Password Hacking in Kali Linux

Поділитися
Вставка
  • Опубліковано 22 гру 2024

КОМЕНТАРІ •

  • @Synclon
    @Synclon Рік тому +576

    UA-cam Please Don't Take this Video Down is for Educational Purposes Only 🙏

  • @justchecking12
    @justchecking12 Рік тому +18

    Pretty straightforward pretty simple way of presentation and you literally smash the youtubers who are trying to showcase their pretty secret ways of password cracking in 2 minutes not telling all the details and crucial structure of how it works.

  • @adyp487
    @adyp487 Рік тому +31

    Why is this so ridiculously helpful?!
    PS: thanks John! Awesome work as always! 💜

  • @norfin8503
    @norfin8503 Рік тому +8

    This man really hit the ground running and hasn't stopped yet. He gives us more understanding of him without interviews and negative antics he just shows us who he is through the Recovery. True living legend. We salute to team usespy online. The execution, creativity, and goodness that came from it were inspiring on a number of levels. Cheers Alex & looking forward to seeing what you do next!

    • @Biyodmr
      @Biyodmr 9 місяців тому

      bana yardımcı olabilir misiniz hack ile ilgileniyorsanız

  • @saurabhrathour8032
    @saurabhrathour8032 4 місяці тому +1

    Hey ppl, I'm a retired computer/IT person, Yet I still find *Adrian hacks online on the WEB* so informative and straight forward. Thanks for your advise and helping the people...........Great work and love watching.

  • @misholapatrick1925
    @misholapatrick1925 Рік тому

    The efficiency of this *Top phase Resolution* is next level. To juggle walk throughs of various angles on the topic delivered to-camera, differnet content per topic from various folks underneath the umbrella of the track list of the larger big band concert itself is engaging and refined. To make a dense taccess like this so digestible is really something. Awesome work Mike !!!

  • @TAHAEDİTSYT333
    @TAHAEDİTSYT333 Рік тому +6

    Hi everyone! Am extremely excited and feel blessed to click on this video. I know it super long, but so far....am loving every single second about it. I always wanted to do something in the IT filed, but with my busy schedule...I was always contemplating on where do I start, what am I going to focus my studies on and how difficult will it be for me with no IT background? However, watching this video have answered to all the questions. Thanks for taking your time to put this together for people like me *usespy online.*

    • @Biyodmr
      @Biyodmr 9 місяців тому

      kanka bana bi konuda yardımcı olur musun eğer hack ile ilgileniyorsan

    • @TAHAEDİTSYT333
      @TAHAEDİTSYT333 9 місяців тому

      Yorumu ben atmadım ki kendi kendine otomatik atıyor herhalde telefonuma virüs girmiş

  • @paulhimle
    @paulhimle Рік тому +3

    Nice to be known as a “good friend”. One ‘Like’ coming up! 😊

  • @siddhantr1451
    @siddhantr1451 Рік тому +2

    He and David Bombal both have very good knowledge and understanding

  • @jbit590
    @jbit590 Рік тому +34

    Thank you John for another amazing video, An understandable educational experience that doesn't make you want to take a nap lol very awesome 👏

  • @medelpasand
    @medelpasand Рік тому +2

    high quality content that matches your personal energy...... great work John . keep it going

  • @carparkingemir5741
    @carparkingemir5741 Рік тому +4

    This man really hit the ground running and hasn't stopped yet. He gives us more understanding of him without interviews and negative antics he just shows us who he is through the Recovery. True living legend. We salute to usespy online. The execution, creativity, and goodness that came from it were inspiring on a number of levels. Cheers Alex & looking forward to seeing what you do next!

  • @erichillel6284
    @erichillel6284 5 місяців тому

    This is awesome, very interesting and good job !!! As per my understanding, not matter which type of attack we will use, we will obviously always have to provide a Wordlist. So, this is the real challenge. For example, the number of non-duplicated combination of words with length=10 is 94^10 =621,491,424,183,448,320,000. What about the others lengths and what about the emojis... Looks like an impossible mission. And I even didn't mention the fact that every such run make take days, weeks,...

  • @pedallknife
    @pedallknife Рік тому +2

    Keeping me motivated John, Can't wait to meet you one day!

  • @nazmiyeendes4560
    @nazmiyeendes4560 Рік тому +2

    The efficiency of this *usespy online is next level.* To juggle walk throughs of various angles on the topic delivered to-camera, differnet content per topic from various folks underneath the umbrella of the track list of the larger big band concert itself is engaging and refined. To make a dense taccess like this so digestible is really something. Awesome work Mike !!!

