the password you're talking about : it's actually the passphrase for your SSH key, isn't it ? Just checked, that's a yeah. So ok, this is about cracking the passphrase.
Hahaha, yeah I was feeling like I was in a timewarp and wondering if anyone else noticed. I'm guessing there was 2 takes and they got accidentally attached together when it was edited.
Clicked the 7:00 timestamp, let it run for about 30secs Clicked the 9:00 timestamp(expecting to watch the same 30secs again), literally picks up exactly where I left off I guess it's not just you...
a worldlist is a certain help for bruteforce attacks since it provides an ending list of "patterns" to go through. It always depends on your needs and targets whether you use such lists or own patterns.
A wordlist is a subset of all the possible passwords in a bruteforce attack. It's a mini-bruteforce attack. Fun fact: a bruteforce attack will always be successful--given enough time. Unfortunately, passwords over a certain length will take months, years, centuries, or more to guess. A wordlist is just a shortcut, that drastically redueces the time requirement by bruteforcing only the most probable passwords.
That's a dictionary attack not a brute force. Brute force is guessing literally every letter until the hash matches up. Dictionary is using a word list.
I used John the Ripper just last week to crack the password on a ZIP file I made back in the 90's. When I saw the password I had used, I face-palmed hard because I completely forgot that it was a password I used a fair bit around that time so I didn't think to try it, but also because I never would have guessed that I used that password on for that file. 🤦 (I was surprised it worked on a spanned archive set.)
lol, you be surprised how many times I've had to use this tool and others to crack passwords were someone has left the business and taken the password with them (deliberate and just plain forgotten). As long as I get clearance up the chain and exhausted all line of obtaining it - I get the "nod" and a sign off from security, I was once asked to give a demonstration by a manager who wanted to know the way to do it, a big fat no from me and his ass reported up to security. As its technically red team tactics (black hat). A good skill set to learn along with firmware password cracking (this was due to an engineer who put a password in that he did not tell anyone) ~Trooper
@@josephgoebbels1605 not my job too and its considered in the enterprise enviroment as a no-no. As as mentioned it's a practice considered black hat/red team and the user really did not need to know, it should all come by security then IT. No password is really unbreakable, but its time - how much time do you really want to invest in, want to do it quicker then you use more resources. A very long complex password will take time to crack its exponential. Trooper
@@devnull-dz3gj Mate I know - buts its the world we live in, if you left it to the users they would have no passwords or such a feeble one its guessed at. It's old hat to me, I really don't care if Joe from accounting is a moron as long as he follows what's been laid down. You know the type, the same people that drive and use a handset or drink and drive and its everyone else's fault. ~Trooper
I get the non-sharing part. It's the ratting out part that perplexes me. Unless the dude was a sleaze who you knew was going to start plundering the company's assets. :P
OMG , where is the injection bla bla? you did nothing new, you didnt even knew .ssh folder existed before this vid. and ppl liking the vid have no idea what they just watched.
Question.. I got my wallet hacked .. someone said that they could get it back but I need to get a cracking log .. iDK what it is and if he can get to all my info if I do ??
Hey when you run your ./john -- wordlist=darkweb2017-top10.txt etc... it gives you a syntax error showing. /john is not a directory. Yet you run LS to display the contexts of your current directory and then you change completely different directories but still had your John script run? How is that possible
So this really has to do with how UNIX filesystems, and UNIX path works. the ~ stands for the home directory the . character stands for the current path. So when he runs it the first time with the error, bash is complaining the application/script "john" doesn't exist in path "~/src/john/src/" That's a true, and valid error. After he navigates to the directory to "~/src/john/run/" then he can run the application, because the application john lives in that directory. Applications in UNIX environments can only be run from within the directory they live, or the full path to the application must be provided in order to execute them. There is only one exclusion to this statement. That exception is applications that live in directories defined in the linux $PATH variable can be executed anywhere on the filesystem. However, since "john" lives in ~/src/john/run/ it can only be called from within that directory, or the full path to the application must be provided.
