Big thanks to Cisco Meraki for sponsoring this video! Learn how to secure hybrid networks so you can stop these kinds of attacks: davidbombal.wiki/meraki Disclaimer: This video is for educational purposes only. I own all equipment used for this demonstration. No actual attack took place on any websites. Only use the tools demonstrated in this video on networks you have permission to attack. // MENU // 00:00 ▶ Intro 02:17 ▶ Real word example 02:58 ▶ Hashcat file format 03:28 ▶ Handshake capture (old mode) 10 digits 03:57 ▶ GPU setup 04:12 ▶ Handshake capture (old mode) 10 digits (cont'd) 06:21 ▶ Handshake capture (new mode) 8 digits 07:57 ▶ Handshake capture (old mode) 8 digits 09:07 ▶ Incrementing digits 11:55 ▶ Built-in charsets 12:22 ▶ Cracking alphanumerical passwords 18:42 ▶ Using wordlists 19:00 ▶ Conclusion // Previous Videos // WiFi WPA/WPA2 vs hashcat and hcxdumptool: ua-cam.com/video/Usw0IlGbkC4/v-deo.html Kali Wifi Adapters: ua-cam.com/video/5MOsY3VNLK8/v-deo.html Old method using airmon-ng: ua-cam.com/video/WfYxrLaqlN8/v-deo.html Old method using GPUs: ua-cam.com/video/J8A8rKFZW-M/v-deo.html // COMMANDS // Check GPU: hashcat.exe -I 10 digits (Old Method): hashcat.exe -m 2500 -a 3 10digit.hccapx ?d?d?d?d?d?d?d?d?d?d Increment WPA2 digits (Old Method): hashcat.exe -m 2500 -a 3 10digit.hccapx --increment --increment-min 8 --increment-max 20 ?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d 8 digits (New Method): hashcat.exe -m 22000 8-digit-wpa2.hc22000 -a 3 ?d?d?d?d?d?d?d?d 10 digits (New Method): hashcat.exe -m 22000 10-digit-wpa2.hc22000 -a 3 ?d?d?d?d?d?d?d?d?d?d 10 digits and alpha (New Method): hashcat.exe -m 22000 10-digit-letters-wpa2.hc22000 -1 ?d?l?u -a 3 ?1?1?1?1?1?1?1?1?1?1 Increment digits (New Method): hashcat.exe -m 22000 hash.hc22000 -a 3 --increment --increment-min 8 --increment-max 18 ?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d Increment digits and alpha (New Method): hashcat.exe -m 22000 10-digit-letters-wpa2.hc22000 -1 ?d?l?u -a 3 --increment --increment-min 8 --increment-max 12 ?1?1?1?1?1?1?1?1?1?1?1?1 // Previous Videos // WiFi WPA/WPA2 vs hashcat and hcxdumptool: ua-cam.com/video/Usw0IlGbkC4/v-deo.html Kali Wifi Adapters: ua-cam.com/video/5MOsY3VNLK8/v-deo.html Old method using airmon-ng: ua-cam.com/video/WfYxrLaqlN8/v-deo.html Old method using GPUs: ua-cam.com/video/J8A8rKFZW-M/v-deo.html // SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal UA-cam: ua-cam.com/users/davidbombal // MY STUFF // Monitor: amzn.to/3yyF74Y More stuff: www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Windows 11 safe mode with networking is not letting me use the internet or connect to wifi. I can not fix my computer without an Internet connection. Please help.
I am following you David from 2+ years. Please also look my comment.A decent fan can expect a single suggestion from your valuable time. My mobile is being spying by someone as usb debugging is turned on automatically after phone restarting automatically
As someone who works in IT for a large enterprise, I think too many tech and security companies focus too heavily on password policies. Specifically ones that are way too complex for the average user. So much that they end up either writing it down on a piece of paper or reuse the same password everywhere. The real threat and issues I’ve faced with many users is social engineering. The focus should be on social engineering and user training. Social engineering is a huge threat to business and home users in the real world. Not exactly on topic but my 2 cents.
That has been my view as well. If my password has held up for the past 90 days, why have me change it to something that may be easier to guess/crack. Looking for anomalous user activity seems like the place to put some focus. If user starts to try to access network shares they have not before (failures) , or outbound packets are out of normal bounds then take action.
Every company should have MFA if they want cyber insurance. We just had a doctor leaving his laptop behind and we were able to just open it from sleep and get right in. I also found his OS was 1903 and seeing the security aspect sucked and updated the system. But where did you run this program and from what device was this able to capture the WiFi from? Did you just need to see the computer zon network and then you jacked up in the computer? You just ran the scan and captured the WiFi code from just running the program without actually on the network?
I agree. I fell a couple times clicking on email mimicking my company IT address. Now I always check the sender email address and even then I don't really click on email not related to my daily tasks or periodically IT routine maintenance
It got me thinking about all those miners out there and hashing. I always imagined someone tricking people into "hashing" with millions of GPUs around the world for nefarious reasons the password cracking power it can have would be immense! Crazy. Great video subbed.
@@davidbombal i'm not kidding, it provides a prospective beyond what i learned in training, to some extent we get old school text in training, nothing can put that in perspective more than a real world example like those you provide
@@davidbombal u shouldnt be. Shows that his country is failing to properly provide the correct education. Meanwhile ur providing the means to kids who in the current generation do nothing but play computers and have the worst behavioral rates. A means to further worsen that behaviour
Thank you David , You have a true talent at explaining almost anything in a step by step , methodic process leaving nothing out and explaining the reasoning , that makes learning , what sometimes can start as a complex task so much easier to comprehend . I appreciate the time and knowledge you put into your channel , you are a great teacher . so many of your videos should be shown to every high school student worldwide for security awareness...Thanks Again . great work.
