Brute force WiFi WPA2

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
- In this video I'm gonna show you how to use a brute force attack to crack a WPA version 2 password. We gonna do that within a few minutes. So within seven minutes, using this laptop behind me, I'm gonna show you how to crack a WPA version 2 password, random password using brute force and an application called Hashcat. Now, for this to work you need access to a GPU, in your laptop as an example. So in that laptop I have a GEForce GPU that I can access to do a brute force attack very, very quickly against a WPA version 2 password. Please note that the password that I'm using in this example is a random password on a TP Link router. This is actually the password that the router shipped with. One of the problems with TP Link routers, same on this router, is that the default password that the routers are configured with is an eight digit number. That allows us to much more quickly crack the password using a brute force attack with a GPU. They're not using alphanumeric characters, they're just using numeric characters. They're not using special characters as part of the default password. So if a user uses the default password, and a lot of people do when they get new routers, we can use a brute force attack with a GPU to very quickly crack the password. This is a terrible weakness on TP Link routers. It once again took me less than seven minutes to crack this password using a laptop and a GEForce GPU in the laptop. Now, I'm showing you the whole process in this video. I'm gonna show you how to capture the 4-way handshake. I'm gonna show you how to convert the cap file into a format that Hashcat can understand. I'm gonna show you how to bring that into windows and use Hashcat within windows to launch the brute force attack against the password. So use this menu to jump to a specific topic of interest. If you're not interested in the 4-way handshake capture, you're just interested in the Hashcat brute force part of the video, then again jump to the relevant part of the video. Okay. Let's get started. ♪ I've been in your waters ♪ Okay. So once again I'm controlling that laptop from my Mac using VNC. First thing I need to do is have a wireless network card. So in this example, I'm using an Alfa network adapter. I've connected it to that laptop using its USB port. And what I've done is connected to the Kali virtual machine running on this windows computer. So if I open up a command prompt and type IP address, what you'll notice is wlan0 is available. So in other words the wireless network adapter has been picked up by Kali Linux. So to simplify this process, I'm gonna use Wifite. And I'm gonna use this command, "sudo wifite wpa kill." I'm only gonna attack WPA networks and I'm gonna kill any processes that interfere. Have a look at this video where I explained some of the basics of Wifite. I'm not gonna explain too much about the software in this video. You don't have to use Wifite, you could use other tools. But Wifite just makes it very simple. So first thing I need to do is decide which network I'm gonna attack. I'm gonna press Control + C to stop Wifite scanning for networks. In this example, I wanna attack this network, TP-Link. So I'm gonna press 1 to start the attack. Now we could run a Pixie Dust attack, but I'm not gonna do that. I'm gonna press Control + C and then C to continue to the next attack. I'm also not gonna run the null pin attack. Press C to continue. I'm also not gonna run a WPS Pin attack. C to continue. Could also run another attack but I'm not gonna do that. The only attack I'm wanting to run in this example is the WPA handshake attack. Now, it's discovered clients. I'll try and connect to the TP-Link router. But I'm getting kicked off the network. That's what we want. It's now captured the handshake and it's tryna run the probable word list against that captured handshake. Now, in my previous videos, a lot of people complained saying they not gonna be using simple passwords on their wifi networks. But again, in this example, I'm using the default password that the router is configured as. So this specific TP-Link router has this wireless password. This router has a different password, but it's also only eight characters in length. So these are the random passwords that the routers are shipped with. So again, this is the password on the router. But that wasn't discovered because it's not in this word list. If I type ls, we have this hs directory. And if I go to that directory and type ls you'll notice there's a cap file. So that's the captured handshake. I'll clear the screen. And once again, there's the captured handshake. That needs to be converted now into a format that Hashcat can use. So to do that, I'm gonna use user, share, hashcat- Utils. They quite a few tools here but the tool I wanna use is this tool. And I wanna convert our handshake file to a file such as wpa2hccapx. And