its trivial
@BangBangBang. pretty sure that IS done because of how trivial it is.
How often I'm not sure, but settling up a whitelist still is the security equivalent of using a $5 chain lock on your front door.
@@DFX2KX Exactly, his "logic" is very "special".
Trivial things like this are just automatically done by most scripts. Getting a list of allowed mac adresses is standard procedure just in case there is a white list.
Precisely because it is so trivial you just exclude this potential source of problems. Diagnosing randomly refused or dropped connections is way more of a hassle then just doing stuff like this from the start. There is no downside to just doing this every time if there are any devices online.
I'd recommend the Raspberry pi zero wh. Thats the model with pins already soldered onto the board like shown in the video
The quality, is mind blowing! thank you for all who work hard to get this result, and keep it up, the content is very interesting.
Thank you very much! We appreciate it
So I plug this into my wall socket and it takes over NASA right?
Came across this channel in one of your shorts, and began watching your full length videos - really liking the presentation and the content - you have yourself a new sub here.
Welcome aboard! Check out the new one about QR codes * , *
So it doesnt actually let you hack any wifi. It does what every other wifi hacking method does. It captures the packages and youre STILL relying on bruteforce/dictionary attack on the hashes.
This makes this otherwise cute little tool pretty moot as theres tons of tools out there can you could do this with that would be cheaper to build and smaller.
What would be cheaper?
@@johndoe__8 Its just about capturing the handshakes. You can get an arduino IDE board for like $10 or so. And a cheap wifi antenna for about the same. The rest is code
This device claims it attacks any wifi hotspot, which is an overclaim. Without even finishing the rest of the video, I can make some guesses. It will work with something like EAP-TLS, and it likely uses WPA2 handshake vulnerability, which is majorly fixed in WPA3.
And After I finish the video my assumption is true. I am usually very careful when I hear it works on anything. 99% of the time, it's a troll.
The only useful attack you can do with any device labelled "Wi-FI Hacking device" is Wi-FI De-auth/Turning off their wifi.
Sort of, yes, it is the only thing that will just always work with minimal effort. But many people still make severe mistakes in password choice.
But I agree, router defaults have become more sensible during the last 20 years. Doesn't prevent people from changing them to less sensible options.
Luckily WPA3 has protect management frames which prevent this
Not using a weak password and WPA3 bouta ruin this whole man's career.
It'll be a while before everyone switches to WPA3. People are typically slow to update devices, WPA2 will still be around for years
when a windows user feels like hackerman 😂😂
Exactly as soo as you can see drive C:\ you imitatively know that this will be 'bullshit'.
What is Windoze??? Sounds like an inferior OS that only sheep would use.
@@username-mc7jw found the arch user.
Does this work on WPA3? Video only mentions WPA and WPA2. Also, how about WPA2-enterprise, i.e. EAP-TLS? Should work, since "hack any wifi network" would include that.
i think it only work against wpa-psk not wpa3 or EAP-TLS and P-EAP.
First of all you did not create it and it is not new... Those exist for a long time...
Second of all it just works for wpa (an already old and vulnerable protocol...) Which no one should use anyways...
.
And third of all it just catches hashes No passwords...
To get a password from a hash youll essentially need to brute force try all password... And hope youll find the right one ... So more of an gimmick than a useful tool to hack wifi routers...
fourth of all no body cares
@user-xh2ms3nc5r if that is the case then I was wrong, my bad...
Brute force?? Try hashcat
@@TonySmith-zq2hx to my knowledge even hashcat brut-forces to some extent... Sure you can optimize around the human psychology, or commonly used passwords but the rest is brute force...
Bc hash-fcn are ment to be one way fcn. (Easy in one way. More or less impossible in the other direction.)
Because I use Home Assistant, I am only using giving access to known MAC addresses. Not that I am afraid my password will get cracked, it is best to plan for the worst case. For visitors I my router offers a second WiFi network. It even has a third network for Home Assistant appliances, but two will do because of using the MAC addresses. Hint: I use the MAC addresses to give every appliance a fixed IP via DHCP. I found out the hard way after a router failure appliances were not reconnecting perfectly to H.A. thus having fixed IP's makes live a lot easier.
Assigning static IPs via DHCP is good, but also close down the pool of DHCP addresses available to guests (on a separate VLAN, of course).