It looks like a bit of an editing "mistake". After he does that little sped up segment, he cuts to a re-do of his explanation on how to crack the hash.
Thank you so much for this amazing video! Could you help me with something unrelated: I have a SafePal wallet with USDT, and I have the seed phrase. (behave today finger ski upon boy assault summer exhaust beauty stereo over). How should I go about transferring them to Binance?
I'm not going to sugarcoat this... You breeze over important steps of the tutorial which even intermediate hackers who use ssh regularly may still need more clarity on. You are constantly go off topic and type commands that the viewers can't keep up with into your command line without explaining what you are doing. There was clearly barely any effort put into editing this video and the guy talking hasn't got great communicative skills andmis mumbling half the time.
Thanks for the analysis! 🔍 I wanted to ask something unrelated: 🤔 I have a set of words 🤷♂️. (behave today finger ski upon boy assault summer exhaust beauty stereo over). Not sure how to use them, would appreciate help. 🙏
so I see that you are using Ubuntu as a host and also ubuntu for the target on a virtual machine, is it possible to do the same if I try this with both OS on a virtual machine?
It depends on how your networking is setup and what VM you are using. It is pretty do-able in some thing like GNS3 you can create a entire network with different OS and devices you just need to get the images for the switches and routers. The OS images are easy to get straight out of GNS3 (ruclips.net/video/Ibe3hgP8gCA/видео.html) This example is for Windows setup. you actually skip alot of these steps if you use linux.
only if it is v1 because v1 has the chipset which supports those functions v2 and v3 of this adapter use a different chipset which support neither support monitor mode nor packet injection
@@aether0625 bruh i lost my account for over 3 years, you wouldve think ive emailed them like over 100 times.. yes i emailed them dumbass, but i did get it back so.
Guys my wifi adapter supports monitor mode and packet injection after setting it in monitor mode airodump-ng doesn't work, it doesn't capture any wifi networks in my area and the channel number above BSSID changes from 1 to 14 and nothing happens, kindly help me 🙏🙏🙏🙏🙏🙏🙏
meh... should be titled how to use a python script to get authorized keys to john compatible format. Basically, this video script should be equivalent to the git readme of ssh2john. Otherwise well done!
Yeah, it's not possible that someone doing a CTF could have figured out how to get a private key from the target, tried to ssh with it got the passphrase prompt, and didn't know how to proceed from there. Totally not possible.
This might be a little too much to ask for but the original null brute guy can you please give me a quick shoutout in your next video I wanna be a big RUclips like you one day
I kindly request team null byte to make a series for beginners (basics) that would be awesome for us thx.
He already did
@@juliandaddy3218 can you link it ?
shop.null-byte.com/sales/the-2020-premium-ethical-hacking-certification-bundle-2?.com&
Sorry bro but learning how to hack has no defacto path way ... Just pick up skill after skill
For basics go over to hackersploit. For intermediate go to null byte.
Bro it's insane ur the only tutorial to mention the jumbo installation and for a student like me it's so helpful, keep it up !
the password you're talking about : it's actually the passphrase for your SSH key, isn't it ? Just checked, that's a yeah. So ok, this is about cracking the passphrase.
Is it just me or does this video repeat itself from 7:00 and again @ 9:00?? It's been a long night!
Hahaha, yeah I was feeling like I was in a timewarp and wondering if anyone else noticed. I'm guessing there was 2 takes and they got accidentally attached together when it was edited.
Clicked the 7:00 timestamp, let it run for about 30secs
Clicked the 9:00 timestamp(expecting to watch the same 30secs again), literally picks up exactly where I left off
I guess it's not just you...
@@ajdunham1390 Not sure how accurate the timings I listed were. Having watched the same part twice I didn't want to watch it all again! :D
I remember John the Ripper from the 90's. Didn't know still existed.
it's the best out
Very informative. I loved this, but I have a question.
Are you really bruteforcing if you have a wordlist?
