Need help? Join my Discord: discord.com/invite/usKSyzb Menu: Overview: 0:00 Alfa Card Setup: 2:09 Start Wifite: 2:48 Select WiFi network: 3:31 Capture handshake: 4:05 Convert cap to hccapx file: 5:20 Copy file to hashcat: 6:31 Hashcat: 6:50 View GPUs: 7:08 hashcat options: 7:52 Start hashcat: 8:45 Cracked: 10:31 It's really important that you use strong WiFi passwords. Otherwise it's easy to use hashcat and a GPU to crack your WiFi network. Make sure that you are aware of the vulnerabilities and protect yourself. Disclaimer: Video is for educational purposes only. All equipment is my own. Make sure you learn how to secure your networks and applications. Need help? Join my Discord: discord.com/invite/usKSyzb ================ Network Adapters: ================ Alfa AWUS036NHA: amzn.to/3qbQGKN Alfa AWUSO36NH: amzn.to/3moeQiI ================ Previous videos: ================ Kali Installation: ua-cam.com/video/VAMP8DqSDjg/v-deo.html One command wifite: ua-cam.com/video/TDVM-BUChpY/v-deo.html ================ Connect with me: ================ Discord: discord.davidbombal.com Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal UA-cam: ua-cam.com/users/davidbombal ================ Support me: ================ Join thisisIT: bit.ly/thisisitccna Or, buy my CCNA course and support me: DavidBombal.com: CCNA ($10): bit.ly/yt999ccna Udemy CCNA Course: bit.ly/ccnafor10dollars GNS3 CCNA Course: CCNA ($10): bit.ly/gns3ccna10 ====================== Special Offers: ====================== Cisco Press: Up to 50% discount Save every day on Cisco Press learning products! Use discount code BOMBAL during checkout to save 35% on print books (plus free shipping in the U.S.), 45% on eBooks, and 50% on video courses and simulator software. Offer expires December 31, 2020. Shop now. Link: bit.ly/ciscopress50 ITPro.TV: itpro.tv/davidbombal 30% discount off all plans Code: DAVIDBOMBAL Boson software: 15% discount Link: bit.ly/boson15 Code: DBAF15P Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Sir I love your videos thank you I am studying electronic and communication engineering and as a interest I am learning Kali Linux so i hope one day I can combine Kali Linux and electronic circuits to test some compony systems so o have a question is there any way to crack WPA/WPA2 ,complicated passwords like include capital letters , letters and numbers except John or evil twin or gigabytes of data password. Thank you
I install kali linux 2020.3 in VMWare. And i never can use my wireless, I learn in other video on youtube but is not work. My wireless problem is more, that interface is nothing, not detect, can't scan. I try to download newest driver, follow people instruction, buy new wireless usb adapter. But all this step is not working, I can't scan other Wi-Fi. I try my wi-fi in windows, I try my wireless usb adapter in windows all going normally. Please help me , thank's
Hi @DavidBombal I just passed the CCNA 200-301 on 12-Dec-2020, with 947 points. Thank you so much your channel helped a lot to clarify some doubts. I am looking to continue learning and help other people. Thanks 👌🏾✨
@@davidbombal your videos worth keeping people awake! . I recently got my hands dirty with CyberSecurity, starting from CEH. its very interesting and I am loving it!
@Kamey well, it depends on the eagerness and hunger for learning! What you really value! Now will you sacrifice a little bit your sleep in order to sleep peacefully in the future or will you always say, “will do it tomorrow!” And I am sure that “ tomorrow” will never come!
True, but that's why it's important to get as much information as possible before cracking. AT&T 2-wire boxes have this same problem, but 10 numbers, not 8, but still trivial to brute force. Always try a dictionary attack before resorting to brute force. People make poor choices, and sometimes vendors do too. AT&T has stepped up their game a lot by increasing the length and using numbers, letters and some special characters. For some reason, all the letters are lower case and I believe there might be patterns in the format.
The saddest thing about this 8s that there has been a fix available, for years, that would prevent an outside wifi source to force a deauth on a connected device. Why haven't manufacturers implemented this fix? It wouldn't close the hole completely, but it would sure lengthen the time to perform a handshake capture. The hacker would have to wait for a device to come along and connect to the target network, instead of being able to immediately sniff who's connected and tell the router to deauth one of them.
@@Unknown-yn4pk no, the time grows exponentially. One more printable character and it's about 75 times longer. One more on top of that and it's another 75 times longer again. Brute forcing, even with a top end card is still extremely slow. My gtx960 can do 130k hashes per second, about 20% as fast as the top end card. It took exactly two hours to brute force my home wifi even with hinting from a mask specifically constructed for my PSK, so it only guessed letters (case insensitive) where there were letters and only numbers where there were numbers. Without the hints, it would have taken years. Dictionary attacks are the only "practical" solution, unless you have knowledge of the structure of default passwords.
Anyone looking to do this now would need to convert the .cap file to hc22000 instead of .hccapx if you receive the 'separator unmatched' error in hashcat; You can convert with: hcxpcapngtool -o outputname.hc22000 handshake*.cap
This was a great explanation of how to use hashcat. I just tried cracking the NTLMv2 hash from my sandbox and it took 45 minutes on an RTX 2080 MaxQ. Masking really helped speed it up, I didn't want it to take forever. Although Howsecureismypassword says it would take 8 hours. If it was a real machine I would probably change that :)
I'd like to see you crack different router vendors because these x-digits only passwords are kinda rare and vendors are not stupid. You are more likely to run into routers that uses a letter and number combination with upper/lower case chars, some even go as far as using a password that looks like a MAC address.