It's also good practice to change the SSID of home setups as the standard SSID will identify the supplier which can identify the default passwords complexity.
@@mitchellduncklee7182 I think he means more like known character set and character number of the WiFi PSK (pre-shared key/password). An example would be a Spectrum modem/WiFi/router with an SSID of MySpectrum using a default PSK of 8 characters that only consist of uppercase letters and numbers. If you are going to the trouble of changing the PSK, I agree the SSID should be changed as well. That is a really good point about the default password of the router, though changing the SSID will likely not hide anything at this point. After they crack your WiFi PSK and gain access to your network, the next target could be the router but more likely unsecured devices on your network are of more value.
All that really matters is the password length. To brute force, you need to calculate the number of possibilities per individual characters, to the power of the length of the password. For example a 3 digit password using 240 possibilities per character gives 13 million possibilities. But a 4 digit password using only 72 possibilities per character gives 26 million possibilities.
Yeah, multilingual passphrases would be super"funny" to try to brute force. 15000^7 for example. Easy to remember, fast to write, pretty impossible to crack.
Like you mentioned, you might get lucky and get the password cracked in seconds or minutes, even when hashcat says something like > 10 years. The thing that hashcat is calculating there is your hashing rate, and the total number of permutations in the keyspace. The estimate is how long it will take hashcat to burn through the entire keyspace, not the estimated amount of time to find the password.
I just took a class last semester on Ethical Hacking and I’ve learned more watching your videos then I did all semester. I still have so many questions and I wish I had friends that did this stuff so I could learn more
David your videos are great and to the point, I am glad your are not sipping coffee😂😂😂. I have been in IT since 1967 ( I know it’s a long time) this environment has changed so much. I use to work on troubleshooting shooting the COBOL F compiler for IBM I was able to write in machine language. I use to modify the machine code on the punch cards to screw with the guys code so it would do something else rather what the program was coded for as a joke. I am now taking up ethical hacking to learn how hackers penetrate a network so I could help my clients avoid potential problems. This environment is so complex now but great to work with and I enjoy every minute of it. You add so much value to what I am learning and enhancing my knowledge, thank you very much for your videos.
For simplicity the most important PW I use is a simple sentence of only 6 words in a foreign language with 2 misspellings and and one incomplete word. That's easy to remember as is one other which is just a mathematical formula containing a notation error. About 25 years ago, the Gov't. dropped its case against PGP. I'm told that this occurred as the lawyers were actually walking through the courtroom doors. I asked a mathematician friend about why they would do that. He replied, "Why do you think that decryption can only occur with discovery of the 'key' or that, if discovery were required, that it could only be achieved by brute force." He refused to elaborate and now he's dead (natural causes).
This is the first time I see one of your videos and the very first thing I see after some minutes is that it might be useful for you to switch your camera above your PC. It Feels quite stressful that you look to the site every some seconds. Good video tho ^^ I'm halfway in and I'll probably look until the end
You don't need a lengthy complex password. Just use 3 unrelated words like your dogs name + your favorite food + your favorite song. Then write each other letter big and add 1 or 2 symbols in-between the words. Easy to remember - impossible to brute force, impossible twith dictionary attack too
Manufacturers should simply add a retry delay, or retry limit. Even a 1 second retry delay is enough to beat brute-force attacks, without users noticing any delay. Even 8 digits gives you an average of 1.5 years minimum.
Retry delay only works if the computer is actively trying to connect with each attempt, my understanding is that those are recorded packets from the router that can be obtained without the target even knowing, and then cracked away from the device to retrieve the password. There are some caveats to this method of cracking though, most of the time pure brute force is terribly inefficient, and the passwords he used were set lengths, only numeric, or started at a relatively low "number" in the brute force list (starting with a 0 as the first character for example) A pure brute force over all possible lengths up to just 12 and alphanumeric will take a pretty long time, not even considering adding special characters
@@cavemanthog Yes you're right. Cracking WPA handshakes is done offline. So here, it's basically defending again handshakes captures, de-auth attack (and even for that, a hacker could just monitor wireless traffic waiting for it). Maybe using certificates to authenticate on the network. But for regular domestic use, you usually don't do that. You can as well put MAC address filtering, but there it's easy to spoof... It can be tedious to manage MAC address everytime you need to connect with a new device, or if the one who administrate home network is not there. But once again, mac address filtering is not really reliable, you can easily analyze the traffic and get the mac address in the wireless frame. So for WPA wireless network security, either use strong password policies or use certificates but then again, it's restricted until authorization.
Specifically, you need to use something like vmware ESXi but that is not something you would normally use at home. He is obviously referring to something like vmware Workstation and/or Hyper-v running on top of Windows. ESXi would be a dedicated machine running vms, not Windows.
@@smudge1619 actually he did not specify a hypervisor. He merely said you cannot get access to a GPU from a VM, which is incorrect. And plenty of people run ESXi at home.
@@TheDainerss I understand, I was filling in your comment with constructive examples/ specifics for people who don't know what would actually work since you did not give examples and just said some hypervisors can.
2 роки тому+10
I agree that WPS should be disabled in a first place, but WSP can be "delayed" - for example 3 incorrect tries locks WPS for 5 min or more. Then, brute force attacks become useless - I meant brute force PixieWPS method
you normaly dont try to bruetforce against the router or whatever. If someone connects to the wifi the hash gets submited cleartext. with your computer you can then read out the hash and start bruteforcing offline
Having a complex password is nice and all but not when you want other people to remember it as well who aren't necessarily tech savvy. I think the real problem is that we ask real people to have to input passwords in the first place. We need better forms of authentication that don't require us to have to dumb down passwords so people can remember them. WPS was a good first attempt but it never really evolved in the way that it needed to solve these kinds of problems.
