Fingerprint a Hashed Password with Hash-Identifier [Tutorial]
Вставка
- Опубліковано 8 гру 2019
- How to Fingerprint Hashed Passwords
Full Tutorial: nulb.app/z4nm2
Subscribe to Null Byte: goo.gl/J6wEnH
Kody's Twitter: / kodykinzie
Cyber Weapons Lab, Episode 132
Hashes are a way to avoid storing passwords in plain-text. It's a common security feature that requires cracking or brute-forcing in order to obtain a password during an attack. But in order to go about doing this, a hacker or pentester would need to know what kind of hash they're dealing with. We'll show you how to fingerprint a hashed password, on this episode of Cyber Weapons Lab.
To learn more, check out the article: nulb.app/z4nm2
Follow Null Byte on:
Twitter: / nullbyte
Flipboard: flip.it/3.Gf_0
Website: null-byte.com
Weekly newsletter: eepurl.com/dE3Ovb
Vimeo: vimeo.com/channels/nullbyte - Навчання та стиль
![Fingerprint Web Application Firewalls with Nmap & Wafw00f [Tutorial]](/img/n.gif)
Your OSINT videos pretty useful even for the professionals like us. Great keep up the splendid work.
Thanks karthi balaji! We really do put in a lot of hard work.
I love your videos, they’re so amazing and help with learning, youre great man! Thanks for sharing and doing so well to teach us.
Thanks we really put a lot of hard work into these videos.
Null Byte I can tell, I’ve learnt so much from you guys, keep it up!
@@NullByteWHT i i was wondering how can i obtain these hashes in the first place .. btw nice video , understandable 👍
@@Its_ReaperO_O that's via breaches
This one is definitely useful Thank you very much! I had lots of that kind of passwords now I know how to decrypt them easly👍🏻👏🏻
Awesome, I'm glad we could help! Be sure to tell your friends about the channel.
Great episode, adding this to toolkit
Yeah, we really like the tool. Sub for even more useful tools!
10:13 use `sudo !!` to repeat the previous command appending sudo to the beginning ;)
@@serenity6080 yeah I realized that possibility after writing my comment :) makes sense to go slower
Exactly, people are at different levels of knowledge so we want everyone to be able to follow.
@@serenity6080 Yeah I like the idea I'll add it to the list just have to figure how to do a whole video like that.
@@NullByteWHT I'll pitch my idea also :D how about a video talking about 0-day marketplaces (Zerodium, Mitnick's, etc) and CVE's/responsible disclosures (the two main paths hackers can take once they find 0-days). I think a comprehensive view of the landscape would make for interesting content :)
thanks for producing these great educational videos
I love your videos and I hate the new UA-cam policy that prevents hacking tutorials.
Yeah it sucks but we keep everything on our website. null-byte.wonderhowto.com/
Hey, you're grate! I don't know if you have done it yet but, could you do a tutorial about how to set up a good proxychain in kali linux, or talk about the new kali linux 2019.4? Thank's
Check out our guide on how to Fully Anonymize Kali with Tor, Whonix & PIA VPN I think you'll find it helpful. null-byte.wonderhowto.com/how-to/fully-anonymize-kali-with-tor-whonix-pia-vpn-0180040/
do you recommend any programs to make scripts or programs?
Are you asking about IDEs? We like JetBrains products like PY charm.
Can you explain how to find the hash from an encrypted USB. Thank you!
I have learned all my basic hacking skills by watching all null byte resources
@Breeze-10 like which acc If u are thinking of social media acc then they sometimes will have there own hash and rainbow tables making it difficult to crack
@Breeze-10 yes that's the same companies to stop stupid hackers like us use new hashing algorithms to hash there data and hide there info this makes working with hashed data difficult but not impossible maybe an internal leak or a complete breach may also leak out the hashing methodology or the way it hash hashed or even the rainbow table leak can completely change the game.