In some cases you have to do some data gathering and use that to create a custom wordlist (using crunch for example) and plug in any relevant data such as birthdate of network owner name of owner's pet and so on
Good morning sir. Your tutorial was great and English as Second language learners may take time. Now Myanmar formerly called BURMA. The citizens are on the road and bagging the DEMOCRACY with peacefully. They are arms less and include students, workers and elderly too. But seen arms force are shooting with life arms and killing. In order to good success or winning their New Generation Kids are try to help with hacking. There are more students will do the same. Please help them sir. Hope you will understand their life in distress and need peaceful calling DEMOCRACY. Trust on you sir.
Good morning sir. Your tutorial was great and English as Second language learners may take time. Now Myanmar formerly called BURMA. The citizens are on the road and bagging the DEMOCRACY with peacefully. They are arms less and include students, workers and elderly too. But seen arms force are shooting with life arms and killing. In order to good success or winning their New Generation Kids are try to help with hacking. There are more students will do the same. Please help them sir. Hope you will understand their life in distress and need peaceful calling DEMOCRACY. Trust on you sir.
👉🏻| First of all, this guy isn’t a teacher, he is a genius! . Congrats for video, knowledge is power, thanks for sharing an information of quality. 🤙🏻😉👏🏻😎
Hello David, Lots of love from India. I'm following you since a long time now and I'm a big fan of yours and I watch all your videos regularly 🙂 I'm closing following your Ethical hacking tutorials and getting to learn a lot about it. I have a small request to make a video tutorial on "reaver" wireless testing tool. Thanks ☺️
Good morning sir. Your tutorial was great and English as Second language learners may take time. Now Myanmar formerly called BURMA. The citizens are on the road and bagging the DEMOCRACY with peacefully. They are arms less and include students, workers and elderly too. But seen arms force are shooting with life arms and killing. In order to good success or winning their New Generation Kids are try to help with hacking. There are more students will do the same. Please help them sir. Hope you will understand their life in distress and need peaceful calling DEMOCRACY. Trust on you sir.
Uhh yeah? I mean, I watch a lot of how to make explosive videos. It's indeed just for educational purposes only. I want to learn the chemistry. I also just find it fascinating. I blow it up on my garden. It's just so.. satisfying when something you make is working. I also usually tweak the formula a bit to my liking. I would never blow someone else's garden or house lol.
@@Zaynersyy I don't think you get the joke here lol What he is saying is that the uu literally teaches us how to use a software that usually used for malicious purposes and than says it's for educational purposes only
if you want to be safe with your internet you need to know how it works to crack your password this is ethical hacking and if you use it against someone you'll go to jail
Why I got this error I also tried in .cap the same errors: Minimum password length supported by kernel: 8 Maximum password length supported by kernel: 63 Hashfile 'josephwpa2.hccapx' on line 1 (HCPX): Separator unmatched Hashfile 'josephwpa2.hccapx' on line 2 (): Separator unmatched Hashfile 'josephwpa2.hccapx' on line 3 (): Separator unmatched No hashes loaded. Started: Tue Aug 22 17:40:33 2023 Stopped: Tue Aug 22 17:40:45 2023
Hello David! Thanks for your video! Did you try the same with hashcat after v6 when they've replaced 2500 with 22000? I am struggling on that. All the best and thank you for everything you are doing for the InfoSec community!
Hi David, could you show how to use hashcat with multiple GPUs. For example, if there is an unused mining rig, how to organize remote access and launch hashcat using the power of all its video cards. Thank you for the informative video!
They recently changed -m 2500 to -m 22000 and when I try to run it I’m getting separator unmatched errors with no results. Does anyone know how I can fix this?
Might be helpful to post the captured handshake file so individuals that do not have a capable wireless device can still work through the exercise. Good stuff David.
a good cheap laptop to get is a dell latitude 7440 or above. others will probably work too but the network card in the e7440 and also the e7470 both support monitor mode, plus the laptops are cheap, less than 200 dollars.
David thanks for all your hard work i mean it mate. The quality is on another level. 1) If possible on your next video about hashcat could you explain witch modern GPU`s works better . Is amd still a no ? 2) My problem when i was trying to hash my password ( honestly it was mine) is that i use most of the possible letters and symbols combos(paranoid much...too much hacking videos) and i couldn`t for the life of me figure out what was the right symbols to put behind the ''?''. I want the ''All'' symbol ! Plus a question : in mask attack is there a way to exclude passwords that has sequentially numbers letters and symbols ? Like 111111555 or ffffff8888 ? I believe that this would significantly cut down the time. ( currently after next big bang). Doing research found that crunch can generate a wordlist provided you configured right but the amount of terabytes its too damn high and not a valid option for me. Going down the rabbit hole i found that there is a way to "pipe" this process directly to hashcat. I haven't tried this yet cause of luck of know how and i probably wont cause also i don't have a spare pc if it goes bam!. Sorry for the rant.
2 роки тому
haha there is a way... use random number and each time you increase the random seed. for sure the number sequence will not be repeated
If I were to assume you are home, the information you provided in your wireless scan seems enough to get a very good idea of where that is. Of course some war driving would be involved.