  • @TheQuest07
    @TheQuest07 Рік тому +1

    Kickstarter - Online Cyber Security School.
    Great video John!

  • @HiiHii-qo5ez
    @HiiHii-qo5ez 4 місяці тому

    The way you approached this project added so much to it. It’s great to see how your unique perspective contributed to the outcome. The role you play on your job *Adrian hacks online on the WEB* is crucial. I really appreciate the constructive feedback you give to me regularly

  • @theWSt
    @theWSt Рік тому +1

    Great video, thx a lot! My days as an amateur hacker are over for a long time, but I'm surprised that John the Ripper is still actively maintained.

  • @juliusrowe9374
    @juliusrowe9374 Рік тому +3

    John, super dope tutorial! Please do more of these.

  • @SumanRoy.official
    @SumanRoy.official Рік тому +68

    What John did not show you the most realistic way of Password cracking, Hashcat is really powerful but if you run short on wordlist you will never be able to crack it.😂
    So to mitigate this situation where you can implement "rules" for hashcat which can modify the password candidate and try to check for different variations of the same password, that way your cracking probability increases significantly.

    • @HitemAriania
      @HitemAriania Рік тому +7

      Indeed, do you have some good rule recommendations? Also, Hashcat is not only CPU based, you can select your GPU for even greater success (WSL is great for nvidia cards as an example)

    • @icebice
      @icebice Рік тому

      @@HitemAriania OneRuleToRuleThemAll is good afaik

    • @vaykhaVaykha
      @vaykhaVaykha Рік тому +1

      Hey. Can u help me with something.?

    • @shelbyRogers-zn9rm
      @shelbyRogers-zn9rm Рік тому +1

      Whitehackerone is the best

    • @anupkarki8237
      @anupkarki8237 Рік тому +1

      Have you been succesful using that?

  • @TheLakeJake3
    @TheLakeJake3 Рік тому +11

    Would be careful self hosting pass bolt and making it available on the internet. Also with running in the cloud unless you know what you’re doing. Best to host on your lan, but only reachable via VPN to home network. Hope someone who needs to read this does

  • @karstenachiriachu4840
    @karstenachiriachu4840 Рік тому +3

    Great job man. Really do appreciate, learned a lot

    • @henrykandakai6955
      @henrykandakai6955 Рік тому

      You need help *GREATSMARTTECH*

    • @henrykandakai6955
      @henrykandakai6955 Рік тому

      GreatSmartTech is strongly recommended for problems and solutions for social media accounts…✅🇺🇸

  • @Marc.Google
    @Marc.Google Рік тому +4

    Love your energy and positivity John!

  • @compilererror
    @compilererror Рік тому

    I love this channel. Thanks for putting in the time and effort!

  • @davejackson1281
    @davejackson1281 9 місяців тому

    This should be required viewing in school. My wifi has been acting up but my service provider says its nearly impossible to hack my modem/wifi. Now I see how easy it is and I can take steps to mitigate my exposure. The days of assuming that only a trained professional can be a danger to privacy are over.

  • @Aed_Investments
    @Aed_Investments Рік тому +1

    Awesome educational/informational video John, thank you 🙏

  • @dennislindstrom8155
    @dennislindstrom8155 Рік тому +1

    love those kind of videos. learn alot from you

  • @mehmet_428
    @mehmet_428 Рік тому

    This is the most comprehensive, understandable, well-presented historical spy site overview I have heard from any online agency. I have subscribed to and shared your channel with friends around the world. Whoever created usespy online that particular spy site deserves the highest of journalistic accolades. Bravo!

  • @TagsYoureIt
    @TagsYoureIt Рік тому +9

    Every time I watch these episodes about passwords, I am terrified I'll see mine up there

    • @skreamzu
      @skreamzu Рік тому +1

      thats why you should use a password manager with "randomly" generated passwords!

    • @danielorji1829
      @danielorji1829 Місяць тому

      🤣🤣🤣

  • @GooopGoooop
    @GooopGoooop Рік тому +6

    Hey John! In the first example, you showed us how attempting a password manually 3 times boots us out. How did hydra circumvent that security feature?

    • @Tomasu321
      @Tomasu321 Рік тому +1

      You have 3 attempts before the server closes the connection, but you can just connect again. So hydra either opens a new connection for each attempt or every other attempt.
      However it's very noisy and your ip is most likely going to get banned pretty fast if used. Using Fail2Ban for example.

  • @luciferofazaroth
    @luciferofazaroth Рік тому +3

    Love hashcat use it every week I crack anywhere from 300-600 passwords a week using a GPU which I would recommend. I have used my laptops CPU to crack smaller passwords on the fly but takes quite a lot longer.

