1
00:00:00,120 --> 00:00:02,460
Hello everybody and welcome back.

2
00:00:02,460 --> 00:00:09,930
And right now we saw how to unzip our vote list that we will use which is rock you that the extreme

3
00:00:10,080 --> 00:00:17,820
need comes pre installed in clinics and we also right now want to actually run our own attack.

4
00:00:17,820 --> 00:00:21,130
We saw the four way handshake in the wash dot cap file.

5
00:00:21,150 --> 00:00:26,280
We also saw the authentication frames in the wall show that kept file and all we need to do right now

6
00:00:26,310 --> 00:00:27,730
is run our attacks.

7
00:00:27,750 --> 00:00:35,590
So let me just change my directory to the directory where I have my file which is this one handshake.

8
00:00:35,820 --> 00:00:39,490
So see the handshake.

9
00:00:39,510 --> 00:00:41,900
We can see it is right here.

10
00:00:42,180 --> 00:00:48,390
Basically if you find this a weird name you can just rename it to anything you want as long as it has

11
00:00:48,390 --> 00:00:51,660
these dot kept file dot cap extension.

12
00:00:51,840 --> 00:00:57,120
And once we do that now we want to run our comment which is air crack.

13
00:00:57,300 --> 00:01:01,180
So just type your aircraft minus and G.

14
00:01:01,650 --> 00:01:08,030
The next thing you want to specify is minus W. and these minus W stands for board list.

15
00:01:08,040 --> 00:01:11,810
And now if you want to specify the name of the wanted list.

16
00:01:12,090 --> 00:01:14,860
Now if you just type your rock you look sexy.

17
00:01:14,880 --> 00:01:22,230
It will not work since the board list is not in our own directory as we can see we only have this file.

18
00:01:22,290 --> 00:01:30,810
So let me just locate it once again rocked you and we can see that it is in this directory right here.

19
00:01:31,050 --> 00:01:34,080
Now I'm not really sure why it says that it is still

20
00:01:37,380 --> 00:01:42,340
unzipped and we can see it is what it is.

21
00:01:42,360 --> 00:01:43,470
It is actually unzipped.

22
00:01:43,470 --> 00:01:47,440
So we go back to the rectory and we start the command.

23
00:01:47,440 --> 00:01:54,690
So minus W and then we specify the path which is user share what lists and then the name of the bird

24
00:01:54,690 --> 00:01:59,030
list which is Rocky you got the exit now.

25
00:01:59,160 --> 00:02:05,520
Now to specify the path to the word that we will use all we need to do after this is specify the name

26
00:02:05,550 --> 00:02:07,920
of the file which is in our case

27
00:02:10,820 --> 00:02:17,610
in our case it is scan minus 0 1 Not really sure why it wanted.

28
00:02:17,830 --> 00:02:18,970
Let me just see.

29
00:02:19,180 --> 00:02:22,990
No networks found exiting.

30
00:02:22,990 --> 00:02:30,390
What you mean with no networks found that traditional riders say this.

31
00:02:30,400 --> 00:02:31,340
What does it mean.

32
00:02:31,370 --> 00:02:39,520
No networks phone No such file or directory of course we are not in our current directory so change

33
00:02:39,520 --> 00:02:42,150
or directory to handshake and let us try once again.

34
00:02:42,160 --> 00:02:45,610
Not really sure how I didn't notice this before.

35
00:02:45,640 --> 00:02:51,440
So let me just clear the screen so it is a little bit prettier so aircraft minus and G minus W. than

36
00:02:51,490 --> 00:02:52,870
the path to the wanted list

37
00:02:57,140 --> 00:02:59,050
which is Rock You The.

38
00:02:59,180 --> 00:03:04,320
And now we specify the name of our file and this is the whole comment.

39
00:03:04,460 --> 00:03:11,480
Once you write and once you typed all of this we press here enter and we can see it started the process

40
00:03:11,570 --> 00:03:18,650
of actually attacking our or brute forcing our six point password.

41
00:03:18,680 --> 00:03:21,010
Now a few things we can see here.

42
00:03:21,020 --> 00:03:25,250
One of them is the transient key master key people H Mack.

43
00:03:25,460 --> 00:03:32,060
Uh the current first passphrase is basically the current passphrase that it is going through the list

44
00:03:32,060 --> 00:03:40,160
that we specified the time left is basically the approximate time left for this to finish the.

