Let's face it. People *hate* passwords with a passion. No matter how many breaches and disasters they hear about, 9 out 10 times they'll tell you - "But who should steal my data?". The point is not who but if. Once I have your data, whatever the data may be, they become *my* data and I can alter them any way I want, replace your old data with mine, and play jokes on you, send you to prison, make you lose your job... whatever.. Lazy over secure wins every time. An now because of that, they are buying into the 'biometrics is safe and secure myth' and give away fingerprints, retina scans, whatever...
Thanks quids! Right yesterday I visited a client who had literally "asd" as a password.... I often find even doctors with patients' records, sometimes minors, with passwords so easy to guess that a cat walking on the keyboard would get access ;)
You do realize that you would have to hack into banks data base and FBI files. A VPN will not work they are to secured, but if you do figure out some way around that them your more likly to go to jail.
The big question is what TH-cam thought about when trying to find the target demographics. Let me read some of the "Up next" videos on this video: Good morning+More Kids Dialogues | Learn English for... Learn Letters With Max the Glow Train... ABC SONG | ABC Songs for Children... Alphabet Song | ABC Song | ... Phonics Song with TWO Words... Because password cracking and security is perfectly normal for children to learn.
Crozix That is based on your browsing history including your ip location if you get cute and logout. (Remeber your view history still exists for them even if you del it)
When people are forced to use more cryptic passwords, they tend to write them down on yellow Post-It notes. I've seen them stuck to the side of monitors.
Excellent video! I actually understood masking after watching this. BUT, why didn't you use the --increment switch? Probably because you didn't want to spend all day doing this demo I'm still trying to figure out how to use that switch. The password I'm trying to crack has about 10 characters but may be as much as 12. I need some increment goodness.
Can one alter a Windows XP password from within Linux? I mean instead of cracking the password just insert a new password into a Windows XP reg file? If not how does one extract the hashes from a Windows XP system? Just to clarify this would be for me to access and old Dell XP laptop that I own. However, the environment I last used it in (2005-2006) had very stringent password requirements (upper/lower case, digits, symbols, min 10-16 chars, must be changed every month). I have no idea what password I last used on the system so I have no way to log into the system, backing up any data and then installing Linux on it. The laptop only has 2GB ram but would still be perfect for a poor college student to write papers on.
Brute force is still slow for a good standard wpa2 12 length password with uppercase lowercase and numbers can still be years that’s why no one shows a normal shows a normal 12 length brute force attack
Isn't this a user problem rather then technical, as any real Corp will salt and hash, and the only real thing this will do is hit home users until the os salt by default using a separate encryption set or two. Kinda a way to demo weak passwords, but honestly this is only going to hit the weak targets.
Aren't passwords for websites normally stored with cryptographic hashes that include a salt as well. Which means the same password won't be stored as the same hash string.
people still store cleartext passwords, allow XSS and SQL-Injections. Any good site salts and uses a good hashing algorithm, that's true, but the majority doesn't.
tommihommi1 Yeah, I don't really remember but didn't Sony do that and had a bunch of customer data leaked a few years ago and then a second time when a former employee still had remote access to their servers?
I don't see how hard it is to implement, when PHP includes a function to hash passwords using cryptographic hashes and includes salt by default. The function is password_hash() to hash passwords and to verify passwords there is the function password_verify().
People hate parsewords because they can't remember them. If you demand a 20 character set, with upper and lower case and numerals and other characters, then the only way to use that is to keep it in a file. So what does that mean? A text file on the desktop, or in 'documents' that's called my-password.txt and stores it in plain text. So developers get clever and make it impossible to paste into the password text box. So that means 30 ~ 50% of users simply must renew their password every time they log in, because nobody can remember a 200 character random password that has letters and numbers and... You can use a password generator to make them, but then you have to store them and use them, and if you can't paste into the box then your chance of correctly typing in all 40+ characters of a random string is zero. If you make rules demanding a password that is secure, then people will need to reset their password every single time they log in. That does kinda defeat the object.
I dont see any reason why random mod download site wants an account from me. I'm going to use a shit password on a throwaway account I dont give a shit about.
how do you work GTKhash? i have it installed but i dont know how to open it. i know sad right? didnt you get it from GitHub? because thats where i got mine from. heres the link. >>> github.com/tristanheaven/gtkhash i also know you can get it from Sourceforge but GitHub is my go to.
Let's face it. People *hate* passwords with a passion. No matter how many breaches and disasters they hear about, 9 out 10 times they'll tell you - "But who should steal my data?". The point is not who but if. Once I have your data, whatever the data may be, they become *my* data and I can alter them any way I want, replace your old data with mine, and play jokes on you, send you to prison, make you lose your job... whatever.. Lazy over secure wins every time. An now because of that, they are buying into the 'biometrics is safe and secure myth' and give away fingerprints, retina scans, whatever...
Thanks quids! Right yesterday I visited a client who had literally "asd" as a password.... I often find even doctors with patients' records, sometimes minors, with passwords so easy to guess that a cat walking on the keyboard would get access ;)
You do realize that you would have to hack into banks data base and FBI files. A VPN will not work they are to secured, but if you do figure out some way around that them your more likly to go to jail.