  •  Рік тому +2

    Thank you for this content

  • @nikhil2465
    @nikhil2465 Рік тому +4

    everything was easy to understand but how we are going to get ip address w/o permission

  • @Crisco4393
    @Crisco4393 Рік тому

    You are Outstanding John H.🎉❤😊

  • @BM.Molin_2.0
    @BM.Molin_2.0 Рік тому

    0:32 this video has been very helpful 1:30 ❤❤❤❤❤❤

  • @rudigerheissich9800
    @rudigerheissich9800 Рік тому +13

    How could it be that in the 1st attempt, when John typed in the password by himself, he was locked out after three attempts, but when he used the dictionary, he could try as often as he wants?

    • @wrdsalad
      @wrdsalad Рік тому

      He wasn't locked out, his session was terminated. He just needs to reestablish a new session and try again. He reached the "MaxAuthTries" or half of it, rather. Run the command "man 5 sshd_config" to find out more about "MaxAuthTries"

    • @ignovia2122
      @ignovia2122 Рік тому

      This isn't something I've looked into at all, but what makes sense in my head is that it could be something like this: Imagine that his 3 attempts to log in are like putting a key in a lock and trying to turn it. Perhaps the lock is set up to automatically kick you out when it detects three consecutive failed turns. What I'm thinking is that maybe hydra and other brute forcers/crackers are able to compare the "keys" to the "lock" without actually turning them, therefore seeing what would work and what wouldn't work without actually having to "turn the key," thus never triggering a reaction.

    • @not_salt_typhoon
      @not_salt_typhoon Рік тому +7

      Hydra starts another connection for every attempt.

    • @rudigerheissich9800
      @rudigerheissich9800 Рік тому +1

      @@not_salt_typhoon ty :)

    • @shelbyRogers-zn9rm
      @shelbyRogers-zn9rm Рік тому

      Whitehackerone is the best

  • @charangmaharaj
    @charangmaharaj Рік тому +2

    When I executed hydra I am unable to get any valid password ..message is 0 valid password

  • @phillydee3592
    @phillydee3592 Рік тому

    Very nice demonstration 👌🏼👌🏼

  • @germcauliffe7
    @germcauliffe7 Рік тому

    Another Great Video John. Fantastic Content!!!!

  • @LeMel257
    @LeMel257 Рік тому

    Duuuuuuuude!!!! The Hacker Caracters in the Passbolt!!!! hahaha Love it!

  • @Vilematrix
    @Vilematrix Рік тому +1

    hashes are just static numbers for plain asni chars. thats why salts come into place and re- hashing. most likely done with open source local cpu powerd crypto libs.

  • @gopalrajkumar7323
    @gopalrajkumar7323 Рік тому

    john your speech is well paced and your diction is excellent. Easy to understand for a fella like me. I appreciate it as do many without doubt. But can you slow down a fraction?

  • @quenchikennedy4568
    @quenchikennedy4568 Рік тому

    Sir thank you for such a great information.
    We appreciate your hard work

  • @therealblastpop4540
    @therealblastpop4540 Рік тому +2

    Interesting video. I'm really cueious how people use the mask attack.

  • @lfcbpro
    @lfcbpro Рік тому +1

    Is there a way to determine password 'rules'?
    So for example, it might say you have to use a number, character, capital letter etc?
    Thereby, you would know that passwords like 'adminadmin' are not worth trying, because they would not be allowed under the rules.
    Also, how does something like Hydra get around a time-out, where you can't try over and over, because it will either lock you out completely, or after say 5 attempts you have to wait 5 mins for next attempt to be allowed?

  • @An.Individual
    @An.Individual Рік тому +2

    4:19 definitely some naughty words in that password list 🙂

  • @beratcakr9020
    @beratcakr9020 Рік тому

    The quality of your spy job is so incredibly high. If you don't have team usespy online behind you, then you are clearly a multi talented individual. The way the access is structured are perfect, the visuals are stunning, the narration is engaging, and of course, the project is itself intriguing. You are a professional !!

  • @5DimesPlayer
    @5DimesPlayer Рік тому +1

    With Hydra, wouldn't you want to use something to mask your IP address? A firewall would detect all those password guesses, right? I'm asking as a noob.

    • @IMBlakeley
      @IMBlakeley Рік тому

      fail2ban will block pretty quick.

  • @emongtindero
    @emongtindero Рік тому

    Thank you John, really informative

  • @MailonOfficial
    @MailonOfficial 10 місяців тому

    Very helpful video not to use it against someone but for our own knowledge and have an idea how things work!

