WiFi Password Warning: Use good passwords otherwise they can be hacked in seconds using cloud GPUs. Create your own virtual machine on Linode with a 60-day $100 credit: davidbombal.wiki/linode Disclaimer: This video is for educational purposes only. I either have permission to use, or own all equipment used for this demonstration. No actual attack took place on any websites. Only use the tools demonstrated in this video on networks you have permission to attack. Use the tools ethically to improve network security. // Previous Videos // WPA/WPA2 vs hashcat and hcxdumptool: th-cam.com/video/Usw0IlGbkC4K/w-d-xo.htmlali 16 secs to break it! 70% of real world WiFi networks owned!: th-cam.com/video/ZTIB9Ki9VtYW/w-d-xo.htmliFi Wifi Adapters: th-cam.com/video/5MOsY3VNLK8/w-d-xo.html Old method using airmon-ng: th-cam.com/video/WfYxrLaqlN8/w-d-xo.html Old method using GPUs: th-cam.com/video/J8A8rKFZW-M/w-d-xo.html // Menu // 00:00 - Intro 01:12 - Don't use weak wifi passwords! // Quick wifi cracking demo 05:28 - Setting up for wifi hack // Setting up a Linode server 08:08 - Setting up for wifi hack // Installing Hashcat 09:05 - Setting up for wifi hack // Installing NVIDIA CUDA Toolkit 12:42 - Cracking wifi passwords using Hashcat 17:08 - How the Hashcat command works // Detailed explanation 21:08 - Cracking a range of wifi passwords 27:24 - "Mixed passwords are strong passwords" 27:57 - Cracking a range of wifi passwords (continued) 28:54 - Conclusion // David's Social // Discord: discord.gg/davidbombal Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal TH-cam Main Channel: th-cam.com/users/davidbombal TH-cam Tech Channel: th-cam.com/channels/ZTIRrENWr_rjVoA7BcUE_A.html TH-cam Clips Channel: th-cam.com/channels/bY5wGxQgIiAeMdNkW5wM6Q.html TH-cam Shorts Channel: th-cam.com/channels/EyCubIF0e8MYi1jkgVepKg.html Apple Podcast: davidbombal.wiki/applepodcast Spotify Podcast: open.spotify.com/show/3f6k6gERfuriI96efWWLQQ // MY STUFF // www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // Hashcat Steps // 1) Setup server in Linode GPU server 2) SSH to server: ssh root@192.168.1.1 3) Install Hashcat: $ sudo apt update $ sudo apt install hashcat $ hashcat -I 4) Install Cuda: (Docs: www.linode.com/docs/products/compute/gpu/guides/install-nvidia-cuda/ ) $ sudo apt update && sudo apt upgrade $ sudo apt install build-essential linux-headers-$(uname -r) 5) Install nvidia drivers (Docs: www.linode.com/docs/products/compute/gpu/guides/install-nvidia-cuda/ ) $ wget developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64/cuda-ubuntu2204.pin $ sudo mv cuda-ubuntu2204.pin /etc/apt/preferences.d/cuda-repository-pin-600 $ wget developer.download.nvidia.com/compute/cuda/12.0.0/local_installers/cuda-repo-ubuntu2204-12-0-local_12.0.0-525.60.13-1_amd64.deb $ sudo dpkg -i cuda-repo-ubuntu2204-12-0-local_12.0.0-525.60.13-1_amd64.deb $ sudo cp /var/cuda-repo-ubuntu2204-12-0-local/cuda-*-keyring.gpg /usr/share/keyrings/ $ sudo apt-get update $ sudo apt-get -y install cuda $ sudo shutdown -r now 6) Upload files to the server: sftp root@192.168.1.1 put 8-digit-wpa2.hc22000 7) Check GPUs available: hashcat -I 8) Run Hashcat: 8 digits: hashcat -m 22000 8-digit-wpa2.hc22000 -a 3 ?d?d?d?d?d?d?d?d -d 6,7,8,9 -w 4 10 alphanumeric: hashcat -m 22000 10-digit-letters-wpa.hc22000 --increment --increment-min 10 --increment-max 12 -1 ?d?l?u -a 3 ?1?1?1?1?1?1?1?1?1?1?1?1 -d 6,7,8,9 -w 4 ====================== Hashcat commands: ====================== -m 22000 means WPA-PBKDF2-PMKID+EAPOL -a 3 means Attack mode is brute force -d means Backend devices to use, separated with commas -1 means mask to use hashcat.net/wiki/doku.php?id=mask_attack Explanation of WPA/WPA2: hashcat.net/wiki/doku.php?id=cracking_wpawpa2 Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Hey i am your best fan from bangladesh. I love to watch your videos and i learn it. I have one request Please make video on mikrotik hack or isp mikrotik ddos attack.