A password attack is bruting whether its from a list or crunch piped into hashcat.
a worldlist is a certain help for bruteforce attacks since it provides an ending list of "patterns" to go through. It always depends on your needs and targets whether you use such lists or own patterns.
@@tobiaspeter4linux I see, thanks!
A wordlist is a subset of all the possible passwords in a bruteforce attack. It's a mini-bruteforce attack.
Fun fact: a bruteforce attack will always be successful--given enough time. Unfortunately, passwords over a certain length will take months, years, centuries, or more to guess. A wordlist is just a shortcut, that drastically redueces the time requirement by bruteforcing only the most probable passwords.
@@Nadzinator you should say that "enough time" for decent passwords means a veeeeery long time.
This guy is very talented, what happened to Kody? Did he needed to be reprogrammed to blink?
YOU SAVE MY LIFE!!! I ALREADY CONFUSED LIKE 2-3 HOUR AND FINALLY YOU COME UP, BIGTHANKS
I wanted to ask, do you know why we should change the permission ?
i want back the guy back who blinks more than others
You don't download passwords to brute force. This is very confusing and incorrect terminology
His intro was short, and he blinks!!!!
That's a dictionary attack not a brute force. Brute force is guessing literally every letter until the hash matches up. Dictionary is using a word list.
You may have to do ssh -oHostKeyAlgorithms=+ssh-rsa user@ip whatever your ip is
This is cool. But how would I get the private key first from a system that is not mine to then crack with john the ripper? Pls help.
I used John the Ripper just last week to crack the password on a ZIP file I made back in the 90's. When I saw the password I had used, I face-palmed hard because I completely forgot that it was a password I used a fair bit around that time so I didn't think to try it, but also because I never would have guessed that I used that password on for that file. 🤦 (I was surprised it worked on a spanned archive set.)
lol, you be surprised how many times I've had to use this tool and others to crack passwords were someone has left the business and taken the password with them (deliberate and just plain forgotten). As long as I get clearance up the chain and exhausted all line of obtaining it - I get the "nod" and a sign off from security, I was once asked to give a demonstration by a manager who wanted to know the way to do it, a big fat no from me and his ass reported up to security. As its technically red team tactics (black hat). A good skill set to learn along with firmware password cracking (this was due to an engineer who put a password in that he did not tell anyone) ~Trooper
@@trooperthatsall5250 Why not demonstrate it? People should use stronger passwords anyway
@@josephgoebbels1605 not my job too and its considered in the enterprise enviroment as a no-no. As as mentioned it's a practice considered black hat/red team and the user really did not need to know, it should all come by security then IT. No password is really unbreakable, but its time - how much time do you really want to invest in, want to do it quicker then you use more resources. A very long complex password will take time to crack its exponential. Trooper
@@devnull-dz3gj Mate I know - buts its the world we live in, if you left it to the users they would have no passwords or such a feeble one its guessed at. It's old hat to me, I really don't care if Joe from accounting is a moron as long as he follows what's been laid down. You know the type, the same people that drive and use a handset or drink and drive and its everyone else's fault. ~Trooper
I get the non-sharing part. It's the ratting out part that perplexes me. Unless the dude was a sleaze who you knew was going to start plundering the company's assets. :P
OMG , where is the injection bla bla? you did nothing new, you didnt even knew .ssh folder existed before this vid.
and ppl liking the vid have no idea what they just watched.
Hey I like these kind of things but this chanel is too complicated for me to understand yet, could u recommend me another simpler chanel pls
Zsecurtiy
Hackersploit , the cyber mentor , seytonic ,hak5 , luke security ,
@@abdulrahmanfaisal288 thanks
@@aasdguuu4916 thanks
Your welcome
dude, you got great skills but please improve your didactic methods...
When will Cody return
Nick. Love the haircut.
