1
00:00:00,530 --> 00:00:01,260
Welcome back.

2
00:00:01,640 --> 00:00:08,120
So we have cracked the password with our air crack tool, we noticed that the speed was around three

3
00:00:08,120 --> 00:00:10,880
to four hundred keys or passwords per second.

4
00:00:11,510 --> 00:00:15,920
We saw that it works once we added the correct password to our file.

5
00:00:16,340 --> 00:00:22,040
And we also saw some of the other options, such as time left, the percentage and the amount of passwords

6
00:00:22,040 --> 00:00:23,020
that have been tested.

7
00:00:23,480 --> 00:00:29,170
But right now, let's see how we can crack the password even faster using the hash get to.

8
00:00:30,020 --> 00:00:32,510
So let me clear the screen from the previous video.

9
00:00:32,960 --> 00:00:39,620
And what I got on my desktop right now is I got the rock you the text password list and I got the rock

10
00:00:39,620 --> 00:00:43,080
you with our correct password.

11
00:00:43,220 --> 00:00:46,390
Now, these are the two exact same lists from the previous video.

12
00:00:46,640 --> 00:00:51,230
Just this one contains the correct password for our wireless access point.

13
00:00:52,270 --> 00:00:57,880
We're going to run the first one first just to see the speed that we get and whether it is any faster

14
00:00:58,270 --> 00:01:03,970
than with our aircraft at all, and then just to prove that it works, we're going to run this list

15
00:01:04,150 --> 00:01:04,690
the next.

16
00:01:05,700 --> 00:01:12,030
So let's get straight into it to run the hash cut health menu, you can simply just type Haskett and

17
00:01:12,030 --> 00:01:19,230
to get even more options onto how you can use Haskett, you can type Haskett and then dash, dash help.

18
00:01:20,730 --> 00:01:23,700
And here is the help menu down here.

19
00:01:23,730 --> 00:01:30,360
We got some basic examples of how we can use hash and if I scroll a little bit up here.

20
00:01:34,490 --> 00:01:41,810
We can see all of our available options and you might be asking what was the thing that was scrolling

21
00:01:41,810 --> 00:01:42,740
through so much?

22
00:01:43,100 --> 00:01:47,520
Well, these are just different types, password dashes that you can track.

23
00:01:48,290 --> 00:01:51,430
You have one shot, two shot, five hundred twelve.

24
00:01:51,740 --> 00:01:59,210
You got get çok, you got sparse, you got five different types of empty, five hashes with salt without

25
00:01:59,210 --> 00:01:59,720
salt.

26
00:02:00,110 --> 00:02:01,880
That goes for Shabaan as well.

27
00:02:01,880 --> 00:02:04,940
And for any other password list that we can find.

28
00:02:05,450 --> 00:02:12,430
Now you might be wondering, well which one are we going to use in our case we want to find the WPA

29
00:02:12,620 --> 00:02:17,120
pass Firtash and it will be under these network protocols.

30
00:02:17,120 --> 00:02:19,520
And if I go right here, here it is.

31
00:02:19,520 --> 00:02:27,230
We want to use the WPA people, PBC, KDAF to and this has a code of two five hundred.

32
00:02:27,440 --> 00:02:31,610
Remember that, because that is the number that we are going to specify in our command.

33
00:02:31,970 --> 00:02:38,300
And up here we got something under the Dash eight option, which is called the attack mode.

34
00:02:38,840 --> 00:02:45,050
And you simply just specify dash a and then different attack mode down here at the lower part of the

35
00:02:45,050 --> 00:02:48,020
health menu we get which attack modes have.

36
00:02:48,620 --> 00:02:50,510
Let me just find where it is.

37
00:02:50,510 --> 00:02:54,020
I believe it's somewhere around here and here at this.

38
00:02:54,470 --> 00:02:56,480
I believe these are the attack modes.

39
00:02:56,630 --> 00:03:02,270
So we got dilo, which is specified with zero, even though it says one right here, the low attack

40
00:03:02,270 --> 00:03:10,160
mode is specified with zero and the four, which is nightmare, is specified with dash a three.

41
00:03:10,910 --> 00:03:16,660
Now we're going to be running the lowest attack mode just so we can see how the total works.

42
00:03:17,120 --> 00:03:23,720
So the first thing that we must do is we must type hash cat dash eight and then the attack mode.

43
00:03:23,720 --> 00:03:29,180
We are going to use that lowest one, which is zero, and then dash them for the password.