Thank you David once again for a high quality video. While these short and easy passwords are good for making a point, it would be more interesting and useful to try a real world 14 character password, which is a NIST recommendation I assume, having digits, alphabets and special characters. It would be a more powerful point, since many consider such passwords "safe". Thanks again.
This is why using access control (if your router supports it) is important. With this feature, even if your wifi password is hacked, the hacker still needs to be allowed on the network to access it. Also if you use network segmentation to separate your wifi network from the rest, you can limit the damage the hacker can do to only that network if they do get access.
@@j_t_eklund I said access control to make it easier to understand but on my set up, I have a hardware firewall that quarantines all new connection to my network. I monitor my network closely and I don't just allow anything that connects to it just because it knows the password. I have a list of all the devices in my firewall that has access to my network. When you're on top of things, it's easier to manage. Ultimately, it comes down to the user. No protection can help you if you still allow an unknown connection to your network. Having common sense is the best protection most of the time.
@@eb3l86 mac spoofing was the first thing i thought, in my IT class towards my cyber sec major (not even an advanced class just an introductory one) covered the topic of mac spoofing to trick and exploit these exact implementations and setups that Xellaz has.
This enables phone hacking to a greater extent, by SCP'ing the captured files over to the cloud GPU VM, takes away processing limitations that a mobile phone may have in comparison. This is a fantastic demonstration of this.
Very true, although you would need some way to capture that handshake with a NIC on monitor mode, which most phones cannot do. Perhaps somehow installing an external NIC with monitor mode would allow a start to finish hack
I remember back in the day when i was exploring "aircrack-ng" and bruteforcing WPA handshakes.. Back than brutting a 10-12 digit password on a very high end CPU was estimating to take 5-10 years.. As i learned how brutefircing works and how to use wordlists i realized that soon there will be a way to crack a 10-16 mixed digit lowercase password within minutes. I am amazed of how correct my guess was.. Watching this video makes me wanna take my old Alpha WIFI antenna and see how secure my neighborhood is.. Very nice video i learned something new today, thank you!
Thanks! That's beautiful! You answered several questions about Hashcat, too. Maybe Hashcat's estimator is a little pessimistic. Cloud GPU's, now that's brilliant!
My RX570 can do 170 kilohashes per second. Your cloud GPU's can do about 4 megahashes per second. It would still take about 9 months to crack an 8 character mixed alphanumeric (lower and uppercase) password. Unless you get lucky. WPA2 is pretty secure if you put some effort into it. Correct me if I'm wrong.
Best youtube hacking channel in my opinion! So much to learn and David teaches us all it so well. I wish I was more on the ball to take the opportunity to learn from all the videos but I don't quite have the discipline to focus and one particular area at the moment as it is all so fascinating. Belated new years resolution maybe lol
Ok, but "10 digit password with assumption of first two digits" is no different than simply brute forcing 8 digit password. So adding "assumptions"' and emphasizing on password length is kind of misleading. You might as well say "We've cracked *TWENTY* digit password in minutes _assuming first 12 digits are ......"
David Love your work... Ps: We ( Singapore ) ain't the other part of the world ( haha) probably just a very very tiny dot and hard to find in this big world of ours... cheers and keep up the good work☺
Outstanding demonstration and explanation of something many find confusing and feel it's out of their reach. Not sure I've seen it but a video on passwords and how to choose them or create them both human, app and computer recommendation, Mac always suggests passwords to store in keychain file, are those easy to crack. Maybe ask users to suggest a password and show how easy it is to crack ? Thanks again for a great educational video
Hi David. First i want to thank you for your incredible great videos! For this video you maybe mention that Linode wants you to deposit $100 before you can access GPU instances. I tested google cloud gpu witch needs a credit card to aktivate gpu`s. Next i checked ovh cloud for a gpu instance. There you need to activate a quota, for this they want a photo of your id card. I don`t found any service where to "rent" a gpu instance quickly. Maybe you have some tipps for this?
