Hacking Complex Passwords with Rules & Munging

Поділитися
Вставка

КОМЕНТАРІ • 92

  • @gamerscodex5454
    @gamerscodex5454 Рік тому +10

    Knew about OneRuleToRuleThemAll, but learned about CEWL & munging passwords, thank you for another great video! 🙏

  • @HaxorTechTones
    @HaxorTechTones Рік тому +6

    "Psudohash" can also be added to this mix of awesome tools. It can generate millions of keyword-based mutations in seconds, based on (customizable) leet character substitutions, char-case variations and literally all of the unique word mutations these two methods evaluate to, when combined. It can also append common padding values before or after each word mutation (frequently used to make passwords longer / more complex, e.g. "!@#", "!!!" and so on) as well as range of year values in various patterns (and more).

  • @hamedranaee5641
    @hamedranaee5641 Рік тому +12

    You know what John?! , I've learned many things from you. Thank you 🤩

    • @thehackerman00
      @thehackerman00 Рік тому +1

      fr I'm trying to make content around cybersec myself and his is quite good!

  • @Lampe2020
    @Lampe2020 Рік тому +3

    Very interesting video! Just cracking these hashes like nothing...
    To the sponsor segment: I don't need Passbolt, I have a password manager built-in to Firefox.

  • @Swensa1
    @Swensa1 Рік тому +17

    Finding the right combination of rules and wordlists is tedious, and I believe it's necessary to use a technique for filtering out duplicate attempts. The hashcat-brain allows you to do just that, which is why I blindly think it's awesome.

  • @gamingtsunami6928
    @gamingtsunami6928 Рік тому +7

    love your videos sir im 17 years,,from kenya,just got a pc now its time to try some hack the box.

    • @evanalmighty9444
      @evanalmighty9444 Рік тому

      I’m 17 too and I’m in the same boat as you, if you want to connect on discord we might have some tips and tricks we can exchange.

    • @gamingtsunami6928
      @gamingtsunami6928 Рік тому

      @@evanalmighty9444 hey I would like that very much drop your discord

    • @gamingtsunami6928
      @gamingtsunami6928 Рік тому

      @@evanalmighty9444 hey where did you go

  • @Metrix2024
    @Metrix2024 Рік тому +1

    Passbolt caught my interest

  • @TechAccount-k3d
    @TechAccount-k3d Рік тому +5

    You are not safe if you're not using a password manager, some 2FA will also go a long way! cool content John!

  • @hendrikdeetlefs6266
    @hendrikdeetlefs6266 Рік тому +17

    Colabcat bans your google account if you use it

  • @neoninsv
    @neoninsv Рік тому +1

    How about password masking attacks? You able to showcase those techniques?

  • @kaptianpsyco
    @kaptianpsyco Рік тому +8

    I just used AI to convert munge to python3, works great

  • @Pratik01337
    @Pratik01337 Рік тому +4

    Great video john! But my english is a bit bad i didnt understand what "Munging" meant that you have in your title so i decided to google it and the first link that popped was of the urban dictionary and now im traumatized for my whole life!

  • @NeverGiveUpYo
    @NeverGiveUpYo Рік тому +1

    Cewl video John! :)

  • @terminatorfishstudios
    @terminatorfishstudios Рік тому

    Haven't watched yet, already hyped, will edit once I've watched

  • @HitemAriania
    @HitemAriania Рік тому

    I would highly recommend spraygen :). And thanks for a superb video John!

  • @terraflops
    @terraflops Рік тому +1

    @JohnHammond
    FYI:
    DO NOT USE THE COLABCAT IF YOU WANT TO USE GOOGLE COLAB NOTEBOOKS FOR REGULAR USE!
    YOU WILL GET SUSPENDED for violating their terms and conditions. Wish i knew this before trying to run the notebooks.

  • @MrRaja
    @MrRaja Рік тому +1

    😮 that munge script looks awesome

  • @richardmeyer418
    @richardmeyer418 Рік тому

    Thanks, John. Most illuminating.

  • @IMindiffernt
    @IMindiffernt Рік тому

    He mentioned that basic dictionary words should never be used in a password, but aren't these words the basis for things like diceware? Is diceware no longer considered good enough for generating passwords?

  • @valk9789
    @valk9789 Рік тому +15

    Enjoy the movie!