44
00:03:29,180 --> 00:03:36,110
Hash remembered code for the WPA password hash is going to be two five oh oh.

45
00:03:37,570 --> 00:03:46,450
After that comes our cap file, but if you were to try to run this program with our dot cap file, it

46
00:03:46,450 --> 00:03:47,350
would not work.

47
00:03:47,890 --> 00:03:50,780
Hashmat works with different cap faults.

48
00:03:50,800 --> 00:03:54,880
We must convert this cap file to X, C, cap X.

49
00:03:55,510 --> 00:03:56,450
How can we do that?

50
00:03:56,920 --> 00:04:02,780
Well, we do not have any tool that we can use in our clinic, so we must go and do that online.

51
00:04:03,160 --> 00:04:10,030
What I'm going to do is I'm going to open up my Firefox and I'm just going to search for cap to XY cap

52
00:04:10,030 --> 00:04:10,920
x converter.

53
00:04:11,650 --> 00:04:20,620
Let's wait for this to open, open a new tab and type cap to XY cap and then X Press enter.

54
00:04:21,510 --> 00:04:26,310
The proxies are refusing connections, this could be due to our berp suit being the proxy, so we're

55
00:04:26,310 --> 00:04:30,050
just going to remove it real quick instead of actually opening it.

56
00:04:30,640 --> 00:04:33,630
I'm just going to go to network settings and click right here.

57
00:04:33,810 --> 00:04:36,480
No proxy, great novel.

58
00:04:36,570 --> 00:04:43,590
Refresh this page and I'm going to go to this first link right here, which is picked up and kept file

59
00:04:43,590 --> 00:04:45,690
convertor to exi cap ex.

60
00:04:46,020 --> 00:04:47,100
Let's click on that.

61
00:04:48,370 --> 00:04:51,280
Let's select our file, I will click on Browse.

62
00:04:53,910 --> 00:05:01,320
And I will find my daughter Capful, here it is, will select that one and I will click on upload.

63
00:05:02,710 --> 00:05:08,350
This will upload the file for me, and as soon as it finishes, I should be able to download the XY

64
00:05:08,350 --> 00:05:11,840
cap ex file that we can use with our hash, get to it.

65
00:05:12,220 --> 00:05:14,140
So let's wait for this to finish.

66
00:05:14,860 --> 00:05:16,150
And here it is.

67
00:05:16,150 --> 00:05:21,430
I can click down here, download my file, and I want to save my file.

68
00:05:22,300 --> 00:05:28,190
It will be under here in the download section, as we can see, it has some weird name nonetheless.

69
00:05:28,210 --> 00:05:31,200
Let's go to our desktop for that.

70
00:05:31,210 --> 00:05:39,730
I'm going to open another terminal, navigate to downloads, and I'm going to copy our exit cap ex file

71
00:05:39,730 --> 00:05:43,120
to Mr. Hacker and then desktop.

72
00:05:43,860 --> 00:05:45,580
Then I can exit this out.

73
00:05:45,970 --> 00:05:50,100
And the next thing that we specify right here is that file.

74
00:05:50,440 --> 00:05:53,020
So I believe it is called like this.

75
00:05:53,410 --> 00:05:55,250
You can rename it if you want to.

76
00:05:55,270 --> 00:05:57,550
I'm just going to leave it with this long name.

77
00:05:57,790 --> 00:06:03,250
And the last parameter to this function is going to be the word list that we're going to use in our

78
00:06:03,250 --> 00:06:03,670
case.

79
00:06:03,850 --> 00:06:07,120
This is going to be RockYou Dot the first.

80
00:06:07,330 --> 00:06:09,490
This is the list without our password.

81
00:06:10,240 --> 00:06:12,580
So let's go through the options once again.

82
00:06:12,580 --> 00:06:14,590
The attack mode is going to be the lowest.

83
00:06:15,040 --> 00:06:18,880
The dash and option specifies which password are cracking.

84
00:06:18,880 --> 00:06:22,600
We're cracking a password, so we specify two five oh oh.

85
00:06:23,050 --> 00:06:30,370
Then we specified our capful that is converted for hash cat and the last thing we specify is the password

86
00:06:30,370 --> 00:06:30,820
list.

87
00:06:31,360 --> 00:06:32,470
So I'm going to run this.

88
00:06:33,740 --> 00:06:39,380
It will tell me that this has been started, it will initialise this back and runtime for our device

89
00:06:39,380 --> 00:06:43,790
one and it will probably start brute force with my CPU.