Nice video sir...some people make 10 minute videos and I get bored to watch them but even if you make a 20 minute video...I don't feel bored at all......
Hey David, I'm following these instructions, but I keep getting an error saying that "The plugin 2500 is deprecated and was replaced with plugin 22000." When I switch my -m to 22000 instead of 2500, I get a bunch of separator errors. Do you or anyone else know how to fix this?
Okay I'm a little late to the mark here so I guess you have resolved this yourself but for anyone that is struggling still, You need to convert the .cap file to .hc22000 not .hccapx because hashcat no longer supports that format and there is more to a hash file than meets the eye so I would say disabling checks most probably wouldn't work. Use hcxpcapngtool (which I imagine you already have installed since you're watching this) and run $ hcxpcapngtool -o outputfilename.hc22000 handshake*.cap (what ever your input file is called) and yes there are no args for the input and this took me about 15 minutes to figure out... shamefully
Well oh well. 8 years, 182 days for me. I'd rather mine bitcoins )) Jokes aside, great video! As always. David's videos are the only videos on UA-cam I'm watching only if I have my notepad ready to take notes
I imagine the default wifi password was never meant to be long term secure, but simply a step up (and maybe legal requirement in some jurisdictions) to not use the same hardcoded password across all devices. Yes, they could have done a better job. Even if all they did was an sha256 of the 8-digit number and use the first 8 characters of that hash, it would increase the search space by ~429x (bump to to 10 and it's ~109951x harder). Of course, if someone knew it is just the hash of an 8-digit number, they could just compute all potential passwords up front, making it a custom wordlist attack.
yeah im trying to bruteforce my password its says the next big bang lol but i only have a 970m graphics card in my laptop i wish i was running his cards lol
Probably this is what my mother experiencing when I explaining her how to update a driver on her laptop... :D Poor her! I will do it better after this thank you! :D even if it was not the purpose of your video!
Good morning sir. Your tutorial was great and English as Second language learners may take time. Now Myanmar formerly called BURMA. The citizens are on the road and bagging the DEMOCRACY with peacefully. They are arms less and include students, workers and elderly too. But seen arms force are shooting with life arms and killing. In order to good success or winning their New Generation Kids are try to help with hacking. There are more students will do the same. Please help them sir. Hope you will understand their life in distress and need peaceful calling DEMOCRACY. Trust on you sir.
Thank you. Amazing Video. It emphasises why we should have a strong password. Especially in Wireless. Is it really this simple to capture wireless handshakes?
Good morning sir. Your tutorial was great and English as Second language learners may take time. Now Myanmar formerly called BURMA. The citizens are on the road and bagging the DEMOCRACY with peacefully. They are arms less and include students, workers and elderly too. But seen arms force are shooting with life arms and killing. In order to good success or winning their New Generation Kids are try to help with hacking. There are more students will do the same. Please help them sir. Hope you will understand their life in distress and need peaceful calling DEMOCRACY. Trust on you sir.
It's so easy! Just need to have the right tools. You can send out deauth packets to kick users off their own network then when they reconnect capture the handshake.
Thx god to let me find ur amazing perfect youtube channel. thx my Teacher . Am an IT student this is last year for me and am gonna graduate and this year we study only cyber security so u helped me a lot as ethical hacker .
Hello David I have been looking around but I don't seem to find an answer, following this tutorial on the current version of hashcat will say that -m 2500 is depracated and should use 22000 instead, But when I do 22000 with the file wap2.hccpax that we created in this tutorial it comes with separator errors. Would you have an idea of how to get around this? Thanks in advance :)
If you think this is bad, the Netcomm modem/routers that we shipped from our ISP was a1b2c3d4e5. I've used it a number of times throughout my city. I've got a Google Map list of all the places I know I can rely on for WiFi if I'm in a pinch. I've never even considered using software like this!
You can do barely nothing. At most you can try searching for some default passwords examples of the router you captured the handshake from and then see how does that router generates the password and hopefully you will find some patterns. Keep in mind that WPA, WPA2 and i think WPA3 passwords can NOT be shorter than 8 characters. A part from 8 characters, other most common password lenghts are 10, 12, 14 and 16 and 20. Those are impossible to crack with a normal pc as you would need a lot of them.
Thank you for these videos. I’m in cybersecurity and one of my classes is ethical hacking and I’ve learned more watching your videos than I have in my classes. I finally bought a pc and installed kali on it and been using it to check my network.
Besides Cracking tools and dictionary attacks , I suggest you try some phishing attacks with some powerful tools like airgeddon , fluxion , wifi-phisher . They are amazing tools with everything included . With these you will no longer have to wait if you phish your target successfully Thanks
This doesn't work for me anymore since hccapx file is no longer supported in hashcat, also the option 2500 is no longer supported, so the cap file first needs to be converted to hc22000 file and uses function 22000. I haven't managed to crack my wifi password with this function though so I'm not entirely sure about it.
@@davidbombal Haha.. That would be great but i use Alpha-Galatic complex passwords for my WPA-Infinity Router :P , (just kidding, made all that up) . But in reality people have tough time remembering their passwords so they just use their phone numbers. Also, if you could make a video on recent SolarFlare & Solar winds attack, that would be great !
David did not bumble.... Great content! I'm wondering if hashcat generates detailed logs, I'm researching a new protocol that requires seeing how the handshake deals with incorrect keys.