  • @lirothen
    @lirothen Рік тому

    isn't there a standard Python 2 to 3 converter? 2to3
    I should change my passwords.

  • @jonny-mp3
    @jonny-mp3 Рік тому

    Know any rules that will play around with salts?

  • @Zedorek
    @Zedorek Рік тому

    i just learnt this in my RED team course :) Cewl!

  • @debrabest5035
    @debrabest5035 Рік тому +1

    THANKS JOHN!!!!!!! YOU'RE THE BEST!!!!!!! ENJOY THE MOVIE...... BE BLESSED❤️🙏

  • @Pauleegan
    @Pauleegan Рік тому +2

    This is awesome! Please do rainbow tables next 🙂

  • @mohammedissam3651
    @mohammedissam3651 Рік тому

    9:55
    What are the odds of two different users generate the same password?

  • @MRJMXHD
    @MRJMXHD Рік тому

    Man you're awesome.

  • @loaderladdy
    @loaderladdy Рік тому +6

    it would be good to educate your viewers about the benefits of password length in defeating brute forcing attempts at password cracking like this. would you have attempted this video demo on a password hash for a password that was between 15 and 20 characters and only used 3 simple unrelated lowercase dictionary words? That would be a great educational video to watch John. I enjoyed this video btw 👍😀

  • @mosa345
    @mosa345 10 днів тому

    Newbies in the field think the password was quickly cracked but he already knew it and it was created in the password list so it was quickly found😅😅 The problem is that the channel owner did not tell them about this. He is proud and believes that he hacked the password

  • @rayanfernandes2631
    @rayanfernandes2631 Рік тому +1

    This is cool but now most often the hashes are of salted passwords , so its complex to crack those , btw this hack works on leet style wifi passwords 😅

  • @dcriley65
    @dcriley65 Рік тому

    Thanks John.

  • @oxycodin2253
    @oxycodin2253 Рік тому +2

    What’s munging

    • @liamjones2131
      @liamjones2131 Рік тому +1

      Do not search it on Urban Dictionary, you have been warned. It is not the same thing there.

  • @atsekbatman
    @atsekbatman Рік тому

    Cool video, thx!

  • @anuragbiswas4337
    @anuragbiswas4337 Рік тому

    Hey John, great video once again. I've been meaning to ask something. What's a good course for learning Web App Pentesting out there?

    • @jakesaunders3614
      @jakesaunders3614 Рік тому +2

      Check out TCM security’s course

    • @anuragbiswas4337
      @anuragbiswas4337 Рік тому

      @@jakesaunders3614 Thanks a lot mate, I didn't know that TCM Security also had a course for Web App Pentesting. I'll check it out immediately. Appreciate your help. Thanks a lot.

    • @AlphaYellow
      @AlphaYellow Рік тому

      @@jakesaunders3614 Yeah that's a good one

    • @jamesos2744
      @jamesos2744 Рік тому

      @@anuragbiswas4337 Rana Khalil's web security academy is great too... most of it is on UA-cam.

  • @U-shapeMgall
    @U-shapeMgall 7 місяців тому

    What about the app that I download to get the password and email

  • @mikelawrence1556
    @mikelawrence1556 Рік тому +1

    How did you crack the password in only a couple minutes? I did everything you did and have been running John for half an hour.

  • @flok.7735
    @flok.7735 Рік тому

    I thought colabcat is dead, thanks to some detecting mech. of google and a use restriction that forbids password cracking

  • @hypedz1495
    @hypedz1495 Рік тому

    John.. John Hammond.

  • @VIVEVIEV
    @VIVEVIEV Рік тому +3

    That’s not the type of munging I know about 🤪

  • @rvft
    @rvft Рік тому +3

    Pro tip, put emoji in your password and keep it at least 12 characters long, there you have uncrackable password, no matter what you put as password.

    • @jdjax592
      @jdjax592 Рік тому +7

      Rule one: everything is crackable.
      Rule two: saying something is unhackable, makes u get hacked.

    • @learneducateteach9624
      @learneducateteach9624 Рік тому

      Number one thing i learned on security+ is that nothing is impossible to crack.😉

  • @Al-mougheer-Al-cyberany
    @Al-mougheer-Al-cyberany Рік тому

    Thank you for this Great 👍 content
    But what if passbolt got hacked
    My passwords will be available online like what happened with LastPass?