Just a quick heads up everyone, quite ironically there is a fake David Bombal account going around trying to scam you. Please be careful! And Mr. Bombal, thanks again for another outstanding video :)
I appreciate the end with the reasonable note that mixed chars will be much harder to crack. Most routers ship with a default sudo random 8 char alphanumeric string. Yes, knowing that it's only 8 characters can limit your scope and time. But that's still a beefy dataset. Wpa2 has vulnerabilities, but for brute forcing... it's still plenty strong compared to wpa. Most likely you're going to do a man in the middle, or some evil twin attack. It's so much easier then trying to brute force your way in
What would you use this for good? Help me to understand your reasoning to teach thousands of young kids I'm assuming is your audience, why would you want to teach anyone this?
@@joycejoyner2002 You can test your own wifi, you can test a friends wifi with their permission. There is also a huge field of work where you get paid to test companies networks.
Hi sir , i respect you a lot plz create a paid course , in which everything is in systematic order and teach us more advanced thing which are illegal to teach on TH-cam . Luv from india. Like u understand what I am saying.
I didn't understand something: in the cloud, there are two types of pricing, monthly and hourly. In the end, what will I pay? The monthly price plus the amount of hours I use? Or if I only use it for one hour the whole month, do I just pay the hourly price? And what if I only use it for 20 minutes a month? I'm having trouble understanding the billing method for cloud services.
Hi! Thank you for your video. Linode is Great. I have it a lot of years. Only 1 question; your "method" work only for "simple" numeric pasword or for all? Thnx
Mrs Richards: "I paid for a room with a view !" Basil: (pointing to the lovely view) "That is Torquay, Madam ." Mrs Richards: "It's not good enough!" Basil: "May I ask what you were expecting to see out of a Torquay hotel bedroom window? Sydney Opera House, perhaps? the Hanging Gardens of Babylon? Herds of wildebeest sweeping majestically past?..." Mrs Richards: "Don't be silly! I expect to be able to see the sea!" Basil: "You can see the sea, it's over there between the land and the sky." Mrs Richards: "I'm not satisfied. But I shall stay. But I expect a reduction." Basil: "Why?! Because Krakatoa's not erupting at the moment?"
I'm not concerned with passwords where someone knows it's likely certain characters are placed. My greater concern is how cloud computing is rapidly reducing how even totally random passwords are becoming vulnerable. Using numbers, lower and uppercase alphabet characters, with a password that is shorter than 10 digits is now within a reasonable time for cracking when using cloud services.
Your video is very interesting, I have registered in Linode with your code but the hashcat issue is a bit complicated and I don't want to enter a wrong command. Could you tell me the command to write in hashcat to decrypt an 8-character password made up of numbers and uppercase and lowercase letters? That would help me a lot... Thank you very much in advance.
Sir, I have a question that is if we want to use internal wifi card in kali linux we have to dual boot kali linux using usb drive, but there is a method that we can dual boot kali linux without using any usb drive,cd or dvd, we can flash into our system ssd by doing partition, so after dual booting kali linux without usb drive can we still able to use internal wifi card/chip if it support monitoring and packet injection mod?
i got that to work. testing on my home wifi it would take more than 10 years to go thru all possible combinations. i see i have 2 tplink neighbours thou... :>
Does this Lenode server has already installed Ubuntu that you just kinda run? if it does, why they don't preinstall all that you need like CUDA support, like, that's the reason you would use Lenode in the first place? Otherwise you waste time on doing it yourself.
When you have cracked the password and login to that computer, my question is, can they not see you and ban your ip. I mean with some wifi´s do you get some software so you can see who is logged in to your wifi
So as long as you use solid passwords, no one with a copy of haschat and wifi attenna will be able to break in too easily. I wonder if quantum computing rigs for brute force attacks would shorten the 7000 years, to minutes?
Hey David, very random question I'm wanting to start hacking as a serious career, my objective is to create exploits. I understand that there are various exploits for specific devices/networks. I am curious though what is the majority of high level exploits being written in, such as Israel spyware pegasus, or maybe their zero click imessage exploit, or the Olympic Destroyer just to mention a couple. I'm hesitant to learn python due to this as I want to reach the pinnacle in example c# if the majority of high level exploits are written in that as I'm guessing they aren't written in python. I don't want to bounce from one language to another I want to master one that captures the most advance exploits. Hope to hear from you david, thanks for your work.
