Menu: 0:00 ▶ It's not my fault! 0:49 ▶ David - you're dumb and other TH-cam comments 1:16 ▶ John quick demo 2:50 ▶ Daniel's favourite hacking tools 4:03 ▶ Script kiddie demo 4:38 ▶ Shadow file 7:10 ▶ Copy hashes to a text file 10:20 ▶ John demo 11:29 ▶ Start John 12:30 ▶ Password complexity discussion 14:58 ▶ You want an 8 hour video? 16:30 ▶ People still use bad passwords 17:30 ▶ It's your fault! 18:20 ▶ Favourite password manager 18:55 ▶ What is rockyou file? 21:55 ▶ True brute foce 24:09 ▶ A long password doesn't help you 24:31 ▶ Mutate the wordlist 25:35 ▶ Custom rules for John the Ripper 26:37 ▶ Humans make the same passwords 27:36 ▶ Where to find wordlists 30:33 ▶ Stupid ones in production 32:19 ▶ Is my password in the rockyou file 34:34 ▶ Have I been pwned: 36:19 ▶ Hashcat vs John 37:38 ▶ ophcrack 38:54 ▶ John options 39:55 ▶ Hash types 40:58 ▶ John makes it easy Previous video: th-cam.com/video/ES2P2hWuzDo/w-d-xo.html Passwords: Am i a joke to you? Big thanks to ITPro.TV for sponsoring this video. In future videos, Daniel will show us additional tools. ================ Links: ================ ITProTV Free Training: davidbombal.wiki/freeitprotv My ITProTV affiliate link: davidbombal.wiki/itprotv ======================== Mentioned in the video: ======================== Darknet Diaries: darknetdiaries.com/episode/33/ Custom rules for John the Ripper: gracefulsecurity.com/custom-rules-for-john-the-ripper/ have i been pwned: haveibeenpwned.com/ ==================== Connect with Daniel: ==================== LinkedIn: www.linkedin.com/in/daniellowrie Blog: blog.itpro.tv/author/daniellowrie/ ================ Connect with me: ================ Discord: discord.com/invite/usKSyzb Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal TH-cam: th-cam.com/users/davidbombal Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Agreed. Second best line, "...today one of the best tools for breaking 'hashwords...'". I believe we've learned some new vocabulary for the Cybersecurity world when attacking passwords from the shadow file. I'm never going to look at /etc/shadow or John the Ripper any other way. Im cracking hashwords. 🫠
Hello. Amazing content. Definitly not a joke. I'm always inspired by the daily affirmations and have missed them the last two days. I hope this finds you well. Good luck.
"if you have never done password cracking it is a time consuming operation"..... I can attest to this, as it took me around 2-3 months to learn to write a python script that cracks hashes of MD5, salted MD5, salted SHA 256 and salted SHA 512. My script cracked 556 of 1000 hashes and got me a pass for my programming module :) Thank you for the great cyber content, it is helping me through some of my modules
I've went ahead and knocked on all my neighbors doors and gave them their wifi passwords and told them to change it. They've been good I can still find them but they got much better. Making me and my family's neighborhood safer because im bored at night sometimes.
Would be interesting to dive a bit deeper into the various options hashcat and john are offering to use: for example markov chaining or prince statistical manipulation of password files.
A few days ago I wondered if I shouldn't use a password manager. I tried a couple and realized: "Wait, those passwords are actually much weaker than what I use". This is a shame lol. I used a kind of short pass phrase with variation every time, a few numbers and special characters. So I guess I will keep used my good old way till my head betrays me :D
Thanks David, you're the #1 of them all online. I have learned so incredibly much here during only 2 wks. You made me addicted to your Channel 😂 Thanks for sharing absolutely top-notch info🎉🎉🎉
David sir , next up please introduce us with what is rainbow tables , how to use em n all , was a good session tho , love this collaboration big shout out to ITPROTV ♥️ n Daniel Sir
Short answer. Rainbow tables are tables of 2 columns. What password produces what hash. That way you don't need to compute the hash, but just look for it.
... gosh ... really informative and knowledgable - thanQ for sharing: what about (re. Password lists) Eastern / Asian / European hacker languages, esp. Chinese / Japanese script (Hirigana / Katana, etc.), Russian Cyrylic), Arabic, etc. Aren't we in the West vulnerable to those kind of hacks more .. given "they" speak western languages fluently or use our own lists "against us" ?