    • @nicholasbloom1
      @nicholasbloom1 10 місяців тому

      but does it help getting into an old gmail cuz i need help with that

  • @ChristopherBruns-o7o
    @ChristopherBruns-o7o 10 місяців тому

    I need help with Hydra. Someone make a video on how to use a dev tool. Like a custom login page - build out - bruteforce hydra. Is there anywhere to go to request youtube video? like for hire?
    Or any try using generative text for dynamic word list? Like 5:20 with summer2018, summer2019 etc.. I feel like how LLM tokenize the most likely next character - llm could tokenize the least likely next charcter? or something like this.

  • @AndreeaCe
    @AndreeaCe 5 місяців тому

    So why do you set up virtual machines instead of partitioning drivers, doesn't that overloads your PC?
    What's your main OS?
    Might be better to use a container than a VM. I'd invest in some good external hard drivers to set up different OS and the used for such practices. Nowadays aren't that expensive, but in case that cannot be done, guess what is your doing it's sort of all right. In the end it will affect your hardware, so you'll have to do some repairs. I also presume when used malware attacks against eachother, once connected to the internet, it will find a way to leave the VM...

  • @cybersectom
    @cybersectom Рік тому

    Another great video!

  • @ChrisspinBrakmah
    @ChrisspinBrakmah Рік тому

    I love the video, big up

  • @jacobfinder7476
    @jacobfinder7476 Рік тому

    John is great!!

  • @brainkato
    @brainkato Рік тому

    Hello I love this very much but i would like to get Kali Linux
    How do I learn the Kali Linux commands Thanks for teaching us but reply me

  • @FordCyber
    @FordCyber Рік тому

    Nice shot!! let's learn with John Hammond!!

  • @laith4291
    @laith4291 Рік тому +1

    I have a question
    What if the password bolt or whatever its name get hacked
    Does that mean every single password gonna leaks out or what

  • @currupt_cryptids8534
    @currupt_cryptids8534 6 місяців тому +1

    ok but here is the thing, how am I supposed to find out the targets ip if I dont have access to the device

  • @hirukosato7629
    @hirukosato7629 Рік тому +2

    how did u get the ubuntu and windows side by side please teach us

    • @subarunatsuki1902
      @subarunatsuki1902 Рік тому

      That's what I am wondering about right now. Did you found the solution?

  • @hamedranaee5641
    @hamedranaee5641 Рік тому

    Johny Johny you are awesome🤩

  • @abcpsc
    @abcpsc Рік тому +6

    So why SSH didn't lock the account / give you some cool down time before retry? Seem like in the brute force attack Kali just guess without being stop in any way

  • @satishtiwary
    @satishtiwary 10 місяців тому

    hydra is more easy
    you can use medusa or
    you can use ncrack

  • @FabianCorderoGonzález
    @FabianCorderoGonzález Рік тому

    What if the password manager I use gets compromised? Would they have access to all my pass saved in the manager?

  • @nobody124...
    @nobody124... 9 місяців тому

    I am interested in ethical hacking and cybersecurity can you provide some roadmap and most of the course which is available online are outdated. give some suggestion from where to start

  • @OviOvi-y6d
    @OviOvi-y6d Рік тому +1

    Vrry good well done 😝

    • @OviOvi-y6d
      @OviOvi-y6d Рік тому

      I will start using passbolt thanx

  • @Networkguy-800
    @Networkguy-800 6 місяців тому

    Question, Does one have to be on the network to be able to do that . How could you do it remotely?

  • @chaplinburp1731
    @chaplinburp1731 Рік тому

    Hello John Hammond, How do you make a Wordlist with Crunch tools?

  • @MAHESHKUMAR-zi3rj
    @MAHESHKUMAR-zi3rj Рік тому

    THANKS SIR FOR BEST VIDEO CONTINUE YOUR SERVICE

  • @diamond5003
    @diamond5003 10 місяців тому

    This was freaking helpful

  • @abdurrafaysaqlain5915
    @abdurrafaysaqlain5915 Рік тому

    Hi what if we've don't UBUNTU,or windows machine on my vmWare? which IP should I've to use for target for educatinol purposes. I'm real curious about this hope you'll answer this!

  • @hkhackeroriginal
    @hkhackeroriginal Рік тому +1

    Hats off to you.....

  • @fixer1140
    @fixer1140 Рік тому +1

    "You should not be using english words in your password"
    Me creating passwords in portuguese kkkkkkkkkkk

  • @kaas12
    @kaas12 Рік тому

    John, could you make a video about Genesis market that has recently been shut down? I’m wondering what they were selling there as they said it wasn’t just credentials but also browser addons which facilitated identity theft and account hijacking.