45
00:03:40,310 --> 00:03:46,880
Here we can see how many password it already tested from the from all of the passwords which is actually

46
00:03:46,880 --> 00:03:48,260
nine point eight million.

47
00:03:48,260 --> 00:03:50,520
I thought it was around 40 million.

48
00:03:50,570 --> 00:03:52,400
Well I guess I was wrong.

49
00:03:52,640 --> 00:03:59,140
And this right here stands for keys per second which basically stands for only passwords per second.

50
00:03:59,330 --> 00:04:05,210
And the Kleenex machine that I have right here since it is a virtual machine and since it is really

51
00:04:05,210 --> 00:04:17,330
slow only has three hundred and forty or fifty passwords per second which is uh which you will probably

52
00:04:17,330 --> 00:04:23,970
if you run this on any other Linux distribution or any other Linux machine will be a lot faster.

53
00:04:24,050 --> 00:04:32,480
For example this same attack right here on my laptop is uh can go up to four thousand and three hundred

54
00:04:32,480 --> 00:04:41,000
keys per second which will finish this attack in around 30 minutes and not eight hours and 18 minutes.

55
00:04:41,000 --> 00:04:46,880
So it basically all depends of the amount of power that you gave to your little machine.

56
00:04:46,880 --> 00:04:54,200
Since they only gave it one core and my one can't really expect it to be that fast.

57
00:04:54,220 --> 00:04:58,980
So we won't really be waiting for this to finish.

58
00:04:59,090 --> 00:05:03,100
Especially when I know that there really isn't my password in here.

59
00:05:03,230 --> 00:05:09,650
So right now I would put my password somewhere towards the end or not towards the end towards the beginning

60
00:05:09,680 --> 00:05:13,400
and we will see how it looks like when it finds the password.

61
00:05:13,400 --> 00:05:18,020
So let me just control say this and it will quit aircraft.

62
00:05:18,020 --> 00:05:25,180
And now what I want to do is basically in order to show you I will go to my bird lists and I will never

63
00:05:25,180 --> 00:05:32,750
know we're off to the GST which can take some time since it is reading 10 million passwords and it basically

64
00:05:32,750 --> 00:05:35,060
takes time to open that much of text

65
00:05:37,860 --> 00:05:39,710
and then I will add some more.

66
00:05:39,950 --> 00:05:44,550
And then basically I will add in this password lists my own password for the router

67
00:05:48,480 --> 00:05:51,300
so let's wait for this to open.

68
00:05:51,690 --> 00:05:54,480
Shouldn't take too long actually.

69
00:05:54,950 --> 00:05:59,230
Or basically it might actually take too long since this is a virtual machine.

70
00:05:59,310 --> 00:06:05,940
Hopefully on the crash and we can see right here that actually says reading 14 million lines not really

71
00:06:05,940 --> 00:06:10,980
sure why aircraft said that there are nine million passwords when it says right here that there are

72
00:06:10,980 --> 00:06:15,660
40 million passwords since each line is basically one password.

73
00:06:15,660 --> 00:06:18,940
Now what we want to do.

74
00:06:18,990 --> 00:06:28,320
Let me just go right here it is currently a little bit laggy since of course it is still loading the

75
00:06:28,340 --> 00:06:29,100
passwords.

76
00:06:30,290 --> 00:06:33,170
So basically just go a little bit slower

77
00:06:35,840 --> 00:06:39,260
and let us put our password here.

78
00:06:39,440 --> 00:06:41,490
After the Phi Phi Phi Phi.

79
00:06:41,670 --> 00:06:47,320
Now the password is this one for the 40.

80
00:06:47,360 --> 00:06:49,260
My wireless access point.

81
00:06:49,490 --> 00:06:56,030
Let me just wait for it to actually load since it is currently laggy since it is loading a bunch of

82
00:06:56,030 --> 00:07:01,640
these text passwords straight type something.

83
00:07:02,580 --> 00:07:04,270
It won't work.

84
00:07:04,350 --> 00:07:09,130
Let me just wait a little bit before I continue.

85
00:07:09,150 --> 00:07:10,840
Let me just close it once again.

86
00:07:11,550 --> 00:07:15,060
Well basically now we can see that it actually bugged out so

87
00:07:18,230 --> 00:07:20,920
I'm not really sure why.

88
00:07:20,920 --> 00:07:26,700
Actually I am sure why it is a little machine basically crashed while trying to load this.