Seems Linode have put a stop to using the credit for GPU-based machines: To get access to a GPU Linode, which is in extremely limited supply, we request that you complete the following: 1. Place a $100 deposit onto your account. This credit will be automatically applied to future invoices. 2. Provide a detailed description of your use case, including links to any website or social-media presence that provides further information about your project/work. 3. Identify how many GPUs you wish to deploy at a given time. Please note that any promotional credit on your account does not count towards this deposit.
what about if the password is 14 digit with number up and lower case and symbol , from your experience if use 4 GPU like this environment . how long it approximately can crack ? or if it is possible to get in within a year ?
Couldn’t Wi-Fi router co’s easily fix this by offering 2 factor security? I.e., if someone wants to log into the network they must have correct password then owner of network receives a 6 digit code that the requester must input? Why wouldn’t router companies go this route?
please can you make another simple video without this Linode, you made me confused everything. And you're so fast that we can't even see the commands that you're using
See how long it takes to guess the password if the SSID salt is not broadcasted. Better yet, see how long it takes to crack a Radius server's password that changes every 24 hours. Even these tools are very limited. I still see some old school WEP routers once in a while. LOL.
WiFi Password Warning: Use good passwords otherwise they can be hacked in seconds using cloud GPUs.
Create your own virtual machine on Linode with a 60-day $100 credit: davidbombal.wiki/linode
Disclaimer: This video is for educational purposes only. I either have permission to use, or own all equipment used for this demonstration. No actual attack took place on any websites. Only use the tools demonstrated in this video on networks you have permission to attack. Use the tools ethically to improve network security.
// Previous Videos //
WPA/WPA2 vs hashcat and hcxdumptool: th-cam.com/video/Usw0IlGbkC4K/w-d-xo.htmlali
16 secs to break it! 70% of real world WiFi networks owned!: th-cam.com/video/ZTIB9Ki9VtYW/w-d-xo.htmliFi
Wifi Adapters: th-cam.com/video/5MOsY3VNLK8/w-d-xo.html
Old method using airmon-ng: th-cam.com/video/WfYxrLaqlN8/w-d-xo.html
Old method using GPUs: th-cam.com/video/J8A8rKFZW-M/w-d-xo.html
// Menu //
00:00 - Intro
01:12 - Don't use weak wifi passwords! // Quick wifi cracking demo
05:28 - Setting up for wifi hack // Setting up a Linode server
08:08 - Setting up for wifi hack // Installing Hashcat
09:05 - Setting up for wifi hack // Installing NVIDIA CUDA Toolkit
12:42 - Cracking wifi passwords using Hashcat
17:08 - How the Hashcat command works // Detailed explanation
21:08 - Cracking a range of wifi passwords
27:24 - "Mixed passwords are strong passwords"
27:57 - Cracking a range of wifi passwords (continued)
28:54 - Conclusion
// David's Social //
Discord: discord.gg/davidbombal
Twitter: twitter.com/davidbombal
Instagram: instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
TH-cam Main Channel: th-cam.com/users/davidbombal
TH-cam Tech Channel: th-cam.com/channels/ZTIRrENWr_rjVoA7BcUE_A.html
TH-cam Clips Channel: th-cam.com/channels/bY5wGxQgIiAeMdNkW5wM6Q.html
TH-cam Shorts Channel: th-cam.com/channels/EyCubIF0e8MYi1jkgVepKg.html
Apple Podcast: davidbombal.wiki/applepodcast
Spotify Podcast: open.spotify.com/show/3f6k6gERfuriI96efWWLQQ
// MY STUFF //
www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
// Hashcat Steps //
1) Setup server in Linode GPU server
2) SSH to server: ssh root@192.168.1.1
3) Install Hashcat:
$ sudo apt update
$ sudo apt install hashcat
$ hashcat -I
4) Install Cuda: (Docs: www.linode.com/docs/products/compute/gpu/guides/install-nvidia-cuda/ )
$ sudo apt update && sudo apt upgrade
$ sudo apt install build-essential linux-headers-$(uname -r)
5) Install nvidia drivers (Docs: www.linode.com/docs/products/compute/gpu/guides/install-nvidia-cuda/ )
$ wget developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64/cuda-ubuntu2204.pin
$ sudo mv cuda-ubuntu2204.pin /etc/apt/preferences.d/cuda-repository-pin-600
$ wget developer.download.nvidia.com/compute/cuda/12.0.0/local_installers/cuda-repo-ubuntu2204-12-0-local_12.0.0-525.60.13-1_amd64.deb
$ sudo dpkg -i cuda-repo-ubuntu2204-12-0-local_12.0.0-525.60.13-1_amd64.deb
$ sudo cp /var/cuda-repo-ubuntu2204-12-0-local/cuda-*-keyring.gpg /usr/share/keyrings/
$ sudo apt-get update
$ sudo apt-get -y install cuda
$ sudo shutdown -r now
6) Upload files to the server:
sftp root@192.168.1.1
put 8-digit-wpa2.hc22000
7) Check GPUs available:
hashcat -I
8) Run Hashcat:
8 digits:
hashcat -m 22000 8-digit-wpa2.hc22000 -a 3 ?d?d?d?d?d?d?d?d -d 6,7,8,9 -w 4
10 alphanumeric:
hashcat -m 22000 10-digit-letters-wpa.hc22000 --increment --increment-min 10 --increment-max 12 -1 ?d?l?u -a 3 ?1?1?1?1?1?1?1?1?1?1?1?1 -d 6,7,8,9 -w 4
======================
Hashcat commands:
======================
-m 22000 means WPA-PBKDF2-PMKID+EAPOL
-a 3 means Attack mode is brute force
-d means Backend devices to use, separated with commas
-1 means mask to use hashcat.net/wiki/doku.php?id=mask_attack
Explanation of WPA/WPA2: hashcat.net/wiki/doku.php?id=cracking_wpawpa2
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
😎
Wasn’t this video already uploaded in the past?
@@teoandrei3677 No. This is a new video. I've previously used local PCs and GPUs, but not shown how to do this using Cloud GPUs.
David, combining terraform can be a great addition.
Hey i am your best fan from bangladesh. I love to watch your videos and i learn it. I have one request Please make video on mikrotik hack or isp mikrotik ddos attack.
I am so glad that I can do 2 things at the same time watching your videos, learning English and security. Thank you so much for your lessons!
You're welcome Alexander! Make sure you use your new powers for good.
Amazing perspective 🏌♂️🌌
Super interesting video! I miss this style of content from you. I like the interviews too but you're a great instructor too
Thank you! I appreciate that :)
Thank you David once again for a high quality video. While these short and easy passwords are good for making a point, it would be more interesting and useful to try a real world 14 character password, which is a NIST recommendation I assume, having digits, alphabets and special characters. It would be a more powerful point, since many consider such passwords "safe". Thanks again.
This is why using access control (if your router supports it) is important. With this feature, even if your wifi password is hacked, the hacker still needs to be allowed on the network to access it. Also if you use network segmentation to separate your wifi network from the rest, you can limit the damage the hacker can do to only that network if they do get access.
@@j_t_eklund I said access control to make it easier to understand but on my set up, I have a hardware firewall that quarantines all new connection to my network. I monitor my network closely and I don't just allow anything that connects to it just because it knows the password. I have a list of all the devices in my firewall that has access to my network. When you're on top of things, it's easier to manage. Ultimately, it comes down to the user. No protection can help you if you still allow an unknown connection to your network. Having common sense is the best protection most of the time.
@@xellaz ever heard of spoofing mac address? lol
@@eb3l86 now he is never replying hehehe
acces control can and thus will be spoofed
@@eb3l86 mac spoofing was the first thing i thought, in my IT class towards my cyber sec major (not even an advanced class just an introductory one) covered the topic of mac spoofing to trick and exploit these exact implementations and setups that Xellaz has.
This enables phone hacking to a greater extent, by SCP'ing the captured files over to the cloud GPU VM, takes away processing limitations that a mobile phone may have in comparison.
This is a fantastic demonstration of this.
Very true, although you would need some way to capture that handshake with a NIC on monitor mode, which most phones cannot do. Perhaps somehow installing an external NIC with monitor mode would allow a start to finish hack
@@theoneandonly6741 You can get Alfa adapters with a USB C connection to your phone, I'm sure David has shown this before! 😊
Thank you David for this Awesome Video again ! Love it!
Glad you enjoyed it
Thanks David for the showing us the way, not to keep passwords simple anymore. Great demo.
Thank you Rakesh. Long, complicated passwords are much safter.
I remember back in the day when i was exploring "aircrack-ng" and bruteforcing WPA handshakes.. Back than brutting a 10-12 digit password on a very high end CPU was estimating to take 5-10 years.. As i learned how brutefircing works and how to use wordlists i realized that soon there will be a way to crack a 10-16 mixed digit lowercase password within minutes. I am amazed of how correct my guess was.. Watching this video makes me wanna take my old Alpha WIFI antenna and see how secure my neighborhood is.. Very nice video i learned something new today, thank you!