@@username-mc7jw I forgot to say so, thank you for adding this!
ive had mine for a few years. Nothing new about any of this. Automated capture >> sort ssid's based on isp provider >> generate custom wordlists per isp type >> free wifi. WPA3 has been shipped with products for a while.... but is never enabled by default. Even though your password may be 12+, if it uses common dictionary words its still a shit password
Unbelievable! So, if I understand correctly, it doesn't actually give the hacker the Password to the wifi? If not, what good is it then?
It gives hacker password hash, which can be used for getting the password via brute force attack. Basically, that's the only option for hacking WPA2 network (at least, for now), but there's two main issues
1. Any Android or iOS (jailbroken) smartphone can do the same thing, so there's not much point in specific device. Sure, it works automatically on any detected network and it automatically transfers hash files to PC that is used for bruteforcing, but it's not like you can set up any phone to do the same thing.
2. WPA3 networks are protected from this attack, so it isn't of any use for them.
Also, I'd like to add that they say that this device is using AI for password generating, but I'm not sure if AI is making password bruteforcing significantly faster. Moreso, this AI is still used not on device, but on PC that is doing bruteforcing, so it's not like you can't just download its code and use it on any PC with any hash, be it hash that you got from the phone or from the laptop.
Should have named it GetHashGotchi.
@@ДарийФедореев-э7т Thanks!!
@@ДарийФедореев-э7т If I have the latest router, is it WPA3? Thanks again.
I'm a bit confused. It surely is too slow to crack anything, even a dictionary would be way too slow. So what is it doing? Only collecting handshakes?
At some point the video talks about online cracking, if this is needed, how would it be connected to the internet? How would it be "safe" to use?
Seems more like a toy than a tool.
Video is misguided. The device just collects unauthorized handshakes which are called IV. You need a lot of them. With that, you would need to run it through a very large dictionary to find the password. Then once found, you can test the password on that network with a wifi device. Ppl watching this and thinking they can just sit next to a wifi network and get in with a click of a button are wrong.
The entire point, make your wifi password hard and long. Set up layers in your network. Different vlans, Mac auth, honeypot for unknown device, etc.
very nice video, I enjoyed watching it entirely
mac address spoofing is a thing, I've done it on hotel wifi before. You find mac address of an already connected device, and spoof it. So I don't quite agree with mac address filtering. Also phones nowadays use random mac addresses. The best way to protect against this kind of hack is to use a strong password, the reason this thing works is because of weak wifi passwords. None wants to type a 20+ character password on a printer, but if you want to be safe you should.
No one wants to type a 20 character password, and they shouldn't be doing that anyway. Plopping in a 40 character password is trivial when you use a password manager like Enpass, or any of the dozens of other ones available. I like Enpass because they don't store your database, YOU do. If you're not using a password manager, I can pretty much guarantee you are using the same password on multiple websites... which is a really stupid thing to do.
@@username-mc7jw Something you missed is I mentioned a printer. I guess you never tried entering that password on a printer.
Printer, Fridge, Motor Vehicle (try typing on steering wheel buttons) Many things a password manager doesnt solve but its still better to use one.....@@JamesColeman
@@username-mc7jw and now are the problem - you need to login to the password manager which requires the internet, .... which could be accessed through wifi ...
This is fun programming/engineering.
MAC filter is more of annoyance for legitimate users rather than effective measure against attackers as spoofing a MAC address is rather trivial
so it's only for WPA?
WEP-encrypted wifi is cracked automatically in 5 minutes with 100% success rate.
Almost all wifi is WPA/WPA2 now.
so its just a tool for capturing handshakes ?
Just found and subscribed to your channel, I love the formal white gloves. 😆
This is all well & good except for 2 things…
1. No mention is given to the time it takes to crack passwords.
2. Cracking WiFi passwords for more networks, does NOT reduce the cracking time needed for WiFi passwords in the future.
Btw… my WiFi is password 50+ random characters. Lol. 😈
This just collects hashes ? I was kind of interested at first. There are rooted android phones that can do this without all the extra trouble involved with this gadget.
So they said it works with WEP and wpa what about WPA-Enterprise or WPA2-Enterprise or WPA3-Enterprise
And if that's the case that it work then maybe the industry needs to look into a different way to do Wi-Fi authentication
So if your wi fi is being hacked, you automatically know the perp is near by? They have to be in range in order to be able to hack your wi-fi is that correct?
Yes or no?