Sorry if this is a silly question but is there a reason why most of you clear the screen followed by enter enter enter enter before typing in the command? Is there a reason for this or is it just the cool thing to do? serious question here, not just trying to be funny or something
I have a question, how would you go about informing/educating users to use passphrases instead of passwords? Is it naive to think it can be done? Thank you for great content
Making a video on how to crack a hard password is actually what a lot of people want. Editing the video would keep the video from taking 8 hours long. I don't understand how that's unreasonable to be honest.
So maybe keep a password book - you know - a paper book with your complex passwords. People can be so lazy. Case in point- I told my relatives to have complex passwords, like 14+ characters instead of 1234 - which they used for their bank account. Even after two of them had 40K stolen, they still don’t get it. People are just tech illiterate.
Hey Professor, Question in your course from udemy CCNA, any ideas where I can get a switch from? Which one you can recommend that is not expensive but good to follow along in your course? Let me know when you get a chance. Thank you Jose
David sir,I have a serious question please help. What should I do my phone and windows PC was hacked all my social media accounts were also hacked? can resetting and then changing all passwords remove hacker?.... After doing all that I have a tooooooo silly question does sim card data pack also get malwares?? Should I change sim card also??
My passwords are hacker horror; I seem to have a weak life security profile. Fine balance in protection from hacking and all out paranoia. I'm just now seeing my vulnerabilities and it's shocking.
Menu:
0:00 ▶ It's not my fault!
0:49 ▶ David - you're dumb and other TH-cam comments
1:16 ▶ John quick demo
2:50 ▶ Daniel's favourite hacking tools
4:03 ▶ Script kiddie demo
4:38 ▶ Shadow file
7:10 ▶ Copy hashes to a text file
10:20 ▶ John demo
11:29 ▶ Start John
12:30 ▶ Password complexity discussion
14:58 ▶ You want an 8 hour video?
16:30 ▶ People still use bad passwords
17:30 ▶ It's your fault!
18:20 ▶ Favourite password manager
18:55 ▶ What is rockyou file?
21:55 ▶ True brute foce
24:09 ▶ A long password doesn't help you
24:31 ▶ Mutate the wordlist
25:35 ▶ Custom rules for John the Ripper
26:37 ▶ Humans make the same passwords
27:36 ▶ Where to find wordlists
30:33 ▶ Stupid ones in production
32:19 ▶ Is my password in the rockyou file
34:34 ▶ Have I been pwned:
36:19 ▶ Hashcat vs John
37:38 ▶ ophcrack
38:54 ▶ John options
39:55 ▶ Hash types
40:58 ▶ John makes it easy
Previous video: th-cam.com/video/ES2P2hWuzDo/w-d-xo.html
Passwords: Am i a joke to you?
Big thanks to ITPro.TV for sponsoring this video.
In future videos, Daniel will show us additional tools.
================
Links:
================
ITProTV Free Training: davidbombal.wiki/freeitprotv
My ITProTV affiliate link: davidbombal.wiki/itprotv
========================
Mentioned in the video:
========================
Darknet Diaries: darknetdiaries.com/episode/33/
Custom rules for John the Ripper: gracefulsecurity.com/custom-rules-for-john-the-ripper/
have i been pwned: haveibeenpwned.com/
====================
Connect with Daniel:
====================
LinkedIn: www.linkedin.com/in/daniellowrie
Blog: blog.itpro.tv/author/daniellowrie/
================
Connect with me:
================
Discord: discord.com/invite/usKSyzb
Twitter: twitter.com/davidbombal
Instagram: instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
TH-cam: th-cam.com/users/davidbombal
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
best line "It's not my fault that you use a weak password"
lol... agreed 😀
Aloo
lol
Agreed. Second best line, "...today one of the best tools for breaking 'hashwords...'". I believe we've learned some new vocabulary for the Cybersecurity world when attacking passwords from the shadow file. I'm never going to look at /etc/shadow or John the Ripper any other way. Im cracking hashwords. 🫠
I'd like to thank you again David for the video you released some time ago. I think more about what I should do about tomorrow rather than today.
You're welcome. Make the most of your time.
Hello.
Amazing content.
Definitly not a joke.
I'm always inspired by the daily affirmations and have missed them the last two days.
I hope this finds you well.
Good luck.
