Flipper Zero Demo: WiFi Marauder, Wireshark and Hashcat!

Talking Sasquach shows us how to crack WPA2 WiFi passwords using a Flipper Zero, Marauder, Wireshark and Hashcat! A very cool demo.
Disclaimer: Only do attack networks that you own or have permission to attack.
// Flipper Zero and WiFi Dev Board //
Get a 5% discount using my affiliate link : lab401.com/r?id=42cm8b
and/or use code DAVIDBOMBAL
WiFi Dev Board: lab401.com/products/flipper-zero-wifi-devboard
Extreme Firmware: github.com/Flipper-XFW/Xtreme-Firmware
// Talking Sasquash SOCIAL //
TH-cam: www.youtube.com/@TalkingSasquach
TikTok: www.tiktok.com/@talkingsasquach
Instagram: instagram.com/talking_sasquach/
Github: github.com/skizzophrenic
// David's SOCIAL //
Discord: discord.gg/davidbombal
Twitter: twitter.com/davidbombal
Instagram: instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
// TH-cam videos mentioned //
WiFi: th-cam.com/video/subLBPJ3IxU/w-d-xo.htmlfeature=shared
Clear Case: th-cam.com/video/pLYcAfp5PMc/w-d-xo.htmlfeature=shared
OMG Cable: th-cam.com/video/n-HRqKWc4MY/w-d-xo.htmlfeature=shared
ESP Flasher: th-cam.com/video/Kme-yWL14N8/w-d-xo.htmlfeature=shared
Dual Boot Evil Portal & Marauder: th-cam.com/video/jCPWlS5JmlY/w-d-xo.htmlfeature=shared
// MENU //
00:00:00 - Welcome Talking Sasquatch!
00:00:36 - Wi-Fi hacking workflow
00:00:50 - Overview of the de-authentication process.
00:01:26 - Wifi deauth ring cameras
00:02:10 - Wifi board
00:03:00 - Firmware used
00:04:03 - FlipperZero wifi board flashing
00:05:40 - Wi-Fi Marauder demo
00:07:18 - Getting pcap from SD card
00:07:52 - Use Wireshark to process files.
00:08:25 - Converting and saving files for Hashcat.
00:08:44 - Using CMD and Hashcat commands.
00:09:05 - Discussing password lists and how Hashcat works.
00:09:43 - Sharing experiences with FlipperZero and its capabilities.
00:10:30 - Talking about personal background and the value of learning and experimentation.
00:12:36 - Links to Nate's channel and outro.
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Disclaimer: This video is for educational purposes only.

So weird to see myself here! It was a blast filming with you! Great community you have here!!

Great video. Im a Huge fan of talking sasquatch and I love the way he breaks down his videos. Even a person like myself with not a ton of tech knowledge can understand most of what he says and I am thankful for all the hardwork done behind the scenes. All these guys and girls deserve thanks and more. God Bless all the guys and girls that don't have paywalls and work so hard for the community. Im always learning.

Sasquatch is why I even have a flipper lol. Awesome dude and love his content. As well, of course, as yours David. Glad to see a shout out to those of us who have a passion but not a lot of technical background.