89
00:07:26,710 --> 00:07:33,850
So what we will do is basically we will use a smaller bowl at list or wait let me just narrow it once

90
00:07:33,850 --> 00:07:34,270
again

91
00:07:38,010 --> 00:07:42,330
and I will put it somewhere at the beginning like fifth password so I no need to scroll down.

92
00:07:42,330 --> 00:07:48,820
Maybe it won't look like that and I will put my own password and you will see that it will find with

93
00:07:48,850 --> 00:07:55,090
air crack the password for the farthest wireless network access point.

94
00:07:55,110 --> 00:07:55,490
No.

95
00:07:55,600 --> 00:08:01,680
Basically in just a few seconds or not a few seconds it will actually find it in less than a second

96
00:08:01,680 --> 00:08:09,300
since I will put it right at the beginning but it is once again reading this file so let us wait for

97
00:08:09,300 --> 00:08:11,640
this to once again finish

98
00:08:14,760 --> 00:08:19,100
and in the next tutorials I will use a small passports password list.

99
00:08:19,110 --> 00:08:22,810
So we do not have to wait this much for this to load.

100
00:08:22,820 --> 00:08:31,290
Uh but just should give it the time as it is really loading these 14 million passwords which is a lot

101
00:08:32,780 --> 00:08:41,120
it actually might sound a lot but you will see that it really isn't that much especially if you're not

102
00:08:41,120 --> 00:08:44,020
running this on a virtual machine for example.

103
00:08:44,030 --> 00:08:53,530
As I said the the speed of the cracking process on my laptop is 4300 passwords per second.

104
00:08:53,780 --> 00:08:58,970
And that is the lowest basically of all of the attacks that we will do.

105
00:08:58,970 --> 00:09:02,290
That is the lowest rate since with my GP you.

106
00:09:02,330 --> 00:09:09,650
It goes up to for you up to one hundred and twenty thousand passwords per second and will perform the

107
00:09:09,650 --> 00:09:14,440
Jeep you attack as well with hash get I will show you that as well after this.

108
00:09:14,450 --> 00:09:23,670
Uh and we can also try to do a rainbow table attack which basically will make your will make basically

109
00:09:23,670 --> 00:09:26,040
a rainbow table from your past for best.

110
00:09:26,040 --> 00:09:33,470
And it will make the process of attacking it with both air crack and both hash get a lot lot faster.

111
00:09:35,320 --> 00:09:37,450
Now this once again bugged out.

112
00:09:37,450 --> 00:09:41,710
So let me just control C or control X

113
00:09:46,210 --> 00:09:53,560
and I will create or not create will find a smaller password list since there is really no point to

114
00:09:54,220 --> 00:09:56,800
opening this file on virtual machine

115
00:09:59,510 --> 00:10:05,970
I thought it would work since on my laptop it opens it in just a few seconds and without problem.

116
00:10:05,990 --> 00:10:12,020
But then I realized that this is a lot slower than my laptop so it will take a lot longer to do that

117
00:10:14,110 --> 00:10:27,780
but hopefully just see if I can close this punctual C doesn't work escape no.

118
00:10:28,630 --> 00:10:30,450
Well basically let me just find.

119
00:10:30,480 --> 00:10:39,130
Let me just close this and reopen it once again and then I will get back to you in a few seconds.

120
00:10:39,140 --> 00:10:40,500
Welcome back everybody.

121
00:10:40,500 --> 00:10:47,510
Uh basically I decided to split this video since it actually took me three times to restart my machine

122
00:10:47,510 --> 00:10:49,130
in order to get it to work.

123
00:10:49,130 --> 00:10:55,400
So if you didn't open that rocket at 65 please don't open it since it might crash your machine if it

124
00:10:55,400 --> 00:10:58,080
is not strong enough.

125
00:10:58,190 --> 00:11:06,680
So let me just open a terminal once again and zoom this in a little bit and let's see the current directory.

126
00:11:06,740 --> 00:11:11,360
We want to go to handshake and go to our file right here.

127
00:11:11,360 --> 00:11:17,390
So we want to create a word list or find the world is that isn't that big so we will just go through

128
00:11:17,390 --> 00:11:22,330
the city our city user share our lists.

129
00:11:23,490 --> 00:11:31,740
We will not use the rocket attacks SeaWorld this let us use the fast track that doesn't really matter.

130
00:11:32,010 --> 00:11:37,940
It has less passwords so let's just open it and let us add our password

131
00:11:41,250 --> 00:11:45,990
right here since they gave us a free spot so why not put it right there.