Using default input encoding: UTF-8
Loaded 1 password hash (Raw-MD5 [MD5 256/256 AVX2 8x3])
No password hashes left to crack (see FAQ)
Error
Question.. I got my wallet hacked .. someone said that they could get it back but I need to get a cracking log .. iDK what it is and if he can get to all my info if I do ??
change its password
Hey when you run your ./john -- wordlist=darkweb2017-top10.txt etc... it gives you a syntax error showing. /john is not a directory.
Yet you run LS to display the contexts of your current directory and then you change completely different directories but still had your John script run? How is that possible
One was the source folder and the other was the binary folder
So this really has to do with how UNIX filesystems, and UNIX path works.
the ~ stands for the home directory
the . character stands for the current path.
So when he runs it the first time with the error, bash is complaining the application/script "john" doesn't exist in path "~/src/john/src/"
That's a true, and valid error. After he navigates to the directory to "~/src/john/run/" then he can run the application, because the application john lives in that directory.
Applications in UNIX environments can only be run from within the directory they live, or the full path to the application must be provided in order to execute them. There is only one exclusion to this statement.
That exception is applications that live in directories defined in the linux $PATH variable can be executed anywhere on the filesystem. However, since "john" lives in ~/src/john/run/
it can only be called from within that directory, or the full path to the application must be provided.
From @8:40 to @9:00 you're doing things with no explanation. Speeding through things makes it seem like you're hiding something.
It looks like a bit of an editing "mistake". After he does that little sped up segment, he cuts to a re-do of his explanation on how to crack the hash.
Can't reproduce "[SSH] cipher value of 6 is not supported! " when running john command
Which keyboard do you use?
Please take a typing course. and this video doesn't help at all.
How Can i decode the layer "raw" of ssh packet with python. I have the packet but i can't decode the message
Thank you so much for this amazing video! Could you help me with something unrelated: I have a SafePal wallet with USDT, and I have the seed phrase. (behave today finger ski upon boy assault summer exhaust beauty stereo over). How should I go about transferring them to Binance?
Please hire a better editor, and where is kody?
Went to fast, and *STILL* playing that dying *CRAPPY* *MUSIC!!!*
You realize Lynyrd Skynyrd would sue us right?
Hey can someone just explain why we make the authorized keys file? And how it's utilised?
We need Kody back
WHAT!!!! HE BLINK NOOO U ARE NOT A HACKER
I'm not going to sugarcoat this... You breeze over important steps of the tutorial which even intermediate hackers who use ssh regularly may still need more clarity on. You are constantly go off topic and type commands that the viewers can't keep up with into your command line without explaining what you are doing. There was clearly barely any effort put into editing this video and the guy talking hasn't got great communicative skills andmis mumbling half the time.
all i want to do is mount my key files to another machine
Can i put Tp-link TL-WN722N version3.0 in monitor mode?
Thanks for the analysis! 🔍 I wanted to ask something unrelated: 🤔 I have a set of words 🤷♂️. (behave today finger ski upon boy assault summer exhaust beauty stereo over). Not sure how to use them, would appreciate help. 🙏
Where's the guy who doesn't blink
Cant crack my passphrase if there is none.
so I see that you are using Ubuntu as a host and also ubuntu for the target on a virtual machine, is it possible to do the same if I try this with both OS on a virtual machine?
It depends on how your networking is setup and what VM you are using. It is pretty do-able in some thing like GNS3 you can create a entire network with different OS and devices you just need to get the images for the switches and routers. The OS images are easy to get straight out of GNS3 (ruclips.net/video/Ibe3hgP8gCA/видео.html) This example is for Windows setup. you actually skip alot of these steps if you use linux.
does this work on opening the user and pass of an hostname on its port 22 ssh
If you can find the password in the post so you will waste your time on notiing
wget for the wordlist doesn't work?
does tp link tl wn722n supports monitor mode and packet injections
only if it is v1 because v1 has the chipset which supports those functions
v2 and v3 of this adapter use a different chipset which support neither support monitor mode nor packet injection
I need some help with trying to hack something and I can’t find anything on it
I wanted to ask you for help for something please?