Thanks Dear David Sir for all this effort. We really Enjoy your Pen testing Tutorials. And we've seen a lot in cracking Passwords... How about we go a lil bit deeper into attacking devices. I'm sooo down into putting hands into that case though. By the Way Thanks again For all This lit Stuff... Blessings 🕊❤🤗
I was told by a IT guy in the navy that using those tools he could crack all the passwords in a week. He was a geek that lived in California and could drive to work and back only using peoples wifi when he worked as a google network engineer.
If it's just straigh bruteforce, there's no way for you to get *that* lucky - 40s on an "impossible" crack? Is the time estimate flawed? Or does use something else than just going through all permutations randomly / in order?
Fun Fact: "Meraki" means "loving what you do" in Greek. In a greek (mis)interpretation, the product's name would mean "Cisco's love on what it's doing"
I have a router home and it's specifically for my phones. For configuration I did on it and it was broadcasting 2 SSID. The first started malfunctioning running at 2mbs to 4.+mbs consuming 2gb in less than 2hrs. Every settings I did was same. What could be the cause?
I recall seeing that story out of Israel and it was very interesting. Fortunately (or unfortunately, depending on who you are) in my part of the world (one of the Western European countries), most if not all routers come with a random, alphanumeric, 10+ character default password. For all intents and purposes, this is essentially 'uncrackable' in any reasonable timeframe.
I have a few questions if anyone might be able to shed some light? My home router uses a digit-only default password. However, its a 20 digit password. Obviously the cracking time would be lower than a 20 char alphanumeric+specials PW. However, as we saw from the differences in estimated time between 8, 9 and 10 digit passwords, estimated time grows exponentially. Would 20 digits make it reasonable safe, or are we still talking days rather than years to crack? Also, does hashcat start at the lowest number and work up? So for 8 digit PW, would the pattern be: 00000000 00000001 00000002 etc? If so, would it be logical to start your passwords with digits/characters that start later in the list of options?
I find this intersting moreover because the default password on a sky router was 8 digits made up of upper, lower and numericals however when I tested this.. simple method really I had my password in front of me after about 8 minutes. Long story short, if someone want's into your Wi-Fi bad enough there's no real stopping it unless you manually set your password to 16+ digits and most people overlook this as they are convinced that upper/lower/numerical passwords are so strong and secure, until they see how easy a brute force can be!
Hello sir, @David Bombal I have followed the guide step by step the Old version 2500 is not working in hashcat, the new method I havenot completed the problem is where the file "8-digit-wpa2.hc22000" come from in the prevoius videos we captured the file with kali as .CAP then it was converted to hccapx, so the file with me having extension of hccapx and you use the extension of hc22000, Please where this come from? am I missing something?
I love the video and the application. I have a laptop I’m wanting to put hash at on but I seem to be having a problem of getting it to recognize the program. Have you done an installation video? I have windows 10. Keep up the great content.
Hello, I have a question. Since even more complex passwords can be cracked, then is worth to add MAC filtering on router to secure yourself in this way?
In 2012 I found a buried extension cord from my yard going to my neighbor's house. I unplugged it and while waiting for him to come home to confront him, I decided to attempt to hack his wifi. I pulled a very old Pentium 4 PC out of the closet and installed Kali. As a novice, I had his wifi cracked in a few hours attacking his WPS with aircrack-ng. I had free internet for the next year and do not feel guilty one bit. My electric bill dropped $80 a month and I am certain he stole my power for about the same time I borrowed his internet.
No matter what I do, someone will complain. Trying to show the issue with passwords - but it still only took me 40 seconds to get a 10 alphanumeric password.
What is more secure WPA2 psk or WPA/WPA2 psk? (Both with AES) I don't know if wpa/wpa2 means that it is encrypted 2 times by wpa and wpa2 or it means that it works with wpa for devices that don't support wpa2 (which would be like having wpa, thats bad)
Thanks for the video and your clear, concise instruction . Very useful. Suggestion: For videos like these in particular, it would be nice if you could change your system theme to dark mode and use sublimetext exclusively so we're not being blinded when you switch from the command prompt / terminal back to notepad / file explorer... I think I can speak for everyone when I say our retinas would appreciate it ;) Thanks
I think the big take away from this as well if someone hasn't noticed as that simply adding special characters and upper case letters and numbers to your password as well as making the character length 10+ simply raised the crack time from a few minutes to potentially 10 years almost .... Even if a person's got a high end card .... Makes you wonder if that dude had 10 Quadros in line cracking passwords I would be astonished to no how significantly lower the crack times would be 😂 probably crack big business wifi passwords although granted they probably aren't using WPA/WPA2
i got this problem "Initializing backend runtime for device #1. Please be patient..." and i had searched alot but can't solve it .... can you help me please ?
Just letters & numbers, case sensitive: 1/62 per character Add symbols: equal to or greater than 1/92. By using other alphabets, you gain more characters, making the chance of guessing each character less likely. This is just the math, using other languages, such as Chinese, buys you more characters that they must guess from.
I like using phrases for passwords and seperate the words with special characters and numbers. I aslo start and end with special characters. Its long and complex but easy to remember. Also have security + certification and associates degree in cybersecurity. So know a lil more then the average person.
Why not have a router that locks out over X number of log-in attempts. After 5 different tries it locks out everyone not connected? Only Ethernet connecting into the device allows resetting? Would this be a simple answer beyond a large software created password?
It might be easty to brea into easy passowords but what can you do after? I see so many videos about cracking passwords but nobody tell you if you can do anything with it.