David just want to say loved your videos and they are pretty simple and easy to understand as well i wanted to make a request if you could make a video on evil twin attack as well that would be great
sir i love you i don't have linux but i am gonna download it and soon gonna practicing all these kinda stuff cause its meant for me to learn it in 2021 and i hope you keep uploading all these kinda i am really excited and i always wanted to have something like that and that is hacking skill
If you are having the problem that you cannot use the method 2500 because it got deprecated, like me, just try downloading the version 6.1.1 from the website and allow it to work from your antivirus
just a quick note, /usr is pronounced as U-S-R, it stands for unix system resources. just saying this because many beginners will think that the /usr directory has something to do with the user.
Is it a router or a router? Tomato or tomato? Is it Linux or Linux? Etc or etc? Seems others also disagree with you about usr: www.linode.com/community/questions/3714/how-do-you-pronounce-usr
Hi guys i found solution for this error: The plugin 2500 is deprecated and was replaced with plugin 22000 Try this: just add this in the end: --deprecated-check-disable
I followed this closely, but it gives a separator unmatched error in the file itself. Also, -m 2500 refuses to work since it is deprecated and replaced by 22000 now
@@agdmounabdelhamid934 yeah, don't use the convertor mentioned in the video, just get the capture file and go to the official hashcat convertor. It should convert it directly to hc22000. So the command would look something like: hashcat -m 22000 -a 3 cap.hc22000
In my perspective, this 8-digit key has been designed to offer a moderately secure means of authentication with the wifi router, thereby introducing an additional layer of security as you configure your own key.
Need help? Join my Discord: discord.com/invite/usKSyzb
Menu:
Overview: 0:00
Alfa Card Setup: 2:09
Start Wifite: 2:48
Select WiFi network: 3:31
Capture handshake: 4:05
Convert cap to hccapx file: 5:20
Copy file to hashcat: 6:31
Hashcat: 6:50
View GPUs: 7:08
hashcat options: 7:52
Start hashcat: 8:45
Cracked: 10:31
It's really important that you use strong WiFi passwords. Otherwise it's easy to use hashcat and a GPU to crack your WiFi network. Make sure that you are aware of the vulnerabilities and protect yourself.
Disclaimer: Video is for educational purposes only. All equipment is my own. Make sure you learn how to secure your networks and applications.
Need help? Join my Discord: discord.com/invite/usKSyzb
================
Network Adapters:
================
Alfa AWUS036NHA: amzn.to/3qbQGKN
Alfa AWUSO36NH: amzn.to/3moeQiI
================
Previous videos:
================
Kali Installation: ua-cam.com/video/VAMP8DqSDjg/v-deo.html
One command wifite: ua-cam.com/video/TDVM-BUChpY/v-deo.html
================
Connect with me:
================
Discord: discord.davidbombal.com
Twitter: twitter.com/davidbombal
Instagram: instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
UA-cam: ua-cam.com/users/davidbombal
================
Support me:
================
Join thisisIT: bit.ly/thisisitccna
Or, buy my CCNA course and support me:
DavidBombal.com: CCNA ($10): bit.ly/yt999ccna
Udemy CCNA Course: bit.ly/ccnafor10dollars
GNS3 CCNA Course: CCNA ($10): bit.ly/gns3ccna10
======================
Special Offers:
======================
Cisco Press: Up to 50% discount
Save every day on Cisco Press learning products! Use discount code BOMBAL during checkout to save 35% on print books (plus free shipping in the U.S.), 45% on eBooks, and 50% on video courses and simulator software. Offer expires December 31, 2020. Shop now.
Link: bit.ly/ciscopress50
ITPro.TV:
itpro.tv/davidbombal
30% discount off all plans Code: DAVIDBOMBAL
Boson software: 15% discount
Link: bit.ly/boson15
Code: DBAF15P
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Sir I love your videos thank you I am studying electronic and communication engineering and as a interest I am learning Kali Linux so i hope one day I can combine Kali Linux and electronic circuits to test some compony systems so o have a question is there any way to crack WPA/WPA2 ,complicated passwords like include capital letters , letters and numbers except John or evil twin or gigabytes of data password. Thank you
how to hack wifi using wsl2 kali linux ?
Your chair is sick, what is it mate?
what if wps is disabled. is still work or not?
I install kali linux 2020.3 in VMWare. And i never can use my wireless, I learn in other video on youtube but is not work. My wireless problem is more, that interface is nothing, not detect, can't scan. I try to download newest driver, follow people instruction, buy new wireless usb adapter. But all this step is not working, I can't scan other Wi-Fi. I try my wi-fi in windows, I try my wireless usb adapter in windows all going normally. Please help me , thank's
Hi @DavidBombal I just passed the CCNA 200-301 on 12-Dec-2020, with 947 points. Thank you so much your channel helped a lot to clarify some doubts. I am looking to continue learning and help other people. Thanks 👌🏾✨
Bruh I'm stuck on no hashes loaded in the last step also congrats on the ccna I've heard it's really hard
Cant Even get to run it lol
Uh.. I feel want to sleep... It's 2:54 am now ... Bye David.. gud night
Sorry to keep you awake 😔
@@davidbombal your videos worth keeping people awake! . I recently got my hands dirty with CyberSecurity, starting from CEH. its very interesting and I am loving it!
@@davidbombal David I was wondering when will u start the Christmas giveaways ?????
@Kamey well, it depends on the eagerness and hunger for learning! What you really value! Now will you sacrifice a little bit your sleep in order to sleep peacefully in the future or will you always say, “will do it tomorrow!” And I am sure that “ tomorrow” will never come!
