1
00:00:00,240 --> 00:00:03,390
-: Welcome back to our Kali Linux machine.

2
00:00:03,390 --> 00:00:08,189
So we captured our password from the wireless access point.

3
00:00:08,189 --> 00:00:10,320
We performed the the deauthentication attack.

4
00:00:10,320 --> 00:00:13,050
We kicked everyone off of the internet.

5
00:00:13,050 --> 00:00:15,270
And then when we stopped the the deauthentication attack

6
00:00:15,270 --> 00:00:18,660
and someone tried to connect back, we captured the four way

7
00:00:18,660 --> 00:00:23,310
handshake into one of these files, and I transferred them

8
00:00:23,310 --> 00:00:24,780
to my Kali Linux desktop.

9
00:00:24,780 --> 00:00:27,870
And do you remember which one of them is important?

10
00:00:27,870 --> 00:00:30,750
Only this .cap file.

11
00:00:30,750 --> 00:00:33,150
All of the other three we don't need.

12
00:00:33,150 --> 00:00:34,770
Now you can delete them if you want to.

13
00:00:34,770 --> 00:00:37,170
I'm just going to move them on the side.

14
00:00:37,170 --> 00:00:40,650
And this is the file that we are going to use for both ways

15
00:00:40,650 --> 00:00:42,840
of cracking the password.

16
00:00:42,840 --> 00:00:46,920
Now open up your terminal first, and unlike any other brute

17
00:00:46,920 --> 00:00:48,570
force tactic that we previously did

18
00:00:48,570 --> 00:00:50,130
with small password lists

19
00:00:50,130 --> 00:00:53,769
of tens or hundreds or thousands of passwords.

20
00:00:53,769 --> 00:00:58,769
This one is going to be a huge, huge password list.

21
00:00:58,950 --> 00:01:03,950
This password list contains over 10 million unique passwords

22
00:01:05,280 --> 00:01:08,640
and it is on our Kali Linux machine.

23
00:01:08,640 --> 00:01:10,440
So how can we find it?

24
00:01:10,440 --> 00:01:15,440
Well, you can type the command locate and then rockyou.txt.

25
00:01:17,040 --> 00:01:20,280
This is the name of the password list and we will see

26
00:01:20,280 --> 00:01:23,370
that it is currently in this location right here.

27
00:01:23,370 --> 00:01:28,370
So /user /share /word lists and rockyou.txt.gz.

28
00:01:29,970 --> 00:01:31,450
Let's go to that directory

29
00:01:34,110 --> 00:01:39,110
And let's copy rockyou.txt.gz to home Mr. Hacker,

30
00:01:40,140 --> 00:01:41,670
and then desktop.

31
00:01:41,670 --> 00:01:45,240
Let's have both of the files at the same location.

32
00:01:45,240 --> 00:01:48,060
Now let's go back and you will notice

33
00:01:48,060 --> 00:01:52,740
that this file has this .gz extension.

34
00:01:52,740 --> 00:01:54,870
This means we have to unzip it first

35
00:01:54,870 --> 00:01:57,660
because this is a zipped file.

36
00:01:57,660 --> 00:02:02,660
Since it has .gz extension we can unzip it using gzip tool.

37
00:02:03,090 --> 00:02:05,400
And to do that we type gzip

38
00:02:05,400 --> 00:02:09,509
and then -d and then the file name.

39
00:02:09,509 --> 00:02:11,670
If I press enter, you will see

40
00:02:11,670 --> 00:02:14,550
that this file is so big that it actually takes a couple

41
00:02:14,550 --> 00:02:16,983
of seconds for it to get unzipped.

42
00:02:17,880 --> 00:02:21,540
And if I were to actually try to cat that file

43
00:02:21,540 --> 00:02:25,593
well you will see this will go on forever and ever.

44
00:02:26,610 --> 00:02:30,060
Now I can control c this and nano that file

45
00:02:30,060 --> 00:02:33,450
if I want to make some changes or add some passwords.

46
00:02:33,450 --> 00:02:35,820
And you'll also see that this takes a couple

47
00:02:35,820 --> 00:02:39,720
of seconds as well due to file being so big.