Yes indeed, great video content and partnership between Bombal and Squatch (Nate). One thing I'd like to add for those jumping into this Flipper/Wifi board thing is that as you pour over what's available, it's easy to get crossed up with different techniques. Perfect example is that I was working through Squach's and others' videos from about a couple weeks ago up to this morning, and this is the first time he's started with Extreme as the firmware on the device itself. That's new, and will create some incompatibilities probably with what I already have "on-board", since in some cases the app is linked to the firmware...
This stuff just moves so fast as it really is out there for everybody to do what they want with. So... It gets confusing as hell since all the actors will refer to others for bits of their solution for flashing the dev board, the firmware used on both the flipper and the board, the version of application, etc. Updating one little component will most likely create an API error somewhere. I'll list the various people's GITs below as an FYI, but my recommendation is to pick ONE and go from there. If you don't you'll get API errors and other incompatiblities and end up sideways. All the folks contribution to the overall effort are updating things at a different pace.
HOWEVER - This fragmented ecosystem creates an 𝘼𝙒𝙀𝙎𝙊𝙈𝙀 opportunity for learning how this chit works. E.g. I can use a firmware like RogueMaster, a flashing tool from somebody else, and *.bin or *.fap/fam files from completely different folks now that I understand it. So where possible, read and understand the code. I've created a directory structure separating all of them, and now can pick and choose. A large-ish SD card is also a big help...
Here's the list of the GIT's I've used bits and pieces of, just as an FYI.
github.com/justcallmekoko/ESP32Marauder/releases/tag/v0.12.0
github.com/SkeletonMan03
github.com/0xchocolate/flipperzero-wifi-marauder/releases/tag/v0.6.2
flipc.org/0xchocolate/flipperzero-esp-flasher?branch=main
github.com/InfoSecREDD
github.com/skizzophrenic/flipper-zero-evil-portal
github.com/H4ckd4ddy/flipperzero-sentry-safe-plugin/releases/tag/v1.1
github.com/UberGuidoZ/Flipper
github.com/RogueMaster/flipperzero-firmware-wPlugins/releases
github.com/RogueMaster/awesome-flipperzero-withModules
and just today esp.huhn.me/
Now we can add: github.com/Flipper-XFW/Xtreme-Firmware
And of course the "standard" site:
lab.flipper.net/
And I'm sure I'm forgetting some you'll stumble across along the way... Apologies if I'm "overcooking" the whole thing, but that's the way I roll unfortunately.
Some of these are probably now updated since I send this. That's just the way it goes. Much gratitude to the Talking Squach and all the others for the work. It would be cool if there was one single place you could go for the most current or complete version(s), but this theater is just moving too fast, which again makes it educational and fun as hell.

I follow Sasquash for a couple months now and his channel have really great tutorial for flipper and the guy is awesome! 🎉 Happy to see you doing a video together!

That’s what I’m doing, I quit messing with tech for 20 years. Im a welder working 65 hours a week. Got into it by running into a guy with a MacBook I traded a 79’ mongoose for. Then bought a 3D printer and a flipper zero. I’ve been learning as much as I possibly can

Always love seeing practical demos like these. Great work

as always, great educational video and yet another fantastic collaboration . this is my favourite channel on youtube and i love it because Sir David always post exceptionally impressive videos on cybersecurity and cybertech . LOVE FROM PAKISTAN SIR DAVID AND THANK YOU FOR KEEPING THE CONTENT FANTASTIC.💖💖

We need a duo between you and Networkchukk for sure!!

I know I’m a little late to this video but I use both these guys all the time and it’s so cool to see them work together

WOW, I wasn't expecting this.Thanks, David, for bringing Sasquach to your show 😃😃 great content , as always

This was great.
Talking Sasquach was who I seen that put up enough videos for me to stumble my way through learning what I do know about the Flipper Zero.
I missed the first round of sales on them & then got one when they restocked.
But by then, things changed so much with how you install custom firmware (like Xtreme).

Thanks for shining a spotlight on Nate. Wow, what an inspiring story and resource! Thanks, DB!!

I was confused for a moment because I am using the same desktop wallpaper like talking sasquach. Tanks for sharing!

Thanks David, I love how you stop him and ask him to break it down. I noticed most most of them just like to run on and don’t try to explain much of what they’re doing. Sometimes it makes me question what they’re doing.

Two of my favorite tech guys in one video. I love talking squash flipper videos

Another great video David. I have watched a few of your videos talking about the Flipper Zero & I have finally just ordered one. Cannot wait to get started with it 😁

This was interesting as I was considering this device. I just wish he had given a little bit more background at the beginning on specifically why he was using certain mods or firmwares. He kind of launched right into the fact that he was using a very customized device but didn't really give a lot of justification for why one would use the upgraded device versus what one could do out of box with the Wi-Fi module.