90
00:06:44,330 --> 00:06:48,830
And the reason it does that is probably because we are running these sort of virtual machines so it

91
00:06:48,830 --> 00:06:50,440
can only detect the CPU.

92
00:06:50,450 --> 00:06:55,250
However, even with CPU cracking, we should still get faster cracking time.

93
00:06:55,250 --> 00:06:59,420
Then with air crack, all we need to do is we need to wait for this to finish.

94
00:06:59,660 --> 00:07:03,830
And as soon as that's done, we should start cracking the password.

95
00:07:04,520 --> 00:07:05,540
And here it is.

96
00:07:05,540 --> 00:07:07,310
It started cracking the password.

97
00:07:07,760 --> 00:07:09,820
It will not write anything right here.

98
00:07:09,830 --> 00:07:17,990
However, if we type as for status, we can check out what progress it currently has so we can see some

99
00:07:17,990 --> 00:07:19,150
information right here.

100
00:07:19,700 --> 00:07:26,180
And any time you press, as you will see the current progress of this cracking of the password.

101
00:07:27,220 --> 00:07:31,930
It will tell us which file are we using to crack, which hash name are we using?

102
00:07:32,320 --> 00:07:35,070
The progress and the speed is down here.

103
00:07:35,290 --> 00:07:40,750
It says six hundred hashes per second and this is equal to six hundred passwords per second.

104
00:07:40,960 --> 00:07:46,900
So we can see it is almost double the amount that we had with our crack down here.

105
00:07:46,910 --> 00:07:53,230
We can see the progress as to what amount of passwords have recovered from 14 million passwords that

106
00:07:53,230 --> 00:07:54,820
we have inside of our program.

107
00:07:55,360 --> 00:08:00,900
And we can see we already passed 100000 passwords in the candidates.

108
00:08:00,910 --> 00:08:04,480
It tells you between which passwords it is currently at.

109
00:08:04,980 --> 00:08:06,580
Now, you can wait for this to finish.

110
00:08:06,580 --> 00:08:11,620
However, even though it is currently at one percent, we're not going to be waiting for all of this

111
00:08:11,620 --> 00:08:12,040
to finish.

112
00:08:12,040 --> 00:08:13,120
It would take hours.

113
00:08:13,400 --> 00:08:20,590
We're just going to quit this with queue comment and then we're going to run the same comment just with

114
00:08:20,590 --> 00:08:22,140
our correct file.

115
00:08:22,960 --> 00:08:28,000
So I'm going to use RockYou with password data and I'm going to run this once again.

116
00:08:28,360 --> 00:08:33,970
Just make sure that you add the correct password to the password list and let's see whether it will

117
00:08:33,970 --> 00:08:35,170
manage to find it.

118
00:08:36,190 --> 00:08:42,460
And keep in mind that if you didn't run this on a virtual machine and you actually used the GPU to brute

119
00:08:42,460 --> 00:08:49,480
force the password, you could have up to tens of thousands of passwords per second and the faster the

120
00:08:49,480 --> 00:08:49,820
better.

121
00:08:50,020 --> 00:08:56,320
However, even with this small speed, we managed to find the password while I was talking so we can

122
00:08:56,320 --> 00:08:58,190
see it printed it out right here.

123
00:08:58,450 --> 00:08:59,490
Here is the hash.

124
00:08:59,830 --> 00:09:03,330
Here is the name of the actual wireless access point.

125
00:09:03,340 --> 00:09:06,610
And here is the password that it managed to find.

126
00:09:07,210 --> 00:09:08,290
So we can see it.

127
00:09:08,290 --> 00:09:11,170
Also did this in less than one second.

128
00:09:11,890 --> 00:09:15,280
While I talked, we got all of these results output.

129
00:09:15,820 --> 00:09:21,260
And this is a second option as to how you can crack the password of wireless access points.

130
00:09:21,460 --> 00:09:24,670
Now you can use the hash, get to crack some other passwords as well.

131
00:09:24,700 --> 00:09:27,800
We saw that they are a bunch of different hash values that you can use.

132
00:09:28,360 --> 00:09:32,200
However, we learned hash cat through wireless password cracking.

133
00:09:33,040 --> 00:09:33,490
Great.

134
00:09:33,700 --> 00:09:35,990
And that's about it for wireless cracking.

135
00:09:36,490 --> 00:09:38,800
So thank you for watching this video and this section.

136
00:09:38,800 --> 00:09:41,500
And I will see you in the next lecture.