48
00:02:39,720 --> 00:02:44,720
Down here we can see it has 14 million passwords.

49
00:02:45,900 --> 00:02:49,080
All of these are some simple passwords that could occur

50
00:02:49,080 --> 00:02:52,770
in most of the cases when someone has a simple password,

51
00:02:52,770 --> 00:02:54,930
especially for wireless access points.

52
00:02:54,930 --> 00:02:57,600
For example, here is 123456789.

53
00:02:57,600 --> 00:03:00,990
We got password, princess, rock you,

54
00:03:00,990 --> 00:03:02,970
and some names right here.

55
00:03:02,970 --> 00:03:05,820
Basically these are just some usual words that occur

56
00:03:05,820 --> 00:03:06,783
in passwords.

57
00:03:07,710 --> 00:03:09,330
Now to crack this,

58
00:03:09,330 --> 00:03:11,980
now that we got both of these files right here

59
00:03:13,020 --> 00:03:15,390
we're going to use the .cap file

60
00:03:15,390 --> 00:03:19,770
from our desktop and if rockyou.txt word list.

61
00:03:19,770 --> 00:03:24,540
We're going to combine that with a tool called air crack.

62
00:03:24,540 --> 00:03:27,060
Air crack is also pre-installed in Kali Linux.

63
00:03:27,060 --> 00:03:28,360
You just type aircrack-ng.

64
00:03:30,210 --> 00:03:34,680
And to crack the password, all we need to do is type -W

65
00:03:34,680 --> 00:03:37,020
and then the password list name.

66
00:03:37,020 --> 00:03:39,510
In our case this is rockyou.txt,

67
00:03:39,510 --> 00:03:43,260
and after it comes the name of the dot cap file.

68
00:03:43,260 --> 00:03:45,150
So I'm just going to type the name

69
00:03:45,150 --> 00:03:47,493
of the file and then .cap.

70
00:03:48,510 --> 00:03:49,980
This is the entire command.

71
00:03:49,980 --> 00:03:51,100
If I press enter

72
00:03:54,300 --> 00:03:58,203
you will see it'll start cracking our password.

73
00:03:59,220 --> 00:04:01,950
Down here you can see the different phrases that it uses

74
00:04:01,950 --> 00:04:03,210
such as current phrase.

75
00:04:03,210 --> 00:04:04,163
This is the current password

76
00:04:04,163 --> 00:04:07,500
that it is currently trying to get.

77
00:04:07,500 --> 00:04:11,100
And here we can see the progress of all of the passwords.

78
00:04:11,100 --> 00:04:13,800
So by the time that I started this program

79
00:04:13,800 --> 00:04:17,310
it already managed to scan over 10,000 passwords

80
00:04:17,310 --> 00:04:20,339
and compare them with our hacked password.

81
00:04:20,339 --> 00:04:22,770
The speed you get right here in brackets

82
00:04:22,770 --> 00:04:27,240
which is currently almost 400 passwords per second.

83
00:04:27,240 --> 00:04:29,430
And here you get the total number

84
00:04:29,430 --> 00:04:32,430
of passwords that have to be tested.

85
00:04:32,430 --> 00:04:35,100
The time left is at this current speed,

86
00:04:35,100 --> 00:04:37,530
how much time you have left to go

87
00:04:37,530 --> 00:04:39,540
through all of these passwords.

88
00:04:39,540 --> 00:04:43,650
And here you get the percentage of the entire password list

89
00:04:43,650 --> 00:04:46,463
which we are currently at 0.15%.

90
00:04:48,000 --> 00:04:50,940
Now of course we are not going to be waiting for this.

91
00:04:50,940 --> 00:04:53,400
I can just go and check out whether the password is

92
00:04:53,400 --> 00:04:56,550
in this password list or what I'm going to do right now

93
00:04:56,550 --> 00:04:59,130
for the purposes of this tutorial is I'm going to

94
00:04:59,130 --> 00:05:03,300
manually add that password to our password list.