@@arshidshafi378 30th February
add one symbol and litre and it gone to 13 years 🤭
True, but that's why it's important to get as much information as possible before cracking. AT&T 2-wire boxes have this same problem, but 10 numbers, not 8, but still trivial to brute force. Always try a dictionary attack before resorting to brute force. People make poor choices, and sometimes vendors do too. AT&T has stepped up their game a lot by increasing the length and using numbers, letters and some special characters. For some reason, all the letters are lower case and I believe there might be patterns in the format.
The saddest thing about this 8s that there has been a fix available, for years, that would prevent an outside wifi source to force a deauth on a connected device. Why haven't manufacturers implemented this fix? It wouldn't close the hole completely, but it would sure lengthen the time to perform a handshake capture. The hacker would have to wait for a device to come along and connect to the target network, instead of being able to immediately sniff who's connected and tell the router to deauth one of them.
nope, it would take less than extra 3 minutes on at least gtx1660
@@Unknown-yn4pk no, the time grows exponentially. One more printable character and it's about 75 times longer. One more on top of that and it's another 75 times longer again. Brute forcing, even with a top end card is still extremely slow. My gtx960 can do 130k hashes per second, about 20% as fast as the top end card. It took exactly two hours to brute force my home wifi even with hinting from a mask specifically constructed for my PSK, so it only guessed letters (case insensitive) where there were letters and only numbers where there were numbers. Without the hints, it would have taken years. Dictionary attacks are the only "practical" solution, unless you have knowledge of the structure of default passwords.
@@tonyfremont btw if I'm right my pass have a 12 character example 5hc73k90f7k3 i nead use a
?h?h?h?h?h?h?h?h?h?h?h?h right?
Try that on a password after you throw some letters into the mix LOL, but it is a good video at the end of the day, liked and subscribed.
Anyone looking to do this now would need to convert the .cap file to hc22000 instead of .hccapx if you receive the 'separator unmatched' error in hashcat; You can convert with:
hcxpcapngtool -o outputname.hc22000 handshake*.cap
This was a great explanation of how to use hashcat. I just tried cracking the NTLMv2 hash from my sandbox and it took 45 minutes on an RTX 2080 MaxQ. Masking really helped speed it up, I didn't want it to take forever. Although Howsecureismypassword says it would take 8 hours. If it was a real machine I would probably change that :)
What if i don't know the password Pattern Could You Explain??
MaxQ 😂
When I saw the title WPA2 I was shocked and very eager to learn but it was just some easy numbers which we all know is possible
This is a very interesting video and demonstration.
Thanks.
Glad you liked it!
Hello
I'd like to see you crack different router vendors because these x-digits only passwords are kinda rare and vendors are not stupid. You are more likely to run into routers that uses a letter and number combination with upper/lower case chars, some even go as far as using a password that looks like a MAC address.
In some cases you have to do some data gathering and use that to create a custom wordlist (using crunch for example) and plug in any relevant data such as birthdate of network owner name of owner's pet and so on
more so in the UK
@@nameless191 He's talking about the default passwords not the ones set up by the owner.
Finally the one that I'm looking for! Amazing video!! Id love to see an evil twin attack!
Thank you Nawid! All in good time :)
Good morning sir. Your tutorial was great and English as Second language learners may take time. Now Myanmar formerly called BURMA. The citizens are on the road and bagging the DEMOCRACY with peacefully. They are arms less and include students, workers and elderly too. But seen arms force are shooting with life arms and killing. In order to good success or winning their New Generation Kids are try to help with hacking. There are more students will do the same. Please help them sir. Hope you will understand their life in distress and need peaceful calling DEMOCRACY. Trust on you sir.
Great stuff, David! Thank for for the excellent explanation!
Hello
Great content as per usual keep it up David, this vidoes are very well made!
Thank you Terry!
Good morning sir. Your tutorial was great and English as Second language learners may take time. Now Myanmar formerly called BURMA. The citizens are on the road and bagging the DEMOCRACY with peacefully. They are arms less and include students, workers and elderly too. But seen arms force are shooting with life arms and killing. In order to good success or winning their New Generation Kids are try to help with hacking. There are more students will do the same. Please help them sir. Hope you will understand their life in distress and need peaceful calling DEMOCRACY. Trust on you sir.
Keep grinding we need more of these amazing videos
Yes
@@hackerindia313 yessir
Hello
@@hackerdaniel2761 what’s up man!
@@hackerdaniel2761 Hi
Great video sir! If you could make a video on cracking a password on Kali with Hashcat I think it would benefit a lot of people. Love the grind!
It is literally the same command structure as far as switches go.
I'd love to see you deploy attacks like these on a raspberry pi setup. Great content as always.
Great suggestion. This one won't work very well because we need decent GPUs
@@davidbombal I think I got about 600 keys/s lol
I tried hacking my own WiFi but realised I can't watch the video at the same time😂😂😂😂
😆
ATTENTION! No OpenCL or CUDA installation found.
Superb content as always David!
Much appreciated Rodrigo!
👉🏻| First of all, this guy isn’t a teacher, he is a genius!
.
Congrats for video, knowledge is power, thanks for sharing an information of quality.
🤙🏻😉👏🏻😎
Hello David, Lots of love from India. I'm following you since a long time now and I'm a big fan of yours and I watch all your videos regularly 🙂 I'm closing following your Ethical hacking tutorials and getting to learn a lot about it.