Why use an old version of hashcat, even with the 4-way you could just convert the cap to the hc22000 format and use the latest version? I think the advice to use the old version is pretty confusing.
Hi David, I only just came across your channel and I subbed because the ethical hacking you teach is just brilliant! I've learned so much in 48 hours. I'd like to ask, how does one choose a password cracking length that is under the 8 character limit? It states during the attack that you can only have min 8 to max 18. I've looked at the hashcat website guide but cannot seem to locate a command that allows for an attack under 8 characters.
ADSL TELEPHONE COMPANIES UTILIZE SOME OLDER ROUTERS THAT UTILIZE ALPHA NUMERIC, AND THERE IS A .C CODE THAT CAN BE RUN AND PIPED INTO JOHN TO BRUTEFORCE THE PASSWORD, AND THOSE GPUS' MAKE IT FASTER! NATION STATES UTILIZE A CLUSTER OF THESE, QUANTUM COMPUTERS CAN BE UTILIZED AS WELL
Have you talked about or would you talk about diceware as a password generation scheme? In particular getting significantly longer than 10 characters versus tossing in some special characters and the like…
What I am interested in is how. What is happening in the background. Is each potential password being hashed, and the hash checked against the hash which was scraped from the Wi-Fi network to see if it matches? If so, is this only feasible due to modern GPUs being so powerful? A deep dive into the actual process behind this would be very interesting to me.
Hi David, just around having issues with my kali vm... Whenever I boot up kali, for sometime the internet works and i can browse, but later, the Network Manager gives up and eth0 goes down Having any solution???
How do you bring your GPUs to an external public or private wireless to crack its login? You are showing a crack on internal file? How will you get these files from a far away wireless router?
very nice vide. BTW what usb wifi adapter you use witn m1. I tried 3 USB adapters and I can't use them om M1 MacBook. I am looking some adapter what will work on ARM Kali on VM.
When the router receives a large number of attempted logins that are failing, does it not introduce a timeout that increases over time to slow down further attempts?
![Find Information from a Phone Number Using OSINT Tools [Tutorial]](http://i.ytimg.com/vi/WW6myutKBYk/mqdefault.jpg)
![Lp. Сердце Вселенной #60 РОЖДЕНИЕ ЛОЛОЛОШКИ [Финал] • Майнкрафт](http://i.ytimg.com/vi/YoR0pAV9FVQ/mqdefault.jpg)
Big thanks to Cisco Meraki for sponsoring this video! Learn how to secure hybrid networks so you can stop these kinds of attacks: davidbombal.wiki/meraki
Disclaimer: This video is for educational purposes only. I own all equipment used for this demonstration. No actual attack took place on any websites. Only use the tools demonstrated in this video on networks you have permission to attack.
// MENU //
00:00 ▶ Intro
02:17 ▶ Real word example
02:58 ▶ Hashcat file format
03:28 ▶ Handshake capture (old mode) 10 digits
03:57 ▶ GPU setup
04:12 ▶ Handshake capture (old mode) 10 digits (cont'd)
06:21 ▶ Handshake capture (new mode) 8 digits
07:57 ▶ Handshake capture (old mode) 8 digits
09:07 ▶ Incrementing digits
11:55 ▶ Built-in charsets
12:22 ▶ Cracking alphanumerical passwords
18:42 ▶ Using wordlists
19:00 ▶ Conclusion
// Previous Videos //
WiFi WPA/WPA2 vs hashcat and hcxdumptool: ua-cam.com/video/Usw0IlGbkC4/v-deo.html
Kali Wifi Adapters: ua-cam.com/video/5MOsY3VNLK8/v-deo.html
Old method using airmon-ng: ua-cam.com/video/WfYxrLaqlN8/v-deo.html
Old method using GPUs: ua-cam.com/video/J8A8rKFZW-M/v-deo.html
// COMMANDS //
Check GPU:
hashcat.exe -I
10 digits (Old Method):
hashcat.exe -m 2500 -a 3 10digit.hccapx ?d?d?d?d?d?d?d?d?d?d
Increment WPA2 digits (Old Method):
hashcat.exe -m 2500 -a 3 10digit.hccapx --increment --increment-min 8 --increment-max 20 ?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d
8 digits (New Method):
hashcat.exe -m 22000 8-digit-wpa2.hc22000 -a 3 ?d?d?d?d?d?d?d?d
10 digits (New Method):
hashcat.exe -m 22000 10-digit-wpa2.hc22000 -a 3 ?d?d?d?d?d?d?d?d?d?d
10 digits and alpha (New Method):
hashcat.exe -m 22000 10-digit-letters-wpa2.hc22000 -1 ?d?l?u -a 3 ?1?1?1?1?1?1?1?1?1?1
Increment digits (New Method):
hashcat.exe -m 22000 hash.hc22000 -a 3 --increment --increment-min 8 --increment-max 18 ?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d
Increment digits and alpha (New Method):
hashcat.exe -m 22000 10-digit-letters-wpa2.hc22000 -1 ?d?l?u -a 3 --increment --increment-min 8 --increment-max 12 ?1?1?1?1?1?1?1?1?1?1?1?1
// Previous Videos //
WiFi WPA/WPA2 vs hashcat and hcxdumptool: ua-cam.com/video/Usw0IlGbkC4/v-deo.html
Kali Wifi Adapters: ua-cam.com/video/5MOsY3VNLK8/v-deo.html
Old method using airmon-ng: ua-cam.com/video/WfYxrLaqlN8/v-deo.html
Old method using GPUs: ua-cam.com/video/J8A8rKFZW-M/v-deo.html
// SOCIAL //
Discord: discord.com/invite/usKSyzb
Twitter: twitter.com/davidbombal
Instagram: instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
UA-cam: ua-cam.com/users/davidbombal
// MY STUFF //
Monitor: amzn.to/3yyF74Y
More stuff: www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Always love your videos david, keep it up!