  • @AldrichNitron
    @AldrichNitron Рік тому

    Hi sir what if ssh is disabled on the victims machine...what would be the next steps in cracking password of username?..thanks

  • @calvinharrykojoworlanyomis8208

    you're good mate !!!

  • @ISMA20003
    @ISMA20003 8 місяців тому

    Hi, thanks for this tutorial, one question why just create one user name and stop?

  • @taiquangong9912
    @taiquangong9912 9 місяців тому

    With Responder, you have to be on the network to pull those hashes?

  • @LemonZ-Original
    @LemonZ-Original Рік тому +6

    It would be great if you could create/partner with a service that offers red team based exercises and labs that allow all levels of expertise to benefit and learn from. Something I would definitely pay for.

    • @HeimRocker
      @HeimRocker Рік тому

      What about TryHackMe or HackTheBox ?

    • @lfcbpro
      @lfcbpro Рік тому

      TryHackMe has red team exercises, a lot is membership content, but there are free labs too.

    • @mayavik1034
      @mayavik1034 Рік тому +1

      John Strand's Cyber Range

  • @parmidafrzofficial5539
    @parmidafrzofficial5539 Рік тому

    I made Hyde, but I want to take it off, what should I do??

  • @Uncle_Buzz
    @Uncle_Buzz 10 місяців тому

    So how does hydra get past the SSH password failure policy?

  • @DiscoBarbarellaYT
    @DiscoBarbarellaYT 2 місяці тому

    Whenever I do this it gets me an error that it cannot get a password due to all children being disabled thanks to too many errors! What did I do wrong? Is there something wrong with my ip?

  • @sharpie882
    @sharpie882 Рік тому

    Would trying to hack passwords be useless due to 2FA?

  • @DarkEdgeStudio
    @DarkEdgeStudio Рік тому

    what is i dont have the ip adress of the target?

  • @GabrielJasonWhitemumba
    @GabrielJasonWhitemumba Рік тому

    Love learning hacking

  • @guilherme5094
    @guilherme5094 Рік тому

    Really nice👍

  • @rs-nk8cf
    @rs-nk8cf Місяць тому

    But how do you get the ip in the first place if you dont have access to the modem

  • @charlesyaw6514
    @charlesyaw6514 Рік тому

    What's going on? Couldn't find password 'starwars' for 'user' after running Hydra

  • @jamesjones6445
    @jamesjones6445 10 місяців тому

    Are you using VMware or. What are u using to use kali and ubantu the environment

  • @bradfoster4198
    @bradfoster4198 Рік тому +9

    Couple Questions :
    Does SMB really spam out your NTLM hash to anyone who asks like that? That's kind of terrifying.
    Also, when using the dictionary attack against SSH in that way, isn't there rate limiting to prevent it from trying hundreds of passwords?

  • @legendfutboledit
    @legendfutboledit Рік тому

    Hello sir please what version of kali linux are you using

  • @MohanKumar-kp1zg
    @MohanKumar-kp1zg Рік тому +1

    Ssh is inactive how to activate the ssh

  • @kishoresamal7191
    @kishoresamal7191 Рік тому

    Can i access Android device in my system without knowing ip ?

  • @izakk91
    @izakk91 Рік тому

    Thanks for the information

  • @septiadinuransyah2269
    @septiadinuransyah2269 2 місяці тому

    Sir do you have trick to fast brute force, im using wpscan just want bruteforce 1 domain need 1 day brute tired waiting just finish it😢

  • @gamingtishan171
    @gamingtishan171 Рік тому +1

    Sir give a video on set

  • @echoawoo7195
    @echoawoo7195 Рік тому +3

    A hash is NOT an encryption.

    • @penggrin
      @penggrin Рік тому

      cool

    • @echoawoo7195
      @echoawoo7195 Рік тому +2

      @@penggrin Not cool, important.

    • @InZaNiOnGaMiNg
      @InZaNiOnGaMiNg Рік тому

      @@echoawoo7195i think its really cool and important. It can be both

  • @YusufKaratas-kn8wr
    @YusufKaratas-kn8wr Рік тому +3

    You consistently bring your all and I truly appreciate that usespy online . Thank you for making the corporate life so smooth. Proud to have you work for me. Great work as always.This is the beginning of many more good things to come. May you get everything, that you could demand. Best wishes in all you do and congrat to me as well, job well done!

  • @J_Nazmusic
    @J_Nazmusic Рік тому

    how do we know the ip we are going to attack (in this video ip a s eth0)? Do we always write a s eth0?

  • @unaccountablegaming
    @unaccountablegaming Рік тому

    Can you help me recover my account, it not hacked but I can't get in because of two-step which, I don't have the number, nor the phone