I have a small request to make a video tutorial on "reaver" wireless testing tool. Thanks ☺️
Thank you! And great suggestion!
@@davidbombal thank you so much for your acknowledgement ❤️🙂 looking forward to it.
In this video i think you forget or leave the blur part which i seen your previous videos
You are a awesome teacher , You explain topic very smoothly.
Thank you Alok. Not a big problem hopefully :)
Good morning sir. Your tutorial was great and English as Second language learners may take time. Now Myanmar formerly called BURMA. The citizens are on the road and bagging the DEMOCRACY with peacefully. They are arms less and include students, workers and elderly too. But seen arms force are shooting with life arms and killing. In order to good success or winning their New Generation Kids are try to help with hacking. There are more students will do the same. Please help them sir. Hope you will understand their life in distress and need peaceful calling DEMOCRACY. Trust on you sir.
*"This is how to make a BOMB"*
Disclaimer:This is for educational purposes only...
🤣🤣🤣
Uhh yeah? I mean, I watch a lot of how to make explosive videos. It's indeed just for educational purposes only. I want to learn the chemistry. I also just find it fascinating. I blow it up on my garden. It's just so.. satisfying when something you make is working. I also usually tweak the formula a bit to my liking. I would never blow someone else's garden or house lol.
@@Zaynersyy I don't think you get the joke here lol
What he is saying is that the uu literally teaches us how to use a software that usually used for malicious purposes and than says it's for educational purposes only
if you want to be safe with your internet you need to know how it works to crack your password this is ethical hacking and if you use it against someone you'll go to jail
progression hits 69% *cracked* N I C E
Why I got this error I also tried in .cap the same errors:
Minimum password length supported by kernel: 8
Maximum password length supported by kernel: 63
Hashfile 'josephwpa2.hccapx' on line 1 (HCPX): Separator unmatched
Hashfile 'josephwpa2.hccapx' on line 2 (): Separator unmatched
Hashfile 'josephwpa2.hccapx' on line 3 (): Separator unmatched
No hashes loaded.
Started: Tue Aug 22 17:40:33 2023
Stopped: Tue Aug 22 17:40:45 2023
Finally a video wich i can send to my family so they will stop asking why a random device connected to them thanks David
Hello David! Thanks for your video! Did you try the same with hashcat after v6 when they've replaced 2500 with 22000? I am struggling on that. All the best and thank you for everything you are doing for the InfoSec community!
Hey.. Are you facing some kind of error?
I did use it with 22000 successfully
@@tiloalodid u do it the exact same in the video but with 22000
Excellent presentation! Please go into detail in future videos.
Hi David, could you show how to use hashcat with multiple GPUs. For example, if there is an unused mining rig, how to organize remote access and launch hashcat using the power of all its video cards. Thank you for the informative video!
I love your material, still aspiring to be at least half the skill you are. Thank you
Menu:
Overview: 0:00
Alfa Card Setup: 2:09
Start Wifite: 2:48
Select WiFi network: 3:31
Capture handshake: 4:05
Convert cap to hccapx file: 5:20
Copy file to hashcat: 6:31
Hashcat: 6:50
View GPUs: 7:08
hashcat options: 7:52
Start hashcat: 8:45
Cracked: 10:31
They recently changed -m 2500 to -m 22000 and when I try to run it I’m getting separator unmatched errors with no results. Does anyone know how I can fix this?
Thank You So Much for a very easy to understand instructions
Mad Respect 🙏🏼
Great teacher...❤️
Thank you Sudharshan!
Might be helpful to post the captured handshake file so individuals that do not have a capable wireless device can still work through the exercise. Good stuff David.
a good cheap laptop to get is a dell latitude 7440 or above. others will probably work too but the network card in the e7440 and also the e7470 both support monitor mode, plus the laptops are cheap, less than 200 dollars.
@@RockG.o.d so with these dell laptops you don't need that Alpha wireless adapter?
@@WatchTheLadyOfHeaven313 that’s right.
Teacher, its so interesting on doing this as your guide thank u
I needed this i like the idea to crack it in windows..thnks!!!
David thanks for all your hard work i mean it mate. The quality is on another level.
1) If possible on your next video about hashcat could you explain witch modern GPU`s works better . Is amd still a no ?
2) My problem when i was trying to hash my password ( honestly it was mine) is that i use most of the possible letters and symbols combos(paranoid much...too much hacking videos) and i couldn`t for the life of me figure out what was the right symbols to put behind the ''?''. I want the ''All'' symbol !
Plus a question : in mask attack is there a way to exclude passwords that has sequentially numbers letters and symbols ? Like 111111555 or ffffff8888 ?
I believe that this would significantly cut down the time. ( currently after next big bang).
Doing research found that crunch can generate a wordlist provided you configured right but the amount of terabytes its too damn high and not a valid option for me.
Going down the rabbit hole i found that there is a way to "pipe" this process directly to hashcat. I haven't tried this yet cause of luck of know how and i probably wont cause also i don't have a spare pc if it goes bam!.
Sorry for the rant.
haha there is a way... use random number and each time you increase the random seed. for sure the number sequence will not be repeated
Dude you the bomb so glad I found your channe
why didn't you mention the problem "No hashes loaded"?
Would do well to
you found solution?