Windows 11 safe mode with networking is not letting me use the internet or connect to wifi. I can not fix my computer without an Internet connection. Please help.
How does kali Linux fit in here? I waited the whole video for the Kali part but this was all done in windows.
I am following you David from 2+ years. Please also look my comment.A decent fan can expect a single suggestion from your valuable time. My mobile is being spying by someone as usb debugging is turned on automatically after phone restarting automatically
Thanck ✌️
As someone who works in IT for a large enterprise, I think too many tech and security companies focus too heavily on password policies. Specifically ones that are way too complex for the average user. So much that they end up either writing it down on a piece of paper or reuse the same password everywhere. The real threat and issues I’ve faced with many users is social engineering.
The focus should be on social engineering and user training.
Social engineering is a huge threat to business and home users in the real world.
Not exactly on topic but my 2 cents.
exactly!
That has been my view as well. If my password has held up for the past 90 days, why have me change it to something that may be easier to guess/crack. Looking for anomalous user activity seems like the place to put some focus. If user starts to try to access network shares they have not before (failures) , or outbound packets are out of normal bounds then take action.
also mfa.. every company should have mfa as standard
Every company should have MFA if they want cyber insurance. We just had a doctor leaving his laptop behind and we were able to just open it from sleep and get right in. I also found his OS was 1903 and seeing the security aspect sucked and updated the system.
But where did you run this program and from what device was this able to capture the WiFi from?
Did you just need to see the computer zon network and then you jacked up in the computer?
You just ran the scan and captured the WiFi code from just running the program without actually on the network?
I agree. I fell a couple times clicking on email mimicking my company IT address. Now I always check the sender email address and even then I don't really click on email not related to my daily tasks or periodically IT routine maintenance
It got me thinking about all those miners out there and hashing. I always imagined someone tricking people into "hashing" with millions of GPUs around the world for nefarious reasons the password cracking power it can have would be immense! Crazy. Great video subbed.
i've learn more from this show than have from years of ongoing technical certification, thank you
Very happy to hear that!
@@davidbombal i'm not kidding, it provides a prospective beyond what i learned in training, to some extent we get old school text in training, nothing can put that in perspective more than a real world example like those you provide
Same here
@@davidbombal u shouldnt be. Shows that his country is failing to properly provide the correct education. Meanwhile ur providing the means to kids who in the current generation do nothing but play computers and have the worst behavioral rates. A means to further worsen that behaviour
@@TheRukaslover cope
Thank you David , You have a true talent at explaining almost anything in a step by step , methodic process leaving nothing out and explaining the reasoning , that makes learning , what sometimes can start as a complex task so much easier to comprehend . I appreciate the time and knowledge you put into your channel , you are a great teacher . so many of your videos should be shown to every high school student worldwide for security awareness...Thanks Again . great work.
I really admire your commitment to creating these videos , thanks a lot David .
It's also good practice to change the SSID of home setups as the standard SSID will identify the supplier which can identify the default passwords complexity.
You mean "admin-admin" or "admin-password" (common default user-passwords)
@@mitchellduncklee7182 I think he means more like known character set and character number of the WiFi PSK (pre-shared key/password). An example would be a Spectrum modem/WiFi/router with an SSID of MySpectrum using a default PSK of 8 characters that only consist of uppercase letters and numbers.
If you are going to the trouble of changing the PSK, I agree the SSID should be changed as well.
That is a really good point about the default password of the router, though changing the SSID will likely not hide anything at this point. After they crack your WiFi PSK and gain access to your network, the next target could be the router but more likely unsecured devices on your network are of more value.
in all fairness, any wifi scanner worth its salt than can show MAC addresses regardless of SSID, will usually show the firmware vendor either way ;)
@@klontjespap Depends on who reserved the OUI but fair enough.
I guess you can slow someone down, or confuse them that way. Like, use a SSID pattern of some other familiar device manufacturer.
All that really matters is the password length.
To brute force, you need to calculate the number of possibilities per individual characters, to the power of the length of the password.
For example a 3 digit password using 240 possibilities per character gives 13 million possibilities.
But a 4 digit password using only 72 possibilities per character gives 26 million possibilities.
Yeah, multilingual passphrases would be super"funny" to try to brute force. 15000^7 for example. Easy to remember, fast to write, pretty impossible to crack.
what about handshake method? Am I safe if I use 60 characters lenght password key?
is it me or does he have a new monitor in every video. Love the stuff David produces, learning so much.
Is that a Samsung? Looks even wider.
Perfect way to end the night another bombal upload!! Thanks for the awesome content and tutorials as always!!
Thank you! Glad you are enjoying the videos :)
Like you mentioned, you might get lucky and get the password cracked in seconds or minutes, even when hashcat says something like > 10 years. The thing that hashcat is calculating there is your hashing rate, and the total number of permutations in the keyspace. The estimate is how long it will take hashcat to burn through the entire keyspace, not the estimated amount of time to find the password.
Well put
I just took a class last semester on Ethical Hacking and I’ve learned more watching your videos then I did all semester. I still have so many questions and I wish I had friends that did this stuff so I could learn more
The problem is balancing security and convenience. Nobody wants a 12-14 digit WiFi password with random characters and numbers
There must be a way to lock the Wi-Fi router down for a few minutes after 3 failed attempts.