These collaborations with Daniel are amazing!!!
"if you have never done password cracking it is a time consuming operation"..... I can attest to this, as it took me around 2-3 months to learn to write a python script that cracks hashes of MD5, salted MD5, salted SHA 256 and salted SHA 512. My script cracked 556 of 1000 hashes and got me a pass for my programming module :)
Thank you for the great cyber content, it is helping me through some of my modules
Another cool content from two great heroes
I've went ahead and knocked on all my neighbors doors and gave them their wifi passwords and told them to change it. They've been good I can still find them but they got much better. Making me and my family's neighborhood safer because im bored at night sometimes.
Would be interesting to dive a bit deeper into the various options hashcat and john are offering to use: for example markov chaining or prince statistical manipulation of password files.
Some of these tools have been around since the 90s....john still works
thank u guys so much for this vid.
You're welcome!
Thanks for the great content David!!!! And keep up the great work you do at spreading knowledge.
Brought back in time again!
Thanks David for creating such wonderful videos
You're welcome Siddhant!
Please, can anyone tell me how he managed to get the hashes for the users??!
I was looking for good wordlists. Thank you!!!
You're welcome!
Again this is amazing 😂😂
Now david might think why he is saying same thing every time 😂😂😂😂😂
Thank you Shreesha!
@@davidbombal please can you say me is andrax hacking os is good please make a video on that please 😁😁
@@davidbombal can we crack cap files with John repper..
A few days ago I wondered if I shouldn't use a password manager.
I tried a couple and realized: "Wait, those passwords are actually much weaker than what I use".
This is a shame lol. I used a kind of short pass phrase with variation every time, a few numbers and special characters.
So I guess I will keep used my good old way till my head betrays me :D
Finally
A step by step video to john the ripper.....
Do you even know how long I've waited for this !!
Thanks David, you're the #1 of them all online. I have learned so incredibly much here during only 2 wks. You made me addicted to your Channel 😂
Thanks for sharing absolutely top-notch info🎉🎉🎉
Now this is exactly what someone learning this stuff wants to see! Perfect!👌🏻👌🏻👌🏻
Thank you David for making these videos for us nubies 🤓
David sir , next up please introduce us with what is rainbow tables , how to use em n all , was a good session tho , love this collaboration big shout out to ITPROTV ♥️ n Daniel Sir
Short answer. Rainbow tables are tables of 2 columns. What password produces what hash. That way you don't need to compute the hash, but just look for it.
I loved learning that grep command was in Kali. Best part for me.
I enjoyed meeting Daniel and everyone else at IT Pro TV some years back at their open house event...
you can check if your passwords have been breached at any time and where & when it happened, then you know if it needs to be changed.
email too.
33.04
David: Your banking password.
Me: on standby mode to used his teachings against him.
Dan: That’s not happening, my man.
I love that u are getting better content for us
I like this guy on IT pro
Thank you so much David. Learned a lot from you and Chuck.
Really happy to hear that!
oh! LOL I guess they shared the same thing I did, I didn't make it that far into the video untill now ha ha. Im surprised not a lot of people do.
Big yes for 8 hour video!
i just like watching this dude explain, he is soo fun
we want more like those videos 50min flies to fast
Hey I have a question, I did everything Daniel did and john no work? Any idea?
Interesting choice of the video title there, really hooks the viewers😂😂👍
Very informative video👍
Glad you liked it 😀
David you god them a good interviewer
love the intro
Welcome, I came after two years 0:30
we love you david ♥️♥️ your videos is very very useful
Thank you!
Hi, nice tut. But missed examples in John, like use custom rules with JTR...
David, if you made an online hacking lab, that would be amazing!!!
... gosh ... really informative and knowledgable - thanQ for sharing: what about (re. Password lists) Eastern / Asian / European hacker languages, esp. Chinese / Japanese script (Hirigana / Katana, etc.), Russian Cyrylic), Arabic, etc. Aren't we in the West vulnerable to those kind of hacks more .. given "they" speak western languages fluently or use our own lists "against us" ?
This was great. Thanks David.
Your videos are always interesting 😇😇
Thank you!
Sorry if this is a silly question but is there a reason why most of you clear the screen followed by enter enter enter enter before typing in the command? Is there a reason for this or is it just the cool thing to do? serious question here, not just trying to be funny or something
David Is cisco is linked up with any game company ?