BEEN WATCHING BOTH YOUR VIDEOS SEPARATE AMAZING TO SEE YALL DO THIS TOGETHER VERY INFORMATIVE AND FUN TO WATCH IM NOT IN IT I SHARPEN SAWS AT A MILL THE FLIPPER MAKES ME WANT TO LEARN AS MUCH AS POSSIBLE THANKS TO CHANNELS LIKE THIS ITS EASY 🔥🔥🔥🔥

Congrats 🎊 is so cool to see you here with Mr.Bombal I couldn’t believe what I was looking and I saw your face, incredible good work you two I’ll be here thank you far all your hard work!🎉

I want to see more OTW I just got my Linux basics for Hackers certification and it started with this channel

Both guys are a great I watch every bit every time.

Thank you, I like the cmd trick in explorer.

received EAPOL, and my file pcap is empty

Wonderful guest😊

Why might my pcap file have no packets in, it. the pmkid isnt force deauthing my devices, which ok fine. maybe it only sniffs for handshakes, but when I do the disconnecting from my AP and then reconnect a few times while running the pmkid, still no packets in my pcap file?
I made sure to save the pcap files to my sd card and I am able to save and download the pcap files, but when I open them they are completely empty?

David your the man thanks for the great content and interducing to us another awsome content creator

Really cool going through his start up video

Love it!🤩

David Bombal the god father of TH-cam Cybersecurity ❤

it is doing what other programs do (such as wifite) which is capturing the handshake and using a password list , and weak passwords are still being used in the demos .. hope we can see new methods and with more complex passwords

Talking Sasquatch.. u rock !!! He’s discard rocks … noob friendly Mr RDD 😊

You can just put this thing in your pocket to sniff a handshake packet then go back home to crack the password. (Of a network you own of course)That’s pretty neat.

I bought one. I'm trying to take over world banking and eventually the world itself. Different look like it is much more than an expensive universal TV remote. Unless you want to do criminal activities by getting accounts and passwords. That never pays off. I'll be tuning in to this channel. I bought one just to play with. I probably should have spent a little more and got the mini 3 drone. I'll let myself buy a new toy every month. I'll get it next time. I think this thing has potential. It's like my raspberry Pi. Just haven't found anyting cool enough to do with it.

Im running out of time - cause I can see the sun light up the sly,so i hit the road in overdrive -baby!! Your neon sky rise background is the same as that music video.

Omg you got Sasquatch!! Awesome! 🎉

I have never worked IT either, i started reading books, watching videos, listening podcasts and stuff.

I love this partnership. 2 awesome people.

Thanks, always great people on your channel

2 things that might help:
If you show no "PCAP" files in the Marauder file location it can mean 2 things:
1 - you need to update to the newest Marauder firmware
2 - at the bottom of the Marauder app in the Flipper Zero, there's an option to the effect of "Save pcap files to the sd card"
ALLOW THIS!
NOBODY goes over this & you need to do this or or WON'T save the pcap files to the SD card!

I am always impressed by seeing videos and actually it motivates me.🎉🙏 Thank you Sir.

Nothing more rewarding then a Humble BigFoot!

Great video, very inspiring...keep posting such Great info ...saludos from Panamá 🇵🇦

A colab i never knew i needed

5:53 blur was applied 1 frame after the thign was already shown so thats leaked

I really want a flipper zero now.

Tried doing my own network which is 2.4 Ghz :/ I get the EAPOL messge and download the file, I then move it to wireshark and its blank 0 packets. am i missing something?

Excellent interview 12:30 😊

First recorded hack targeting phone calls, was not really a hack but was a prank made by some teens that got a job at the phone company, disconnecting and misdirecting calls.

PMKID is not a 4 way handshake. As a matter of fact, for router susceptible to the PMKID attack, you don't even need an attached client device.

I love you guys so much thanks for teaching me to get better at wat I like

david is such a good guy! Sasquash seems nice to watch too

i like how you tried to blur the wifi stuff, but you can still see it. a fram or two

I did everything ok but my pcap files are empty when I opened it in wire shark. Also this files has 0 bytes. Can anyone help me? Thanks!!

6:41, i did it the same, the device says the same as yours but when I open the file, there isn't any data

Already tried it on my flipper 0

My step dad is hall of fame bmx guy that’s cool you are into bmx and bikes.