132
00:11:47,020 --> 00:11:50,250
Now the password for my wireless access point is this one.

133
00:11:52,870 --> 00:12:02,190
So now that we specify this I want to control O then enter and then control C to close control X or

134
00:12:02,380 --> 00:12:10,600
10 my doing a modified buffer answering No this code changes yes we want to say that.

135
00:12:10,940 --> 00:12:13,490
So let me just check once again.

136
00:12:13,490 --> 00:12:16,390
If I put it there it should be.

137
00:12:16,490 --> 00:12:18,160
There it is.

138
00:12:18,180 --> 00:12:21,660
That does delete this free space control and then control x.

139
00:12:21,650 --> 00:12:22,600
Good.

140
00:12:22,640 --> 00:12:28,950
Now that we know that our list will be fast tracked to the 60s so we can run the same attack.

141
00:12:28,960 --> 00:12:30,340
We will air crack

142
00:12:33,700 --> 00:12:38,550
and basically you will see that right now it will find our password in less than a second.

143
00:12:38,570 --> 00:12:48,830
So air crack minus and G then minus W and we specified the path to our wordless so word lists and then

144
00:12:48,830 --> 00:12:57,200
fast track not DST and all we need to specify now is the name of our DOT kept file and if we leave these

145
00:12:57,200 --> 00:13:04,700
to run you can see basically it finished right away and it actually found as we can see right here key

146
00:13:04,700 --> 00:13:09,080
found and our password for my of all of this access point.

147
00:13:09,080 --> 00:13:12,170
It took less than a second to find it.

148
00:13:12,290 --> 00:13:17,150
So and even though it this is even though this is really really slow.

149
00:13:17,150 --> 00:13:20,250
If the password is somewhere towards the beginning this will take.

150
00:13:20,270 --> 00:13:25,620
This will finish basically in no time.

151
00:13:25,710 --> 00:13:27,750
So uh.

152
00:13:27,840 --> 00:13:34,910
In order to post this right here in order to boost the number of the passwords you can crack per minute

153
00:13:35,050 --> 00:13:42,260
uh you can do basically two things either either uh don't use the machine and use Linux distribution

154
00:13:42,270 --> 00:13:48,600
that is double booted with Windows or basically only booted uh as a main operating system on our P.C.

155
00:13:48,600 --> 00:13:55,590
or laptop uh because it will use all of the hardware resources that your machine has in order to perform

156
00:13:55,590 --> 00:14:02,970
this attack which basically for example if I had on my main P.C. uh booted Linux and I ran this same

157
00:14:02,970 --> 00:14:03,320
attack.

158
00:14:03,330 --> 00:14:09,370
I believe this would be around 3000 passwords per second since it won't use only one.

159
00:14:09,420 --> 00:14:11,320
Or it would use all four cores

160
00:14:14,020 --> 00:14:20,560
now the other way is the way to tell will show you in the next video which is basically running the

161
00:14:20,560 --> 00:14:22,960
same attack or not the same attack.

162
00:14:22,990 --> 00:14:30,760
Basically running the brute force attack with GPO which is your graphics card which can perform these

163
00:14:30,820 --> 00:14:38,740
smaller these which basically can perform this attack a lot faster since basically your graph card has

164
00:14:38,740 --> 00:14:43,780
a lot more cores and it can perform the smaller tasks a lot faster than your CPO.

165
00:14:44,200 --> 00:14:51,130
Therefore it will be much faster in process of cracking this password we will use cash cat in order

166
00:14:51,130 --> 00:14:56,140
to do that but you will see in the next video that we will need to do some little modifications to our

167
00:14:56,140 --> 00:15:05,800
file in order to continue with that attack process so after that we will cover how to make out what

168
00:15:05,800 --> 00:15:11,320
lists that could suit you better since you do sometimes you do not want to use the word lazy that you

169
00:15:11,320 --> 00:15:17,220
have pre installed or that you can download on the internet so you will be able to create your own world

170
00:15:17,230 --> 00:15:21,930
lists but all all of that will do in the next lectures.

171
00:15:21,940 --> 00:15:25,640
For now on that is it with the aircraft CPO cracking.

172
00:15:26,210 --> 00:15:31,510
Uh we will continue with hash cat in the next material and I hope I see you there.

173
00:15:31,510 --> 00:15:31,810
Bye.