My neighbor´s wifi password is : eeeeeeee ;
(no kidding really), it took wifite like 0.05 second to crack it, and I use a 2007 old Macbook.
Great video... Thanks. Could anyone please provide a link or a resource in which i can learn more about hashcat and john. Especially with examples.
I have a question, how would you go about informing/educating users to use passphrases instead of passwords? Is it naive to think it can be done? Thank you for great content
Basically just tell them the truth. It's very probably more secure. It's also much much easier to remember, which should be the #1 argument for users.
Was expecting complete tutorial of JTR. ., but yh its fine learned a life lesson.😄
Making a video on how to crack a hard password is actually what a lot of people want. Editing the video would keep the video from taking 8 hours long. I don't understand how that's unreasonable to be honest.
That’s a long one, but thanks David
Really good and useful…Keep going guys
This was needed 🎉🔥🥳
what if we don't know the parameters and length of the password; how can we perform a brute force attack
Great video David
a great pass maneger is keepass2 open scource loca db and you can use 3 lock at same time
So maybe keep a password book - you know - a paper book with your complex passwords. People can be so lazy. Case in point- I told my relatives to have complex passwords, like 14+ characters instead of 1234 - which they used for their bank account. Even after two of them had 40K stolen, they still don’t get it. People are just tech illiterate.
As usual great stuff👍
Hey Professor,
Question in your course from udemy CCNA, any ideas where I can get a switch from? Which one you can recommend that is not expensive but good to follow along in your course? Let me know when you get a chance.
Thank you Jose
Thank you Daniel.
David sir,I have a serious question please help. What should I do my phone and windows PC was hacked all my social media accounts were also hacked? can resetting and then changing all passwords remove hacker?....
After doing all that I have a tooooooo silly question does sim card data pack also get malwares??
Should I change sim card also??
E: Unable to locate package
I had put respiratory but it doesn't solve that problem.. Please give any idea of that
Thank you so much bro. Sending virtual hugs. Worked like a charm ;-)
Passphrases are very good to use 😄
Great information sir, I really love your content....
Sir full Tutorial brut fource attack and rainbow table
Today completed hashing room of thm
And here's david with the same thing.
Great! Hope you enjoy the video 😀
Fantastic video.
You are amazing, thank you for all you do
Thank you!
Sir plz make video on fluxion
Thanks for your information Sir 👍
Hello sir how to create strong password safe in hacker how many digit
Sir, in which year you launched ccna course in udemy
you are doing great sir.I am waiting for more videos from you sir
David I have tried the airmon check kill cmd at that time wifi adaptor get killed and it's not enable back is there any solution for that
You guys are the best . Thx .
My passwords are hacker horror; I seem to have a weak life security profile. Fine balance in protection from hacking and all out paranoia. I'm just now seeing my vulnerabilities and it's shocking.
Sir can we hack any wifi which is protected by a fireboll
Amazinggg videooo siirr!!
if only I wasnt dumb
ssh: yes
I'm not hacker,I'm gamer pal
If you have root access (read-write the shadow file), can't you just change the hashes to whatever you'd like?
Using default input encoding: UTF-8
Loaded 1 password hash (Raw-MD5 [MD5 256/256 AVX2 8x3])
No password hashes left to crack (see FAQ)
Error
Where re you from? 'Bombal' isnt a Polish surname?🤔
The best and easiest way to get password ethically is just ask them!
Hey David please make a video in metasploit because I my handler fails to bind with the ip.
hi my software activation key not found but it is correct becouse i have been used before in other pc, what can i do?
So the requirements to enter kinds of characters imposed upon us, help the hackers guess what we will enter - interesting!
Yes. If the hacker knows what characters are permitted that constraints a brute force attack.
I LOVE YOU DAVID
Informative as always ..👍🏻
Thank you!
I want to know the platform they are hacking is it a software a login a computer? How do you apply this to a Google account for example
Nice video David sir I need this thanks for providing content free!
Thanks david
1:18 may i know what is the tool that you using and how to install it to pc?
why i'm getting this error???? | Using default input encoding: UTF-8
No password hashes loaded (see FAQ)|
David sir really want the bank password 😁😂😂
Great video, but how do you get the hashes in the first place?
Watch the previous video linked in the video description. Daniel attacked a machine to get them.
@@davidbombal Thanks
Hello. But which password manager would you guys recommend?