If I were to assume you are home, the information you provided in your wireless scan seems enough to get a very good idea of where that is. Of course some war driving would be involved.
May I ask why you switch to windows to use hashcat?
I'm assuming nvidia drivers are probably better on windows but I have no idea
Nice video sir...some people make 10 minute videos and I get bored to watch them but even if you make a 20 minute video...I don't feel bored at all......
Hey David, I'm following these instructions, but I keep getting an error saying that "The plugin 2500 is deprecated and was replaced with plugin 22000." When I switch my -m to 22000 instead of 2500, I get a bunch of separator errors. Do you or anyone else know how to fix this?
Same with me found anything?
Use earlier version of hashcat.... Like 4.0.1 or something like that.... And use -m 2500 in it..
You can use the same version as David's ie 6.1.1 and it will work ok. With the latest 6.2.5, it keeps throwing errors indeed.
If you're using kali linux try -m 2500 and put --deprecated-check-disable at the end and see if that works
Okay I'm a little late to the mark here so I guess you have resolved this yourself but for anyone that is struggling still, You need to convert the .cap file to .hc22000 not .hccapx because hashcat no longer supports that format and there is more to a hash file than meets the eye so I would say disabling checks most probably wouldn't work.
Use hcxpcapngtool (which I imagine you already have installed since you're watching this) and run $ hcxpcapngtool -o outputfilename.hc22000 handshake*.cap (what ever your input file is called) and yes there are no args for the input and this took me about 15 minutes to figure out... shamefully
Well oh well. 8 years, 182 days for me.
I'd rather mine bitcoins ))
Jokes aside, great video! As always. David's videos are the only videos on UA-cam I'm watching only if I have my notepad ready to take notes
I imagine the default wifi password was never meant to be long term secure, but simply a step up (and maybe legal requirement in some jurisdictions) to not use the same hardcoded password across all devices. Yes, they could have done a better job. Even if all they did was an sha256 of the 8-digit number and use the first 8 characters of that hash, it would increase the search space by ~429x (bump to to 10 and it's ~109951x harder).
Of course, if someone knew it is just the hash of an 8-digit number, they could just compute all potential passwords up front, making it a custom wordlist attack.
yeah im trying to bruteforce my password its says the next big bang lol but i only have a 970m graphics card in my laptop i wish i was running his cards lol
@@mikebrandt5773does it work? on that graphics card
Probably this is what my mother experiencing when I explaining her how to update a driver on her laptop... :D Poor her! I will do it better after this thank you! :D even if it was not the purpose of your video!
Good morning sir. Your tutorial was great and English as Second language learners may take time. Now Myanmar formerly called BURMA. The citizens are on the road and bagging the DEMOCRACY with peacefully. They are arms less and include students, workers and elderly too. But seen arms force are shooting with life arms and killing. In order to good success or winning their New Generation Kids are try to help with hacking. There are more students will do the same. Please help them sir. Hope you will understand their life in distress and need peaceful calling DEMOCRACY. Trust on you sir.
Thank you. Amazing Video. It emphasises why we should have a strong password. Especially in Wireless.
Is it really this simple to capture wireless handshakes?
Agreed. Definitely need to use strong passwords. It is very simple if you are in range and clients are connected.
Good morning sir. Your tutorial was great and English as Second language learners may take time. Now Myanmar formerly called BURMA. The citizens are on the road and bagging the DEMOCRACY with peacefully. They are arms less and include students, workers and elderly too. But seen arms force are shooting with life arms and killing. In order to good success or winning their New Generation Kids are try to help with hacking. There are more students will do the same. Please help them sir. Hope you will understand their life in distress and need peaceful calling DEMOCRACY. Trust on you sir.
It's so easy! Just need to have the right tools. You can send out deauth packets to kick users off their own network then when they reconnect capture the handshake.
Why is my output after hashcat.exe -m 22000 wpa2.hccapx -a 3 ?d?d?d?d?d?d?d?d?d returning: 'No hashes loaded'?
Good Lesson Sir 🔥🔥🔥
Thank you Ujitha
Fantastic now I don't need to pay for internet any more. Great Video
Thx god to let me find ur amazing perfect youtube channel. thx my Teacher . Am an IT student this is last year for me and am gonna graduate and this year we study only cyber security so u helped me a lot as ethical hacker .
Thanks for sharing and teaching. This video was nice and clear. Voice was great.
Hello David I have been looking around but I don't seem to find an answer, following this tutorial on the current version of hashcat will say that -m 2500 is depracated and should use 22000 instead, But when I do 22000 with the file wap2.hccpax that we created in this tutorial it comes with separator errors. Would you have an idea of how to get around this? Thanks in advance :)
same probleme here , did you find a solution?
same problem here to..
Same problems
Solution?
Same here
If you think this is bad, the Netcomm modem/routers that we shipped from our ISP was a1b2c3d4e5. I've used it a number of times throughout my city. I've got a Google Map list of all the places I know I can rely on for WiFi if I'm in a pinch. I've never even considered using software like this!
what if I don't know the password lenght?
You can do barely nothing. At most you can try searching for some default passwords examples of the router you captured the handshake from and then see how does that router generates the password and hopefully you will find some patterns.
Keep in mind that WPA, WPA2 and i think WPA3 passwords can NOT be shorter than 8 characters.