Does it do wps pixie dust attacks ik it’s kinda old but you’d be surprised how many people are vulnerable to it
@10:11 - NOT true anymore. Many devices nowadays use a random MAC to connect by default (unless turned off). This is done for privacy, but also breaks things like static DHCP and knowing if a "new" MAC is an intruder, or just a random one from an existing device. Of course, anyone could just clone a valid device's MAC and use it to hide.. making the security advice given almost useless.
You don't need the gateway for SSH access to the device if it is on the same subnet, in particular the standard /24 pushed by DHCP on 99% of all home networks.
Just saying, because I am picky. - Great video BTW.
Truth. If you in the network range but still that'd require the target to have an SSH session running ...
It's cute, simple and cheap, just wow! And than a very nice video fully explaining how the product is made and how to use it, just AMAZING!! Definitely gonna check out the product!! :3
Thanks man! Appreciate your opinion
Where to buy it
@@LEGENDS-ex9td It is probably something you can find online, you may not be able to buy it Ready to use, But you can buy all the parts and make one yourself.
MAC-Whitelisting is just an absolute basical protection. Zero trust is mandatory for all clients communicating in your network.
The problem is not a hacker getting into your wifi. The problem starts, when he finds loads of open ports and loose listeners within the network...
It’s a little frustrating that it’s 2023, and the pwnagotchi project uses a Raspberry Pi Zero W for the example, and the Wi-Fi actually uses 802.11 b/g/n.
It also is bullshit clickbait. It's just a dictionary brute force attack, same as you can do from your laptop or phone. If you have a decent password there is zero chance this thing does anything.
Do some research pwnagotchi works on pizero2 and the raspberry pi4.
So if the password is next to hashed also be salted or pepperd it does not work?
Arent wifi passwords also salted?
Also because the real power comes from the software running on the device, not the raspberry it self. Doing most of the work by api web services. Why not run it on a smart phone? A person looking at a smartphone is a lot less suspisious then someone looking to this device.
It's a novelty item that was popular 3 or 4 years ago as a fun DIY project, the idea being you have a (kinda sorta) Tamagotchi toy that's _also_ capturing handshakes. In reality though, sure, you could just use a phone or some other less obvious device.
(and a strong password of 12+ characters, WPA3 etc. all defeat this, it's old news - not to say hash attacks don't still _work_ of course, _plenty_ of bad passwords/WPA2 still out there)
Hello sir, My waveshare 2.13 display is not switching on after plugging on rasberry pi zero, any reason?
this is no different from using wifisher or airmon-ng tools. in the end this "toy" won't crack the password since you need to take the cap file and run it against a massive dictionary to hash the password
to plain text.
Still a cool project though, main benefit is it just runs in the background.
I dont understand , how are you sniffing packets without connecting external wifi adaptor capable of packet injection and monitor mode ? The onboard wifi chip on pi zero does not allow you to do so as far as i know it .
MAC filtering means nothing. Next video - MAC spoofing
Interesting!!
What is the 'effective range' of this gadget?
Very Good , will build and conquer the world .🙂
I just discovered your channel, and a new video just popped up. Nice!
Welcome! Recommend you watching other experimental videos ;)
So it's mainly used for Wardriving?
i really like it the way you teach us but not like just sitting on sofa and describing about the cyber crime i like it like this pls keep up like this
Can we make one that protects us from hackers?
Is it just me or dose the voice sound like an AI voice over?
Could be. This voice used to have a real body attached to it in the videos (older videos were fronted by an actual English human) but he/they could've cloned his voice.
It does have controls. There's not only txt files but web UI you can connect to via the data port.
He meant as opposed to the flipper, which has got physical buttons through which you can control some aspects of it
@@xTerminatorAndy Well he didn't clarify and didn't mention the web UI either. So.. that's not clear and as I am not psychic I can't tell entirely what he meant, neither can you.
@@MissFoxification true I'm not psychic, but he literally said "UNLIKE THE FLIPPER". So although English is only my 3rd language, I am convinced that I understood the meaning perfectly.
@@xTerminatorAndy Really, got nothing better to do with your life or did you type youtube instead of reddit by mistake because I am not invested in your BS.
@@MissFoxification 2 can play that game. You also got nothing better to do than come and troll me?
Only problem is it looks like an explosive device
It doesnt actually crack a password though. It just saves a handshake? You would still need to run a brute force or dictionary attack which would make 99% of these handshakes useless. Wps on 2.4ghz is still the easier way.
i feel like this is teaching me on how to hack the neighbours wifi, thanks sumsub!