He keeps you out of trouble,
Stop living in a bubble,
His videos never fumble,
His name is David Bombal.

keep the hard work

i had made a video that had a similar title as yours and I got a strike on my channel just by using the words "evil portal and wifi marauder" how are you still up?

do some routers have in place security not to release the hash? i had a tried this on my 2.4 network and all the pmkids came up 0 packets in wireshark, i also used multiple devices to keep trying to join the network while the deauth was going for better results to grab a hash.i have asus router with alot of firewall tools and ai i wonder if they have prevention measures

If I can write on python script with similar functionality like dirb(with multiprocessing for better performance) and search url by mask with wildcards and other script which I can call cool and useful and I use them myself but I am not smart enough to meet market requirements and find good job what should I do?

two great channels.

Can you open Bluetooth padlocks or app control pad locks

Great interview!!!

Hey! Curious nerd here - wouldn’t you be able to do everything the Flipper is doing here already just by using Kali Linux alone? Aircrack-ng is included in most distributions and it has the ability to do deauthentication, I think.

How to hack 5gz wifi because when i perform evil twin attack when I death 2.4gz the clients will automatically connected to 5gz

Capturing a handshake isn't really the hard part of cracking WPA, it's the dictionary attack. It's cool that the Flipper Zero can do it, but so can so many other devices, so it's not particularly unique. I also don't understand why it was loaded into Wireshark. It's not necessary unless for some reason you don't think that capture contains the handhsake of the SSID you're after.

The crached.txt looks interesting to me. Made it yourself ? Or pulled it from somewhere? Thx

Great video sir..Waiting for Jason Sir next video sir..when we can except sir..Love From India💌

For the maruder do we need the dev wifi board or can we do it only with flipper zero?

how can protect my AP from multiple deauth from kiddy outdoors? I've read rfc 4122 with its UUID implementation, but it is not used in current 802.11 specs. wtf? i couldnt understand why those Management Frames are not encrypted even in latest specs. should i write my own driver for the AP and client for UUID work for my spot, or?

I get an empty PCAP file everytime. I de-authed my network and confirmed by checking my laptop and phone during the experiment. It says Recieved EAPOL on the screen during the experiment, but when i go to open the file in wireshark there is nothing there. Has anyone else run into this

I'm guessing the answer to this question is super obvious --- but.... Where do we get the passwords list that you used? I'm guessing it's not provided since its considered ... naughty?

YES!! Love this one 🙌🏼

scanning runs but list is clear? Help!! pls

Like an old guy I used to work with would say, "You're kinda going 'round yer arse to get to yer elbow"... Don't you think?
Neat concept though, but there ARE easier ways to capture handshakes haha

Where did you get the password text file for hashcat?

Yeah boy David Bombal again

imagine a full band frequency editor man

I have just broken my flipper zero screen on a trampoline the screen protector is not broken, but the screen and the plastic are do you know how I can fix it

So you do the password forcing with 3 methods at the same time? , fliper zero, prowler and hascat

Nice video David...we need more 😢

Xtreme, or Rogue Master?

the trick is to crack the password without a password list. WiFi passwords now are super random letters and digits.

Kindly refrain from using the term "decode" when referring to the process of cracking hashes. While "decode" is suitable for operations involving base64, it is not accurate for hash cracking. Precision in terminology is crucial in this context.

Bruteforcing has been around since even bfore wifi came out.
Using the flipper, Its just a way more complex way of actual bruteforcing it through a pc, wich you used anyway.
There is plenty of other software wich makes this way more easyer then shown here with the flipper.

I feel like most people who call others script kiddies are usually “script kiddies” themselves who can’t figure out how to use whatever themselves

Sasquatch! Cool vid!!

I like watching your videos + why don't you add dubbing in Portuguese, TH-cam itself offers that.

My man ❤

Can you change peoples password for internet?

How can I order from Vietnam? Someone help me

Idk why but my Flipper is saving blank PCAP files. Nothing is being saved for some reason.

the fact that he uses Windows says a lot

@davidbombal Is there a way to convert the pcap file without relying on a website?

Oh no, the blurring didn't cover up the AP for 3 frames.

blurring BSSIDs, but not in every videoframe, why?!?! WHY?!

it's impossible to buy one of these for under a 50% markup it seems. their website just doesn't actually take orders. I have tried to buy one for a few weeks but don't want to pay 350-400 for it