Thanks! That's beautiful! You answered several questions about Hashcat, too. Maybe Hashcat's estimator is a little pessimistic. Cloud GPU's, now that's brilliant!
My RX570 can do 170 kilohashes per second. Your cloud GPU's can do about 4 megahashes per second. It would still take about 9 months to crack an 8 character mixed alphanumeric (lower and uppercase) password. Unless you get lucky. WPA2 is pretty secure if you put some effort into it. Correct me if I'm wrong.
Excellent video, instructions, and tuition David. Many thanks. 👍
Thank you John. Glad you enjoyed the video.
Thanks!
Thank you so much!
Best youtube hacking channel in my opinion! So much to learn and David teaches us all it so well. I wish I was more on the ball to take the opportunity to learn from all the videos but I don't quite have the discipline to focus and one particular area at the moment as it is all so fascinating. Belated new years resolution maybe lol
Thank you very much David!
Ok, but "10 digit password with assumption of first two digits" is no different than simply brute forcing 8 digit password.
So adding "assumptions"' and emphasizing on password length is kind of misleading. You might as well say "We've cracked *TWENTY* digit password in minutes _assuming first 12 digits are ......"
It isn't misleading... he says this is for getting people who use telephone numbers as their password. He is very clear.
على هاد الهدرة لي قلتي والله تا شتاركة عندك وغادي ديما نحظر فيديوهات ديالك حنا بغينا الحقيقة والتواضع مشي الكدوب ❤
Break WiFi networks using Cloud GPUs in seconds . but video lenght is 28:48. Just Awesome tutorial😅😅
David Love your work... Ps: We ( Singapore ) ain't the other part of the world ( haha) probably just a very very tiny dot and hard to find in this big world of ours... cheers and keep up the good work☺
Outstanding demonstration and explanation of something many find confusing and feel it's out of their reach.
Not sure I've seen it but a video on passwords and how to choose them or create them both human, app and computer recommendation, Mac always suggests passwords to store in keychain file, are those easy to crack.
Maybe ask users to suggest a password and show how easy it is to crack ?
Thanks again for a great educational video
Thank you Aaron! I appreciate that! Great suggestion.
I use an MD5 hash generator and go to crackstation and see if my password is on there list.
Thanks David for this amazing video once again!!
Thank you Fabio!
I watch your every video love from Pakistan 💚
Cool video. Isn't cracking a 10 digit password that starts with 02 the aame as cracking an 8 digit password? 🤔
I am learning a lot from your videos! 😍
Wow well presented. Learned a lot will definitely give this a try.
Thank you Brandon!
bro did you try this and Able to crack the password??
Not in vain saying that CCIE is equal to Phd, you are really badass geek Dave 🙏🏻👍
Thanks a lot …
Thank you Beyrak!
Great video David! And actually it shows that still 10-character password with all mixed characters is actually strong enough, right?
Stay safe and do the following:
-set strong complex router password
-set strong complex wifi password
-disable router remote management
-disable ssh
-block all incoming ports
-only allow reserved devices
Hi David. First i want to thank you for your incredible great videos!
For this video you maybe mention that Linode wants you to deposit $100 before you can access GPU instances.
I tested google cloud gpu witch needs a credit card to aktivate gpu`s.
Next i checked ovh cloud for a gpu instance. There you need to activate a quota, for this they want a photo of your id card.
I don`t found any service where to "rent" a gpu instance quickly. Maybe you have some tipps for this?
Running into the same issue. Any luck?
@@TheBenJiles Yes i rented 8x RTX A6000 prepaid for an hour at leadergpu. A little more expensive but still okay.
@@dakeeperbhv thanks man. I’ll check it out
you have some of the best vids out there!!!
Just a quick heads up everyone, quite ironically there is a fake David Bombal account going around trying to scam you.
Please be careful!
And Mr. Bombal, thanks again for another outstanding video :)
Outstanding video !👍
Great video David, thanks.
Great tutorial David!
Glad you liked it!
thank you david it was a video that everyone can understand you are great
Nice Video ❤️🤙🏼
Thank you very much!
@@davidbombal How to earn Google play credits ? (free)
thank you for educating us sir.
Valeu!