Amazing, but you can do this also with a raspberry 4 ? right
jammers are a great defense so esp32 marauder is a got to choice
Seems I'm not that old school at all, I use LAN cables instead of WiFi
Hello! I love your videos! Do you mind listing out all the parts for Pwnagotchi assembly?
From where do I get all those hardwares I need pwnagotchi
Can a flipper zero do the same?
You haven't, or wont "hack" a network in seconds...you will (probably) capture some handshakes that need to be run through something like hashcat...and with modern ssid passwords being so complex you'll be there a long time to crack it. Alarmist vid iym
Cute. But the WiFi pineapple did this about 10 years ago. It doesn’t actually hack anything. You still need to crack the hashes which will take a very long time
To get an 8Gb capacity microSD from Aliexpress just ensure you buy one with 12TB or more...that way you have a chance...
I remember the Tamagotchi days. As I was saying that the other day.
Can I use Banana Pi M2 Zero instead of Rpi Zero ?
And will it works at all ?
Thx.
Please send a list with all parts...
I've had this program for years and years.
MAC filtering only works if your attacker doesn't know network sniffing which is highly unlikely. Selling this as a secure solution is stupid
Strong wifi password and you are good.
GLHF with my long password consisting of randomly generated characters, the heat death of the universe is waiting. You need to enter the password once, so why not use something secure.
No way u used notepad++😭😭😭
what if you hide your router from broadcasting its name?
Haaa.... That's funny. Useless. I might not know your SSID, but I would still know your MAC.
I don't understand how this can break AES-256?
Did Dr Schlotky get this working with a zero 2 w yet? What about the waveshare v3?
This is only good for unsecured 2.4ghz wifi networks.
Its a great tool, hard to believe it was mostly made by one person, too bad the project has been dead for a long while. Also you are making it sound like cracking hashes is cheap/easy, its usually not with strong password requirements ;).
Jayofelonys fork got updated since years,it runs better than the original
It should be called "Libergotchi" 😂 with one of those cheesy thin mustaches
Bro the Pwnagotchi is not as powerful as you described. It just collects pcaps and decrypting is requires huge amounts of GPU power that is just not available to us. Only weak passwords are in danger.
i wanted this but the hashes seem hard to crack
So how long will it take to crack a random 63 character WPA2 password?
Doesn't this mean having this device by your network causes vulnerabilities? What stops it from cracking your network and sending your password to it's true best friend, the developer
the pwnagotchi doesnt actually crack any wifi passwords itself. You'd need to connect it to a computer with a powerful graphics card to crack it
See the part about excluding your own ssid from the config file 👍
48 letter passwords with specialsigns and numbers, small and big letters will not help at your network against the Pwnagotchi, aditionally make your net invisible..
Buying the storage off of aliexpress is crazyyyy
So its all just a dictionary attack?
I changed my router setting that the SSID
Invisible so for example if a guest come there is no way that he can use the Wi-Fi
Unless I tell him the SSID and the password so that he can enter it manually
That actually doesn't do anything. For example u can open airodump(network monitoring tool) and your network pops up like any other.
It will just appear as hidden network then you use one of many methods to identify the ssid
As notorically usual, old fashion wins again. I stick to cables.
Imagine thinking that hacking WPA encryption from 2005 is legendary.
The gimmick of needing to "feed" it with Wifi signals sounds more like it's hacking you.
Got me onevof those fancy Steamdecks. Is there a way to run it on that instead of a Raspberry pie?
One word: FUD
Works only for some limited subset of APs.
Does that work on raspberry pi zero 2
Hacking in seconds = guess the password. Oh wow so novel.
Script Kittys Run free and conquer the world
Just curious about the passwords attacks or types of passwords attack
Which are not included in any dictionery or wordlists to bruteforce and find it
What type of bruteforce will it be which do like in this method
Aaa
Aab
Aac
Aad
And so on , all the way upto whatever the passwords it reaches
What types of attack this called and also wanna know
If i have a password so simple which are not included in any wordlists , dictionery , hashes or so on
How much time will the method i mentioned can take to crack it ?
How much
It can't able to crack the password then.If your password doesn't exist in the wordlist
It will become useless ONLY FOR THAT WIFI NOT OTHERS😏
what screen to use??
Can you give me the 3D printed model of the drone that you sent on the channel previously?
Wow...i want to be apart of the hacker community...i jave these ideas i just have trouble translating them into code❤😢
You guys seem chill...any advice?
So basically this does the same thing the my laptop can do......but smaller.
where the hell did you get the eink for $9 its like $20 online