It doesnt need to be random, 14 digits will be enough
It's not hard to make a 25 char pass with symbol and caps n numbers that is simply a sentence/word for you lazy ppl is how hackers get in
@@Mehwhatevr Huh? He wasn't constantly trying to log in...he is brute forcing the hashed handshake.
I use a password with 20 random characters and numbers. And for the guest I have a QR code on the door
David your videos are great and to the point, I am glad your are not sipping coffee😂😂😂. I have been in IT since 1967 ( I know it’s a long time) this environment has changed so much. I use to work on troubleshooting shooting the COBOL F compiler for IBM I was able to write in machine language. I use to modify the machine code on the punch cards to screw with the guys code so it would do something else rather what the program was coded for as a joke. I am now taking up ethical hacking to learn how hackers penetrate a network so I could help my clients avoid potential problems. This environment is so complex now but great to work with and I enjoy every minute of it. You add so much value to what I am learning and enhancing my knowledge, thank you very much for your videos.
For simplicity the most important PW I use is a simple sentence of only 6 words in a foreign language with 2 misspellings and and one incomplete word. That's easy to remember as is one other which is just a mathematical formula containing a notation error. About 25 years ago, the Gov't. dropped its case against PGP. I'm told that this occurred as the lawyers were actually walking through the courtroom doors. I asked a mathematician friend about why they would do that. He replied, "Why do you think that decryption can only occur with discovery of the 'key' or that, if discovery were required, that it could only be achieved by brute force." He refused to elaborate and now he's dead (natural causes).
That #ad was so smoothly squeezed in there I barely understood what was going on when it started :'D bro... Well done!
Thank you very much Mr. Bombal, this is the best video on UA-cam and the entire internets of how to do the real thing.
This is the first time I see one of your videos and the very first thing I see after some minutes is that it might be useful for you to switch your camera above your PC. It Feels quite stressful that you look to the site every some seconds.
Good video tho ^^ I'm halfway in and I'll probably look until the end
Thank you David. I'm a total noob to this stuff and your videos are really exciting/motivating me to learn.
The cracking speed is amazing!! Would you make a video using Cloud GPU??
This video is so helpful for people like myself trying to get into cyber security.
Thank boss. I need more of this. Buying an offensive security pack is expensive. Your video helps a lot.
You don't need a lengthy complex password. Just use 3 unrelated words like your dogs name + your favorite food + your favorite song. Then write each other letter big and add 1 or 2 symbols in-between the words. Easy to remember - impossible to brute force, impossible twith dictionary attack too
Manufacturers should simply add a retry delay, or retry limit.
Even a 1 second retry delay is enough to beat brute-force attacks, without users noticing any delay. Even 8 digits gives you an average of 1.5 years minimum.
Retry delay only works if the computer is actively trying to connect with each attempt, my understanding is that those are recorded packets from the router that can be obtained without the target even knowing, and then cracked away from the device to retrieve the password.
There are some caveats to this method of cracking though, most of the time pure brute force is terribly inefficient, and the passwords he used were set lengths, only numeric, or started at a relatively low "number" in the brute force list (starting with a 0 as the first character for example)
A pure brute force over all possible lengths up to just 12 and alphanumeric will take a pretty long time, not even considering adding special characters
@@cavemanthog and then he will say that we use easy passwords to decrease time required for demonstration.
@@cavemanthog Yes you're right. Cracking WPA handshakes is done offline. So here, it's basically defending again handshakes captures, de-auth attack (and even for that, a hacker could just monitor wireless traffic waiting for it). Maybe using certificates to authenticate on the network. But for regular domestic use, you usually don't do that. You can as well put MAC address filtering, but there it's easy to spoof... It can be tedious to manage MAC address everytime you need to connect with a new device, or if the one who administrate home network is not there. But once again, mac address filtering is not really reliable, you can easily analyze the traffic and get the mac address in the wireless frame. So for WPA wireless network security, either use strong password policies or use certificates but then again, it's restricted until authorization.
that's not how this works. you already have the encrypted password (the hash) and then you are trying to decrypt the password which takes time.
4:21 This is incorrect, you can 100% gain direct access to a GPU from a vrtual machine depending on the hypervisor you use.
Specifically, you need to use something like vmware ESXi but that is not something you would normally use at home. He is obviously referring to something like vmware Workstation and/or Hyper-v running on top of Windows. ESXi would be a dedicated machine running vms, not Windows.
@@smudge1619 actually he did not specify a hypervisor. He merely said you cannot get access to a GPU from a VM, which is incorrect. And plenty of people run ESXi at home.
@@TheDainerss I understand, I was filling in your comment with constructive examples/ specifics for people who don't know what would actually work since you did not give examples and just said some hypervisors can.
I agree that WPS should be disabled in a first place, but WSP can be "delayed" - for example 3 incorrect tries locks WPS for 5 min or more. Then, brute force attacks become useless - I meant brute force PixieWPS method
you normaly dont try to bruetforce against the router or whatever. If someone connects to the wifi the hash gets submited cleartext. with your computer you can then read out the hash and start bruteforcing offline
Idk why and idk how I am getting recommended these videos, but ye thank God bro
I’m still a Linux newbie on Manjaro and I’m just starting to learn code. However, I found this totally fascinating.
Having a complex password is nice and all but not when you want other people to remember it as well who aren't necessarily tech savvy. I think the real problem is that we ask real people to have to input passwords in the first place. We need better forms of authentication that don't require us to have to dumb down passwords so people can remember them. WPS was a good first attempt but it never really evolved in the way that it needed to solve these kinds of problems.
Thanks Dear David Sir for all this effort. We really Enjoy your Pen testing Tutorials. And we've seen a lot in cracking Passwords... How about we go a lil bit deeper into attacking devices. I'm sooo down into putting hands into that case though. By the Way Thanks again For all This lit Stuff... Blessings 🕊❤🤗
Great suggestion!