A time-saver for hashcat
Questions I'm new to this. Can you hide your IP when running Kali to connect directly to device. Say scanning WiFi for info or running nmap. Is there a video I missed or can you make one on it
Check this guide out, hope that helps. null-byte.wonderhowto.com/how-to/fully-anonymize-kali-with-tor-whonix-pia-vpn-0180040/
@@NullByteWHT thanks you. Big fan
lol :D i feel so unsafe now haha. Great video mate!
Yeah that's the thing about hacking it just makes you more paranoid. lol
@@NullByteWHT lol il try 😐
Can i do that on android,i am also begginer at paython and can you help me how to learn fast or some website
Love your videos.
How do I install APT on windows. I'm getting an error ... Apt is not recognized as an internal or external command
You can’t install apt on windows
so hashes are no better than encryptions? What’s stopping anyone from bruteforcing through every algorithm and then bruteforcing the resulted passwords?
If guess if you were doing this real-world, you'd make sure there was an known entry in the database that you'd put there yourself before grabbing the database, to speed things along a little. Trying to brute force a hash is time-consuming, you wouldn't want to guess at the wrong one.
ok thank you for the vedio but where i can find hashes co i can crack it ??
I have an idea. A lot of tools use or allow the option of using a regex pattern to assist in searching for various things. Could you show some examples of using advanced regex techniques? There are some pretty amazing things you can do with the more advanced regex patterns and I think the community could benefit from this idea. You Rock Null Byte.
Thanks! It's been added to the idea list!
Well done!
Thanks!
Kody bro which is the best wifi adapter for monitor mode in android phone...(supports)
Here's our guide nulb.app/x45qf
bro for a second i thought you were roman atwood and i was like uhh what i doubt roman knows what fingerprinting is
0:34 So, if it's "a way of storing information", I should be able to retrieve a 4 gig file from any length SHA digests, right? Seems like you're missing an important premise.
It seems like you don't know what site operators use hashes for! If you want to brute force a 4 gig file hash and have the time, be my guest. You'll know when you got it right, but you might have to wait a little bit.
Example: a hash table
How to extract the hashes in the first place?
Same question
How can i get the account hash ??
Video is good how i can i crake hash into plain text plz answer
john or hashcat
Thanks!
Which OS are you using?
4:23
Thanks
@@BluroStacks thanks
@@NullByteWHT I am a beginner in information security, I should use kali linux or ubuntu ? and what is my pathway for me from beginner?
@@NullByteWHT can i install all kali tools into ubuntu?
how can i get the hash
I can't pin down what it is, but the start of every video is unsettling to me (and no, it's not the blinking). It's like the perfect mix between your relative explaining something informally and a news broadcast formally informing, but in the way that it's in a superposition, perfectly reflecting both states simultaneously.
Just your everyday ordinary hacker news caster from next door. lol
Doesn’t john do this when you load up hashes?
I think it does but not 100% sure.
@@NullByteWHT does hashcat do it?
hoe to identify a hashed password on an html code?
So If U Capture A Handshake You Can Convert To A Hash And Use Hash Id To Decrypt It ?
Sort of, the handshake is a hashed password, you can then take a password list and hash them to see if the hashes match. There's a guide here nulb.app/x4kmc
Null Byte Thank You
I am your big fan
sober902 thanks for watching! Tell all of your friends about us! 😃
you can create a WI-FI wpa/wpa2 that accepts any password??
You can make a open Wi-Fi hotspot if that's what you're asking.
@@NullByteWHT
no. I want my wifi to accept any password the client writes.
for cloning the victim's wifi and force him to connect to my wifi
I think this might be what you're looking for.
null-byte.wonderhowto.com/how-to/build-pumpkin-pi-rogue-ap-mitm-framework-fits-your-pocket-0177792/
@@NullByteWHT
almost, but it doesn't work if the victim has a protected wifi (wpa or wpa2)
We need more cool videossss
🧊 vid inc!!! lol
@@NullByteWHT if you wanna some ideas I suggest DNS rebinding.
ua-cam.com/video/ne8SPEoDe8o/v-deo.html
@@NullByteWHT nob... I am talking about DNS rebinding for attacking local devices from outside the network !