A part from 8 characters, other most common password lenghts are 10, 12, 14 and 16 and 20. Those are impossible to crack with a normal pc as you would need a lot of them.
me with my 14 character long password with 3 symbols :
PATHETIC
xD, very informational video, thank you
Thumb up for the knowledge, I changed my password immediately after the video 😂
Thanks a lot , Yes pls we need more videos using hashcat.
Thank you for these videos. I’m in cybersecurity and one of my classes is ethical hacking and I’ve learned more watching your videos than I have in my classes. I finally bought a pc and installed kali on it and been using it to check my network.
Besides Cracking tools and dictionary attacks , I suggest you try some phishing attacks with some powerful tools like airgeddon , fluxion , wifi-phisher . They are amazing tools with everything included . With these you will no longer have to wait if you phish your target successfully
Thanks
It took me only 2 min xD (same GPU)
Thanks!
LOVE your videos Great teacher securing my / SOHO / AS YOU SPEAK
Yes please do more on hashcat!!
It works fo default Password only.. it was amazing while cracking thanks for this video.,
This doesn't work for me anymore since hccapx file is no longer supported in hashcat, also the option 2500 is no longer supported, so the cap file first needs to be converted to hc22000 file and uses function 22000. I haven't managed to crack my wifi password with this function though so I'm not entirely sure about it.
love you and your content so much :D
It took a second with no extra step man thanks a lot a hacking fun God bless ya man
Those WiFi adapters are $70 now! You made the price go up lol
Unless I am missing something, David doesn’t explain why it’s essential to use a GPU versus a ‘garden variety’ CPU?
Impressive!
I am surrounded by WPS networks 🤩
Therefore only 4 digits are necessary.
The world's best teacher thanks
Most of the time people use their mobile phone numbers as their Wifi Password ! Now you know how to begin :)
lol... how many digits in your telephone number?
@@davidbombal 10
@@NeelNarayan I'll create a video about that. Want to share your number :) Just kidding. I'll have to pick a good USA telephone number example.
@@davidbombal Haha.. That would be great but i use Alpha-Galatic complex passwords for my WPA-Infinity Router
:P , (just kidding, made all that up) . But in reality people have tough time remembering their passwords so they just use their phone numbers. Also, if you could make a video on recent SolarFlare & Solar winds attack, that would be great !
wow...information knowledge for who is bigginer in this field
David did not bumble.... Great content!
I'm wondering if hashcat generates detailed logs, I'm researching a new protocol that requires seeing how the handshake deals with incorrect keys.
Thank you so much for this educational video 😊
have you tried it successfully??
Thank you so much mister David. Very cool tutorial.
David just want to say loved your videos and they are pretty simple and easy to understand as well
i wanted to make a request if you could make a video on evil twin attack as well that would be great
How to crack an 8-11 digit password if I don't know how many digits it has
sir i love you i don't have linux but i am gonna download it and soon gonna practicing all these kinda stuff cause its meant for me to learn it in 2021 and i hope you keep uploading all these kinda i am really excited and i always wanted to have something like that and that is hacking skill
Thanks for the amazing video.
A quick question after finishing your CCNA class on Udemey shall we need to buy and practice the dumps for the exam ?
Yes it is recommended, make sure to tell your exam instructor about this and you might get extra 10 mins depending on where you live.
Good luck.
@@8Jallin thanks for the reply, from where can I get the verified dumps
If you are having the problem that you cannot use the method 2500 because it got deprecated, like me, just try downloading the version 6.1.1 from the website and allow it to work from your antivirus
just a quick note, /usr is pronounced as U-S-R, it stands for unix system resources. just saying this because many beginners will think that the /usr directory has something to do with the user.
Is it a router or a router? Tomato or tomato? Is it Linux or Linux? Etc or etc? Seems others also disagree with you about usr: www.linode.com/community/questions/3714/how-do-you-pronounce-usr
Another great video. It was fun to watch.
You are doing a great job.... Pleaase continue it don't stop it....
Thx David great lesson
Wonderfull video,really amazing,like it!!!
Legend has it if you do this with an RTX3090 it will finish in the past
Hi amazing videos you make... Question can we set the time of discovering clients at WPA hacking?
Would be nice to see Hashcat bruteforcing Windows 10 SAM file to decrypt Windows password
love the vidios , just got my wifi adaptor
Finally wat I've been waiting for.... Thank you @DavidBombal
Does the same work for a random password i.e letters???
As usual one word love
Thank you!
@David Bombal Thanks for this video.
Please help
Why when I run the hashcat through the command I used in the video, this error appears to me no hashes loaded
We trust you received the usual lecture form the local system Administrator. It usually boils down to those things = errors show
Hi guys i found solution for this error: The plugin 2500 is deprecated and was replaced with plugin 22000
Try this: just add this in the end:
--deprecated-check-disable
I followed this closely, but it gives a separator unmatched error in the file itself. Also, -m 2500 refuses to work since it is deprecated and replaced by 22000 now
same probleme did you find a solution?
@@agdmounabdelhamid934 yeah, don't use the convertor mentioned in the video, just get the capture file and go to the official hashcat convertor. It should convert it directly to hc22000. So the command would look something like: hashcat -m 22000 -a 3 cap.hc22000
@@rohanmanchanda5250 it worked ! thank you
@@agdmounabdelhamid934 your welcome
your videos are Amazing always giving a great info to Viewers
In my perspective, this 8-digit key has been designed to offer a moderately secure means of authentication with the wifi router, thereby introducing an additional layer of security as you configure your own key.
True but a lot of people keep the default password