_Just found your site, __-better-__ much better than "other's" out there, think I'll take a quick look over your previous ones. Thanks for work_ 👍🏻
Love seeing RGB GPUs. Great Content as always 💥
its always a delite to see your content... always gets me pumped up...!! keep on rocking!! love your videos
Okay, my tech detox is over.
Starting to learn from Mr. DB again 😜💯✌️
Just a comment to support the channel. Love the content.
Very good information and instruction, appreciate the content 🙏🏼 cheers mate.
I was told by a IT guy in the navy that using those tools he could crack all the passwords in a week. He was a geek that lived in California and could drive to work and back only using peoples wifi when he worked as a google network engineer.
yea good idea put all your data on other peoples routers! why didnt I think of that!
you are the most honest person i have seen thank you bombal keep going
Thank you, I appreciate that 😀
If it's just straigh bruteforce, there's no way for you to get *that* lucky - 40s on an "impossible" crack? Is the time estimate flawed? Or does use something else than just going through all permutations randomly / in order?
always love Davids Channel. very very Informative and interesting.
Fun Fact: "Meraki" means "loving what you do" in Greek. In a greek (mis)interpretation, the product's name would mean "Cisco's love on what it's doing"
Hello, nice video first time watching you. If you recorded very often you screen why not use a capture device and don't stress out your GPU?
hey how can i get the 10 letter digits file thing
Great video David! Thank you so much.
I have a router home and it's specifically for my phones. For configuration I did on it and it was broadcasting 2 SSID. The first started malfunctioning running at 2mbs to 4.+mbs consuming 2gb in less than 2hrs. Every settings I did was same. What could be the cause?
Great tutorials David! Keep them coming!
I recall seeing that story out of Israel and it was very interesting.
Fortunately (or unfortunately, depending on who you are) in my part of the world (one of the Western European countries), most if not all routers come with a random, alphanumeric, 10+ character default password. For all intents and purposes, this is essentially 'uncrackable' in any reasonable timeframe.
and then 20% of the people change them to their telephone number or something easy to remember, IF they have the skills
Just found ur channel. Very informative. New sub!
David with his super computer cracks passwords in 40 seconds.
Me with my old PC, in 40 days :p
hashcat gives me an error "No hashes loaded" I captured the handshake using wifite and even tried with airgeddon but still hashcat won't run
I have a few questions if anyone might be able to shed some light?
My home router uses a digit-only default password.
However, its a 20 digit password.
Obviously the cracking time would be lower than a 20 char alphanumeric+specials PW.
However, as we saw from the differences in estimated time between 8, 9 and 10 digit passwords, estimated time grows exponentially.
Would 20 digits make it reasonable safe, or are we still talking days rather than years to crack?
Also, does hashcat start at the lowest number and work up?
So for 8 digit PW, would the pattern be:
00000000
00000001
00000002
etc?
If so, would it be logical to start your passwords with digits/characters that start later in the list of options?
I find this intersting moreover because the default password on a sky router was 8 digits made up of upper, lower and numericals however when I tested this.. simple method really I had my password in front of me after about 8 minutes. Long story short, if someone want's into your Wi-Fi bad enough there's no real stopping it unless you manually set your password to 16+ digits and most people overlook this as they are convinced that upper/lower/numerical passwords are so strong and secure, until they see how easy a brute force can be!
3:15, which video from the description is the one that describes how to capture this information please?
Here you go: ua-cam.com/video/Usw0IlGbkC4/v-deo.html
@@davidbombal Thank you, I'm an idiot. Also, do you have SA heritage? I swear that accent sounds super local!
The best chanle about computers ever
@upwardhacks what?
Thank you for clearing up some questions I had with hashcat. One question though, does running hashcat on a gpu harsh on the hardware?
If laptop then yes its harsh, if pc then depends on the cooling.
it can also be run over cpu instead of gpu. I believe when ran on kali its cpu by default because linux dosnt like graphics cards
@@jesseclutterbuck6617 :D
Hello sir, @David Bombal
I have followed the guide step by step the Old version 2500 is not working in hashcat, the new method I havenot completed the problem is where the file "8-digit-wpa2.hc22000" come from
in the prevoius videos we captured the file with kali as .CAP then it was converted to hccapx, so the file with me having extension of hccapx and you use the extension of hc22000,
Please where this come from? am I missing something?
Thanks!
that's why having a low range router is a good idea. signal just not strong enough to go out of your house or a few walls
Thanks Mr. Bombal your videos everything is bum 💥
I love the video and the application. I have a laptop I’m wanting to put hash at on but I seem to be having a problem of getting it to recognize the program. Have you done an installation video? I have windows 10. Keep up the great content.
Hello, I have a question. Since even more complex passwords can be cracked, then is worth to add MAC filtering on router to secure yourself in this way?
Really interesting information.
Thx for sharing it with us.
(Will change to WPA3 and make a longer password)
In 2012 I found a buried extension cord from my yard going to my neighbor's house. I unplugged it and while waiting for him to come home to confront him, I decided to attempt to hack his wifi. I pulled a very old Pentium 4 PC out of the closet and installed Kali. As a novice, I had his wifi cracked in a few hours attacking his WPS with aircrack-ng. I had free internet for the next year and do not feel guilty one bit. My electric bill dropped $80 a month and I am certain he stole my power for about the same time I borrowed his internet.
Sir your editing is so professional
The way you teach and reach millions of people you will easily reach the 1mil subs.
Thank you thank you thank you
As always thank you for knowledge you impart on us
Can this be done also with integrated Wi-Fi card instead of external adapter?