David, do you sell test questions and answers for exercise and preparing for CCNA exam? If yes, where can we buy?
I appreciate the end with the reasonable note that mixed chars will be much harder to crack.
Most routers ship with a default sudo random 8 char alphanumeric string.
Yes, knowing that it's only 8 characters can limit your scope and time. But that's still a beefy dataset.
Wpa2 has vulnerabilities, but for brute forcing... it's still plenty strong compared to wpa.
Most likely you're going to do a man in the middle, or some evil twin attack. It's so much easier then trying to brute force your way in
how would you do man in the middle to bypass the PSK/password ?
great video. like to ask why only use 4 GPUs? will using more GPUs(if possible) speed things up? thanks.
i am a software engineering student . i am a mad fan of you
2:23 There was no Israel before, they invaded Palestine...
Another great video David
Jumping to this vid from the notifications, lets goooo😍
This is the video I been dreaming about
Only do this for good. Make sure you secure your networks with good passwords. Not terrible passwords like I showed in this video.
i already bult the capture part from hes article on ubuntu- it works!!!
Your dreams are weird.
What would you use this for good? Help me to understand your reasoning to teach thousands of young kids I'm assuming is your audience, why would you want to teach anyone this?
@@joycejoyner2002 You can test your own wifi, you can test a friends wifi with their permission. There is also a huge field of work where you get paid to test companies networks.
Mind blowing 🤯 David sir
Thank you Vardhan. It's a massive warning! Use good passwords.
Hi sir , i respect you a lot plz create a paid course , in which everything is in systematic order and teach us more advanced thing which are illegal to teach on TH-cam . Luv from india. Like u understand what I am saying.
Thanks David!
You're welcome. Make sure you use good passwords.
thank you for the video, it's great. Can it be done using just kalilinux?
I will use this video for *"Scientific"* purposes
i never get to crack any wifi before even watching your previous video. Gave up doing it.
I didn't understand something: in the cloud, there are two types of pricing, monthly and hourly. In the end, what will I pay? The monthly price plus the amount of hours I use? Or if I only use it for one hour the whole month, do I just pay the hourly price? And what if I only use it for 20 minutes a month? I'm having trouble understanding the billing method for cloud services.
hi !
I really learn somthing from this .
Glad you are learning. Don't use bad passwords!
@@davidbombal yessir
Hi! Thank you for your video. Linode is Great. I have it a lot of years. Only 1 question; your "method" work only for "simple" numeric pasword or for all? Thnx
You look like G-Man from Half Life
David you're such a swell guy. I don't care what anyone says. : )
Linode is cancelling almost any new register on his platform.
Is there a similar cloudservice to use, as alternative to Linode?
Thanks for sharing this informative video.
Mrs Richards: "I paid for a room with a view !"
Basil: (pointing to the lovely view) "That is Torquay, Madam ."
Mrs Richards: "It's not good enough!"
Basil: "May I ask what you were expecting to see out of a Torquay hotel bedroom window? Sydney Opera House, perhaps? the Hanging Gardens of Babylon? Herds of wildebeest sweeping majestically past?..."
Mrs Richards: "Don't be silly! I expect to be able to see the sea!"
Basil: "You can see the sea, it's over there between the land and the sky."
Mrs Richards: "I'm not satisfied. But I shall stay. But I expect a reduction."
Basil: "Why?! Because Krakatoa's not erupting at the moment?"
I'm not concerned with passwords where someone knows it's likely certain characters are placed. My greater concern is how cloud computing is rapidly reducing how even totally random passwords are becoming vulnerable. Using numbers, lower and uppercase alphabet characters, with a password that is shorter than 10 digits is now within a reasonable time for cracking when using cloud services.
i am getting this message "Additional verification is required to add this service. Please open a Support ticket." cant create linode
Do they charge you when it's processing the GPU or as soon as you start the server?
And thanks again David👍
I'm really struggling to comprehend the power a machine with 4 x RTX6000 would have. That's insane
The only downside with Linode being they limit who can actually deploy a GPU plan nowadays, like most other providers.
Your video is very interesting, I have registered in Linode with your code but the hashcat issue is a bit complicated and I don't want to enter a wrong command.
Could you tell me the command to write in hashcat to decrypt an 8-character password made up of numbers and uppercase and lowercase letters?
That would help me a lot...
Thank you very much in advance.
How can I know how many signs are in the password if I don't know the password?
My thought exactly!