  • @KR1ML0N
    @KR1ML0N Рік тому +1

    Bitwarden ftw

  • @moh_alqadasi
    @moh_alqadasi Рік тому +1

    I hope that you will make a video by hacking the Mikrotik server, the latest update

  • @motbus3
    @motbus3 9 місяців тому

    Chatgpt might allucinate and add words that were not in the list

  • @NormTurtle
    @NormTurtle Рік тому

    Google will ban if you is use hashcat. I been banned already

  • @bhagyalakshmi1053
    @bhagyalakshmi1053 Рік тому

    Jupiter nod output coming

  • @imranexd279
    @imranexd279 3 місяці тому

    What a goated video

  • @jamesos2744
    @jamesos2744 Рік тому

    Got stopped by Google trying to use collabcat... Something about "potential abuse". Oh well!

  • @infinix_6586
    @infinix_6586 Рік тому

    Hey plz make video on Krack attack or Router firmware backdooring😊

  • @michaelngirazi5395
    @michaelngirazi5395 Рік тому

    So you look and sound like Seth Rogen 😮😮

  • @janimmikey8286
    @janimmikey8286 Рік тому

    super

  • @tyrojames9937
    @tyrojames9937 Рік тому

    COOL

  • @anilbangera1
    @anilbangera1 Рік тому

    Good

  • @klintkrossa6885
    @klintkrossa6885 Рік тому

    Try 2to3 to fix python2.

  • @xenostim
    @xenostim Рік тому

    M U N G

  • @Shindignick
    @Shindignick Рік тому +1

    Certainly not the word we need to be using in the cyber sec space. yikes.

  • @rjhornsby
    @rjhornsby Рік тому +1

    A bit meta, but related - after hearing about Passbolt from you and looking into it my problem with it is not the concept, but rather what seems like deceptive - at minimum misleading - marketing on their website. There’s no desktop app, but they have images meant to look like screenshots of a desktop app running on MacOS. Second, these MacOS screenshots hint at MacOS “native” - but Safari is conspicuously absent from the supported browsers.
    It’s disappointing that a desktop app and Safari support are missing. Disappointment, however, turns to suspicion when presented with mockups masquerading as a real product. If I feel like I’m being deceived, none of the outstanding features or benefits matter.

  • @pakekoding
    @pakekoding Рік тому

    I think u just hate JTR cause that had ur name there.
    Be honest john 😌

  • @ytsine
    @ytsine Рік тому

  • @bhagyalakshmi1053
    @bhagyalakshmi1053 Рік тому

    Mor explaining this video hash cat comment skills tools files open

  • @BRD691
    @BRD691 Рік тому

    *dies of cringe*

  • @terror403
    @terror403 Рік тому

    Hey calm down, you are speaking way too fast! Using online services to store password is a madness

  • @sesinhosantos5047
    @sesinhosantos5047 14 днів тому

    15 minutes of video to tell me to go to github and download a couple of lists, and that was the usable part of the video.
    Then you showed a very inefficient use of chatgpt, what movies to watch, a password manager and the google collab thing. If I put everything in a scale, the useless and pointless parts of the video outweight the usable ones. A lot of filler and too little substance in this one.

  • @ELIAS-og5vf
    @ELIAS-og5vf Рік тому

    I DONT Recommande USING PASBOLT USE UR BRAIN

  • @eyephpmyadmin6988
    @eyephpmyadmin6988 Рік тому

    Not saying I've been cracking neighbors wifi but if I was I'd love using rules

    • @eyephpmyadmin6988
      @eyephpmyadmin6988 Рік тому

      And if I was I'd also be very successful in getting free WiFi, but I wouldn't do anything mean like mitm bc that's actually fucked up n I'd already get free WiFi

    • @eyephpmyadmin6988
      @eyephpmyadmin6988 Рік тому

      Like dead serious I don't do mitm n stuff I do get their wifi for free tho

  • @JNET_Reloaded
    @JNET_Reloaded Рік тому

    no , no1 should use python2 anymore just edit the code and make it work for python3 print("like this dummy")

  • @saidibrahim5931
    @saidibrahim5931 4 місяці тому

    This is not working for hacking nearby wifi. Don't waste your time it's just an add video

  • @treptunes
    @treptunes Рік тому

    @JohnHammond Google Collab was instantly locked after installing colabcat because of misusuing their service. I am now trying to solve this with google. :/ I could not even buy resources anymore after that.