@@ryankennedy6125 😂😂😂😂☠️☠️
thanks dude, got thrown an assignment with 0 linux experience, got me going
The big question is what TH-cam thought about when trying to find the target demographics.
Let me read some of the "Up next" videos on this video:
Good morning+More Kids Dialogues | Learn English for...
Learn Letters With Max the Glow Train...
ABC SONG | ABC Songs for Children...
Alphabet Song | ABC Song | ...
Phonics Song with TWO Words...
Because password cracking and security is perfectly normal for children to learn.
Crozix
That is based on your browsing history including your ip location if you get cute and logout. (Remeber your view history still exists for them even if you del it)
Yeah, same here... wtf?!
This is the same for me. Very strange. I thought it was suppose to be based on what _I_ watch. 😂
same
Well I can tell you I don't have kids and every video suggestion was a kid show/song as written above by Crozix
Quids the tutorial's you do are superb thanks
Time to change all my passwords
When people are forced to use more cryptic passwords, they tend to write them down on yellow Post-It notes. I've seen them stuck to the side of monitors.
To you it is a Post-It note, to them It's their password manager ;)
Excellent video! I actually understood masking after watching this. BUT, why didn't you use the --increment switch? Probably because you didn't want to spend all day doing this demo I'm still trying to figure out how to use that switch. The password I'm trying to crack has about 10 characters but may be as much as 12. I need some increment goodness.
Actually i'm Kinda lost what kind of passwords you were cracking like ( email, online accounts, social media, OS passwords...etc) thanks
Quids can you describe how password managers work, are they safe and secure and can you recommend any?
Can one alter a Windows XP password from within Linux? I mean instead of cracking the password just insert a new password into a Windows XP reg file? If not how does one extract the hashes from a Windows XP system?
Just to clarify this would be for me to access and old Dell XP laptop that I own. However, the environment I last used it in (2005-2006) had very stringent password requirements (upper/lower case, digits, symbols, min 10-16 chars, must be changed every month). I have no idea what password I last used on the system so I have no way to log into the system, backing up any data and then installing Linux on it. The laptop only has 2GB ram but would still be perfect for a poor college student to write papers on.
Brute force is still slow for a good standard wpa2 12 length password with uppercase lowercase and numbers can still be years that’s why no one shows a normal shows a normal 12 length brute force attack
Really good informative video :)
Did you return to KDE Neon or was this video made before you moved to Kubuntu?
Im on Kubuntu 17.10 now
Excellent +quidsup good stuff ;)
what screen recorder do you use?
How do I use hashcat and GPUs to dictionary attack against a website
Hi, I forgot password, can you help me unlocker backup ?
I still don't get how do I get the hash of fx. my friends steam account...?
I started mine and it keeps showing like 2 minutes, 20 minutes, 1 hour, it is weird
Lol those TH-cam video recommendations xD
is that gtkhash?
Isn't this a user problem rather then technical, as any real Corp will salt and hash, and the only real thing this will do is hit home users until the os salt by default using a separate encryption set or two.
Kinda a way to demo weak passwords, but honestly this is only going to hit the weak targets.
Aren't passwords for websites normally stored with cryptographic hashes that include a salt as well. Which means the same password won't be stored as the same hash string.
Well... Not always
people still store cleartext passwords, allow XSS and SQL-Injections.
Any good site salts and uses a good hashing algorithm, that's true, but the majority doesn't.
tommihommi1 Yeah, I don't really remember but didn't Sony do that and had a bunch of customer data leaked a few years ago and then a second time when a former employee still had remote access to their servers?
I don't see how hard it is to implement, when PHP includes a function to hash passwords using cryptographic hashes and includes salt by default. The function is password_hash() to hash passwords and to verify passwords there is the function password_verify().
Excellent video! Very pedagogic! GG
People hate parsewords because they can't remember them. If you demand a 20 character set, with upper and lower case and numerals and other characters, then the only way to use that is to keep it in a file. So what does that mean? A text file on the desktop, or in 'documents' that's called my-password.txt and stores it in plain text. So developers get clever and make it impossible to paste into the password text box. So that means 30 ~ 50% of users simply must renew their password every time they log in, because nobody can remember a 200 character random password that has letters and numbers and... You can use a password generator to make them, but then you have to store them and use them, and if you can't paste into the box then your chance of correctly typing in all 40+ characters of a random string is zero.
If you make rules demanding a password that is secure, then people will need to reset their password every single time they log in. That does kinda defeat the object.
Can you help me crack my gf fb password? Please
I dont see any reason why random mod download site wants an account from me. I'm going to use a shit password on a throwaway account I dont give a shit about.
how do you work GTKhash? i have it installed but i dont know how to open it. i know sad right? didnt you get it from GitHub? because thats where i got mine from. heres the link. >>> github.com/tristanheaven/gtkhash i also know you can get it from Sourceforge but GitHub is my go to.
Can I get your email?
WAPTECS is world class hacker. Can't believe he successfully great me access to all her chats. Good service my friend.