press enter. Okay. So I should have remembered to put sudo in. So let's put sudo in to convert that. We can see that the handshake has been written. So ls now shows us that we've got this new handshake in this directory. So I'll clear the screen. And once again, there is the new handshake saved in Kali. What I'll do now is open up a folder. So under hs, we've got the file. And what I'm gonna do is make VM way smaller. And I'm gonna copy that file into windows into my Hashcat directory. To actually use Hashcat, I'm gonna open up a command prompt. I'm gonna go to my downloads directory. I'm gonna go to my Hashcat software. DIR shows me the files here. I'll clear the screen. The software that I wanna use is Hashcat.exe. And I'll use hyphen or dash I to see the GPUs available on this computer. So we can see that device three is unstable. But we've got CUDA information here. Backend device number one is a GEForce GTX 1650 Ti. And then we've got OpenCl information. We've got NVIDIA CUDA information here. Device two is once again the GEForce GTX GPU in the computer. Now, fortunately, we don't have to specify all of those details when running Hashcat. What I'm gonna do is run Hashcat, the executable and the type that we're going to attack is WPA. You can see all of those options on the Hashcat Wiki. So we gonna be attacking WPA version 2. The attack is gonna be a brute force attack. So in the Wiki as an example, they've got a brute force attack against MD5. That's not what we're using here because we're not using -0, we're using -2,500, so WPA. But it's a brute force attack. And the attack that I wanna launch is against the WPA2 file that we created. And this specifies that Hashcat should use brute force using digits, eight digits in length in this example. So I'll press enter there. Hashcat is starting. We can press S to see the status. We can see that we're using a WPA attack against this file called WPA2. The estimated time to break this is nine minutes. So within 10 minutes, and it's actually gonna be quicker In this example, Hashcat will crack this WPA2 password. Press S to see the status again. We can see that we already at 5.9% progress. Now, this is one of the problems that you can have with your GPUs, is that the performance will be reduced because of the temperature being raised. But notice the attack has lost at 55 seconds. Estimated is 9 minutes 41 seconds. It's already progressed through 8.6% of this number of variations. So at this point, the fans on that laptop are spinning up making a lot of noise. But notice we are now at 11%, after 1 minute and 18 seconds. Now, when going I'm gonna speed up the video at this point because all it's gonna do now is continue going through all the different variations doing a brute force attack against that password. It's taken it about 2 minutes 41 seconds to get through a quarter of all of those different options. So it's not taking a lot of time. After five minutes, it's through about 50% of all the combinations. Okay, so there you go. After 6 minutes and 55 seconds, it's cracked the password. It went through 69% of a hundred million combinations. So the 69 millionth combination was the actual password. And if I type this again, it will tell us that it's already got the password. We should use show to display the password. So if I typed show now, I can see that this is the password for this wireless network. And if I go and look on the access point, there you go. That's the password using WPA version 2 PSK, encryption is AES. It took Hashcat 6 minutes and 55 seconds to crack that password. Now in windows, you can open up the potfile with, say notepad. And you'll be able to see the actual password, which once again is the password on the wireless access point. Hashcat is fantastic software, lots of options available. I'll show you in subsequent videos, more about Hashcat. I'll teach you more about Hashcat If you're interested. Hope you enjoyed this video. If you did, please like it, please subscribe to my YouTube channel. And please click on the bell to get notifications. I'm David Bombal, wanna wish you all the very best. ♪ I've been in your waters ♪ ♪ I thought you were my love ♪ ♪ I know one thing for sure ♪ ♪ I've never been so close ♪
Info
Channel: David Bombal
Views: 469,841
Rating: undefined out of 5
Keywords: wifi, hashcat, kali linux, hashcat windows 10, hashcat brute force, hashcat wpa2, hashcat windows 7, kali, linux, wifite, wifite kali linux, kali linux tutorial, kali linux install, kali linux hacking tutorials playlist, kali linux basics, kali linux tutorial for beginners, kali linux 2020, kali linux hacking tutorials, ethical hacking, ethical hacking tutorial, ethical hacking course, how to become a hacker, linux tutorial, ceh, oscp, hacker, wpa2, wpa, brute force attack
Id: J8A8rKFZW-M
Channel Id: undefined
Length: 12min 17sec (737 seconds)
Published: Fri Dec 18 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.