95
00:05:03,300 --> 00:05:07,260
So I'm going to nano the rockyou.txt

96
00:05:07,260 --> 00:05:09,753
and I'm going to scroll a little bit down,

97
00:05:11,070 --> 00:05:14,340
to for example 400 or 500 password.

98
00:05:14,340 --> 00:05:17,460
And there I'm going to write the correct password

99
00:05:17,460 --> 00:05:20,670
to my wireless access point and we want to see

100
00:05:20,670 --> 00:05:23,280
whether our program will be able to find it

101
00:05:23,280 --> 00:05:24,990
as the correct password

102
00:05:24,990 --> 00:05:28,620
with that speed of 400 passwords per second.

103
00:05:28,620 --> 00:05:33,620
So I'm going to stop right here and let's type a new line.

104
00:05:35,670 --> 00:05:39,270
And here I'm going to add the correct password

105
00:05:39,270 --> 00:05:41,310
to my wireless access point.

106
00:05:41,310 --> 00:05:43,773
And it is this one right here.

107
00:05:44,640 --> 00:05:46,800
Now you should do the same thing.

108
00:05:46,800 --> 00:05:49,710
Just scroll a little bit down through this password list

109
00:05:49,710 --> 00:05:53,400
and just write your password somewhere in the list.

110
00:05:53,400 --> 00:05:54,720
And you will notice

111
00:05:54,720 --> 00:05:59,070
that it will manage to find this in less than one second.

112
00:05:59,070 --> 00:06:03,210
So let's save this first, control O.

113
00:06:03,210 --> 00:06:05,310
It will write this to the file,

114
00:06:05,310 --> 00:06:08,640
and then we'll press control X to exit.

115
00:06:08,640 --> 00:06:10,667
The next thing that we want to do is we want to

116
00:06:10,667 --> 00:06:13,770
run this exact same command.

117
00:06:13,770 --> 00:06:15,330
Just this time we know

118
00:06:15,330 --> 00:06:18,210
that we have the correct password in that list.

119
00:06:18,210 --> 00:06:19,713
Let's press enter.

120
00:06:21,840 --> 00:06:24,000
And here it is

121
00:06:24,000 --> 00:06:27,570
it managed to find the password in one second.

122
00:06:27,570 --> 00:06:29,670
You will notice as soon as it finds the password

123
00:06:29,670 --> 00:06:31,710
it'll stop the execution

124
00:06:31,710 --> 00:06:34,920
of the program and it'll print it right here.

125
00:06:34,920 --> 00:06:38,520
Key found and in the brackets will be the correct password

126
00:06:38,520 --> 00:06:41,040
to that wireless access point.

127
00:06:41,040 --> 00:06:45,690
It scanned about 492 passwords out of 10 million

128
00:06:45,690 --> 00:06:50,340
and in less than one second it found the correct password.

129
00:06:50,340 --> 00:06:51,750
How cool is this?

130
00:06:51,750 --> 00:06:53,610
And keep in mind that this is the speed

131
00:06:53,610 --> 00:06:56,490
of us running this from a virtual machine.

132
00:06:56,490 --> 00:06:59,790
For example, once I test this program on my laptop

133
00:06:59,790 --> 00:07:04,620
it has a speed of three to 4,000 passwords per second.

134
00:07:04,620 --> 00:07:06,870
And in the next video we're going to see how we

135
00:07:06,870 --> 00:07:10,320
can increase the cracking speed even more.

136
00:07:10,320 --> 00:07:13,530
So with Hashcat, which is the program that we'll cover

137
00:07:13,530 --> 00:07:14,550
in the next video.

138
00:07:14,550 --> 00:07:17,730
We're actually cracking the passwords with GPU.

139
00:07:17,730 --> 00:07:21,720
And here we're cracking the passwords with our processor.

140
00:07:21,720 --> 00:07:24,510
And cracking with GPU is much faster.

141
00:07:24,510 --> 00:07:27,120
Therefore, we should have a higher speed once

142
00:07:27,120 --> 00:07:30,630
performing the cracking with our Hashcat program.

143
00:07:30,630 --> 00:07:34,020
Nonetheless, more about that in the next video.

144
00:07:34,020 --> 00:07:34,853
See you there.