Im glad you explained the "easy password" reason. I've seen those comments before and just shook my head at the poster (or poser lol).
No matter what I do, someone will complain. Trying to show the issue with passwords - but it still only took me 40 seconds to get a 10 alphanumeric password.
Hello David, GREAT video. I do have one question. Is there a way to modify the optimizers being used on hashcat?? greetings!!
Nice video and very informative..will sure try this.
What is more secure WPA2 psk or
WPA/WPA2 psk?
(Both with AES)
I don't know if wpa/wpa2 means that it is encrypted 2 times by wpa and wpa2 or it means that it works with wpa for devices that don't support wpa2 (which would be like having wpa, thats bad)
Thanks for the video and your clear, concise instruction . Very useful.
Suggestion: For videos like these in particular, it would be nice if you could change your system theme to dark mode and use sublimetext exclusively so we're not being blinded when you switch from the command prompt / terminal back to notepad / file explorer... I think I can speak for everyone when I say our retinas would appreciate it ;) Thanks
I think the big take away from this as well if someone hasn't noticed as that simply adding special characters and upper case letters and numbers to your password as well as making the character length 10+ simply raised the crack time from a few minutes to potentially 10 years almost .... Even if a person's got a high end card .... Makes you wonder if that dude had 10 Quadros in line cracking passwords I would be astonished to no how significantly lower the crack times would be 😂 probably crack big business wifi passwords although granted they probably aren't using WPA/WPA2
How did you move the file to your windows computer, retrieve file and how did you get to the terminal on your computer?
You didn't tell which WIFI network is the target? Or its randomly attack on any available network?
i got this problem "Initializing backend runtime for device #1. Please be patient..." and i had searched alot but can't solve it .... can you help me please ?
Just letters & numbers, case sensitive: 1/62 per character
Add symbols: equal to or greater than 1/92. By using other alphabets, you gain more characters, making the chance of guessing each character less likely.
This is just the math, using other languages, such as Chinese, buys you more characters that they must guess from.
The viability, however, becomes very difficult due to needing the special keys to do so.
"MINDSET IS EVERYTHING", behind the sir a small fish 🐠 pretending to be Shark 🦈
And also the info is very helpful sir Thanku sir❣️❣️
You are doing good with the intro
I like using phrases for passwords and seperate the words with special characters and numbers. I aslo start and end with special characters. Its long and complex but easy to remember. Also have security + certification and associates degree in cybersecurity. So know a lil more then the average person.
Why not have a router that locks out over X number of log-in attempts. After 5 different tries it locks out everyone not connected? Only Ethernet connecting into the device allows resetting? Would this be a simple answer beyond a large software created password?
Sir, you are DOPE ! Instant sub !
Thank you!
It might be easty to brea into easy passowords but what can you do after? I see so many videos about cracking passwords but nobody tell you if you can do anything with it.
Why use an old version of hashcat, even with the 4-way you could just convert the cap to the hc22000 format and use the latest version? I think the advice to use the old version is pretty confusing.
Hi David, I only just came across your channel and I subbed because the ethical hacking you teach is just brilliant! I've learned so much in 48 hours.
I'd like to ask, how does one choose a password cracking length that is under the 8 character limit?
It states during the attack that you can only have min 8 to max 18.
I've looked at the hashcat website guide but cannot seem to locate a command that allows for an attack under 8 characters.
I'm surprised I haven't seen you do a video on airegeddon
bash: ................ command not found
that's the response I keep getting been trying for over two hours now. please how do I resolve this?
Good content. Thanks for posting.
I’m hoping to access my ‘Yi iot’ ip camera and redirect video output to my own cloud backup
ADSL TELEPHONE COMPANIES UTILIZE SOME OLDER ROUTERS THAT UTILIZE ALPHA NUMERIC, AND THERE IS A .C CODE THAT CAN BE RUN AND PIPED INTO JOHN TO BRUTEFORCE THE PASSWORD, AND THOSE GPUS' MAKE IT FASTER! NATION STATES UTILIZE A CLUSTER OF THESE, QUANTUM COMPUTERS CAN BE UTILIZED AS WELL
Sir, what do you mean "Be careful WPS you probably gonna wanna disable that", is that the WPS office tool?
Have you talked about or would you talk about diceware as a password generation scheme? In particular getting significantly longer than 10 characters versus tossing in some special characters and the like…
What I am interested in is how.
What is happening in the background.
Is each potential password being hashed, and the hash checked against the hash which was scraped from the Wi-Fi network to see if it matches?
If so, is this only feasible due to modern GPUs being so powerful?
A deep dive into the actual process behind this would be very interesting to me.
You pretty much nailed it on the head. :)
Thanks and appreciation to the professor David
You're welcome!
I miss the old WPS attack. Those were the days.
Hi David, just around having issues with my kali vm...
Whenever I boot up kali, for sometime the internet works and i can browse, but later, the Network Manager gives up and eth0 goes down
Having any solution???
How do you bring your GPUs to an external public or private wireless to crack its login? You are showing a crack on internal file? How will you get these files from a far away wireless router?
How about WPA3?
Would a duel gpu setup make it faster?
very nice vide. BTW what usb wifi adapter you use witn m1. I tried 3 USB adapters and I can't use them om M1 MacBook. I am looking some adapter what will work on ARM Kali on VM.
When the router receives a large number of attempted logins that are failing, does it not introduce a timeout that increases over time to slow down further attempts?
Apparently not
If I've got it correctly, they were cracking a captured network traffic. This does not generate any traffic.
yes 100%. and it will lock out the wps mode aswell. you can avoid this with -d for delay time between attempts