@@NullByteWHT I have an article if you want to take a look on it
Hi actually i want to ask you brother i followed your instructions for evil twin ap attack but hostapd always gives an error wlan0 not started i searched for this error on internet but not able to solve it please brother make a video to solve this problem or give some instruction so that i can fix this in kali
Waiting for reply brother.
any other info have you tried it on another device sounds like it might be you WiFi chipset, can you normally use monitor mode?
@@NullByteWHT yes i can use monitor mode and packet injection
It can support ap i checked using ghost phisher however wifiphisher is not able to detect it
In airgeddon there is always an error of hostapd
I also thought that it may not support rogue access point so i ordered other adapter with atheros ar9271 and it gonna arrive in some days
But on internet i saw some reviews that people that already have atheros faced same problem with hostapd
So please tell me what to do brother
In airgeddon when attack starts wlan0 change its name to mon0 and hostapd tries to create an ap over wlan0 a interface that is no longer available
According to me i think this is the problem
Let me try please tell me how to open config file of hostapd and change wlan0 interface in it to mon0 it might work in kali ?
There is so much confusion if wlan0 changed its name to mon0 while getting into managed mode then which adapter is going on sending deauth to network i have only one i dont know what kind of error these are?
but my question is how do u acctually find someone hash
Thank you so much !!!!!!! I'm running the py code in Spyder and pasting the hashes I need to crack one by one. I'll make sure to credit you at the end of my task ! blessings :)
Hi friend, I nerd help You, to break hash, with long amount or money safe un wallet, thanks
genius
Can programmers crack online casinos and use special algorithms when playing so they can win every time?
You look like roman atwood
Hi there sir
Hello
Sir how we recover bit locker without pasword and recovery key
I don't know that that is even possible.
My question is, if im trying to find out a password to snapchat, how do i even get the hash ?
You would have to intercept a snapchat login. Or better yet just social engineer the user into giving you the password.
can i give you a hashed password and figure it out for me please
No
@@NullByteWHT can you give me any guide on base64 hashed passwords please just a gudie nothing more plzzzz
How can i get my neighbours Hash
Please blink
GOOd
GREAt
just use an online tool to identify
That works but you may not always have internet.
i cant find (blackploit /hash-identifier) pls help
use Hashid better than Hash-Identifier
We'll look into it, thanks for the tip.
He please listen up brother i caught capture file of my wifi and i tried many wordlists to crack it and i also used john the ripper but it took so many hours and still i dont get result so i aborted session somebody said if we convert cap file into txt we can directly read it through johnny gui of ripper
Please tell us how to install johnny on kali linux and please also tell is it possible for johnny to directly read txt file which contain password.waiting for your reply brother.
Thank you
no
No, it just takes a long time and a good list to crack a password.
Mate you know what
I’m here because I get scam by the anonymous guy that I don’t know
Now I need to get my account bsck
Please make a video on how to hack school cctv cameras to bunk the school 🙏
We have a video on how to hack wireless cameras: ua-cam.com/video/kXm8f9fhaxQ/v-deo.html
@@NullByteWHT thx big brother
Very dark brown, soft hash...mmmmmmm Wait. What?
Hey This is NOT Frenchy Cannoli. WTF?
Ahhh good ol' hash... mmmm
@@NullByteWHT I got some DANK SHA256. Kinda hard on the outside, tho.
First Brasil
First
Can you have Instagram account@null byte
No
First
You win ... [drum-roll].. a NULL BYTE VIDEO!!!
so like making our own rainbow tables?
@Toni ooh ok
@Toni now i understand thx
@Toni Thanks
@@NullByteWHT no thank you