Sir, I have a question that is if we want to use internal wifi card in kali linux we have to dual boot kali linux using usb drive, but there is a method that we can dual boot kali linux without using any usb drive,cd or dvd, we can flash into our system ssd by doing partition, so after dual booting kali linux without usb drive can we still able to use internal wifi card/chip if it support monitoring and packet injection mod?
i got that to work. testing on my home wifi it would take more than 10 years to go thru all possible combinations. i see i have 2 tplink neighbours thou... :>
Been doing this for years and years now, saves so much time
Does this Lenode server has already installed Ubuntu that you just kinda run? if it does, why they don't preinstall all that you need like CUDA support, like, that's the reason you would use Lenode in the first place? Otherwise you waste time on doing it yourself.
When you have cracked the password and login to that computer, my question is, can they not see you and ban your ip. I mean with some wifi´s do you get some software so you can see who is logged in to your wifi
linode needs additional verification to start ? Anyone else have this issue ?
So as long as you use solid passwords, no one with a copy of haschat and wifi attenna will be able to break in too easily. I wonder if quantum computing rigs for brute force attacks would shorten the 7000 years, to minutes?
Sweet new video!
Hope you enjoy the video :)
👀👀👀
Yeah I love when people say this what you said but it's a 30 minute video it's not a second it's a 30 minute video
Hey David, very random question I'm wanting to start hacking as a serious career, my objective is to create exploits. I understand that there are various exploits for specific devices/networks. I am curious though what is the majority of high level exploits being written in, such as Israel spyware pegasus, or maybe their zero click imessage exploit, or the Olympic Destroyer just to mention a couple. I'm hesitant to learn python due to this as I want to reach the pinnacle in example c# if the majority of high level exploits are written in that as I'm guessing they aren't written in python. I don't want to bounce from one language to another I want to master one that captures the most advance exploits. Hope to hear from you david, thanks for your work.
Sir what happens if I change all digits of my device's permanent mac address rather than only 6 digit or it's not possible???
We have so much power nowardays...few years ago this wasnt possible...you can use your own gpu to do it now.
What program are you running for this on your computer
Using a high-end GPU to crack a Wi-Fi password (ex. for free internet) is like using a diamond-encrusted hammer to crack open a walnut
Seems Linode have put a stop to using the credit for GPU-based machines:
To get access to a GPU Linode, which is in extremely limited supply, we request that you complete the following:
1. Place a $100 deposit onto your account. This credit will be automatically applied to future invoices.
2. Provide a detailed description of your use case, including links to any website or social-media presence that provides further information about your project/work.
3. Identify how many GPUs you wish to deploy at a given time.
Please note that any promotional credit on your account does not count towards this deposit.
using quantum computers for brute force 💀
128x4 = 512 gb Quadro ! And after password cracking is awesome.
7000 years? For my gpu it will take 15 years. And if without capital letters it (in most cases there is no capital letters) will take only 75 days.
lol
@@sirnad7813 yes but we don't talk about any special characters
Looks like I'll have to try and test my own wifi password now!
what about if the password is 14 digit with number up and lower case and symbol , from your experience if use 4 GPU like this environment . how long it approximately can crack ? or if it is possible to get in within a year ?
we used to use rainbow tables for this.
insane mode :))
What about WPA3 ?
Couldn’t Wi-Fi router co’s easily fix this by offering 2 factor security? I.e., if someone wants to log into the network they must have correct password then owner of network receives a 6 digit code that the requester must input? Why wouldn’t router companies go this route?
Couldn't sign up for linode
I've never seen you work so fast! lol
How much does a pentester cost for personal home security testing?
I am not watching the video but i have a question according to thumbnail if we can hack wifi in seconds then why your video is 20+ ?
Can you use linode for 1-2 hours to avoid paying for a whole month?
Awesome Video, Thanks..
So if I have to crack a 16-alphanumeric password, it would be impossible also with a super computer ?
Thank you
I don't even use a pass word. My email is available to anyone who wants to use it , all WiFi should be like that
please can you make another simple video without this Linode, you made me confused everything. And you're so fast that we can't even see the commands that you're using
how do you mix uppercase,lowercase,digits and specials? how can we specify which to use
😭 GPU's into nightmare mode?
See how long it takes to guess the password if the SSID salt is not broadcasted. Better yet, see how long it takes to crack a Radius server's password that changes every 24 hours. Even these tools are very limited. I still see some old school WEP routers once in a while. LOL.