Where is kody ????????
4:48 "No module named SimplerHTTPServer" what i can do to fix it?
SimpleHTTPServer ?
Learned alot nick thank you
Bro not everyone is in college and on Adderall. Slow down
Great now we need 2fa for ssh
Thinking the same, recently saw:
ruclips.net/video/krRskVc3s4c/видео.html
yo, is this a virus cuz im tryna get back my old roblox acc 😐
wtf why are you watching a ssh cracking video to get your old roblox account back, just email them
@@aether0625 bruh i lost my account for over 3 years, you wouldve think ive emailed them like over 100 times.. yes i emailed them dumbass, but i did get it back so.
*BEEP*
Firewall only allows certain ips to use port 22 (ssh protocol), easy fix
Yeup. This is basic.
Its a joke how few people set up ACLs
What is ssh
Guys my wifi adapter supports monitor mode and packet injection after setting it in monitor mode airodump-ng doesn't work, it doesn't capture any wifi networks in my area and the channel number above BSSID changes from 1 to 14 and nothing happens, kindly help me 🙏🙏🙏🙏🙏🙏🙏
how did you make sure it's in monitor mode? Maybe there are simply no other networks?
Could you help me crack a file?
8:56 minecraft.
Exposed
Is there a way to install kali, root or parrot in windows and then add things like metasploit in them?
There are subdirectories you can install for Kali on a Windows machine. I haven’t tried it but you can try the good old apt install for metasploit
I recommend to use Virtual Machine like Vmware and Virtualbox , you can check swahilielites for tutorial
Thanks For the Answers!
what if it is a strong password ,it wont work right?
I suppose, this is a brute force approach so it all came down to the password strength vs computer power... 🤔
It checks against a list of "most likely used" passwords so if you are bilingual set passwords up in a different language to English.
If you neither used nmap not ddos against null byte's ip then you are not a true student of null byte🙃
I want to know password of this account
Can i use hashcat?
Wow this guy is amazing he have an talent like an kody ❤
bring back the other guy
Keep up the good work bro
Awesome!!!Big Like
Awesome ! 👩💻
Hi bro can u teach us how to hack a laptop or a mobile which connected to a wifi ?
meh... should be titled how to use a python script to get authorized keys to john compatible format. Basically, this video script should be equivalent to the git readme of ssh2john. Otherwise well done!
Thanks for this :)
why did you skip the main part? disgusting?
I'll use this soon! Thanks ✨
ok
Can you crack the router login page?? Plz tell how
real ICT professionals are creative and think over the regular horizon to find out alone. :-)
@c ball this was now some sort of badass reply ;-)
Who can crack private key!
he blinks . yay
Search identy from Android phone no
nice video man, well explained
Noo
Fake
Oh shit here we go again
Sir please make a video on face book haking just one video
But you don't actually show us how to get the private key without access to the target system, so this tutorial is completely useless.
Yeah, it's not possible that someone doing a CTF could have figured out how to get a private key from the target, tried to ssh with it got the passphrase prompt, and didn't know how to proceed from there. Totally not possible.
this was hard to follow
this is basics
𝐈 𝐰𝗼𝐮𝐥𝐝𝐧' 𝐡𝐚𝐯𝐞 𝐭𝐡𝐞 𝐬𝐥𝐢𝐠𝐡𝐭𝐞𝐬𝐭 𝐜𝐥𝐮𝐞 𝐰𝐡𝐞𝐫𝐞 𝐭𝗼 𝐛𝐞𝐠𝐢𝐧!
where the fuck is no blink guy
woah
@@NullByteWHT I am sorry it was my cousin who wrote that he just wants to get me into trouble Sorry OMG
please make a video with Indonesian translation
Are you joking?
This might be a little too much to ask for but the original null brute guy can you please give me a quick shoutout in your next video I wanna be a big RUclips like you one day
Haha
Najaj
Hakka
Lakao
Lalla
Sysu
JaiaiB
Thank u lods
Hajak
hbdbd