1
00:00:00,570 --> 00:00:02,850
Welcome back to our Kelvyn machine.

2
00:00:03,390 --> 00:00:10,350
So we captured our password from the wireless access point, we perform the deal authentication attack.

3
00:00:10,350 --> 00:00:12,780
We kicked everyone off of the Internet.

4
00:00:13,020 --> 00:00:18,270
And then when we started the authentication attack and someone tried to connect back, we captured the

5
00:00:18,270 --> 00:00:24,710
four way handshake into one of these files and I transferred them to my Kelly NEXTSTEP.

6
00:00:24,720 --> 00:00:27,440
And do you remember which one of them is important?

7
00:00:27,840 --> 00:00:30,240
Only this dot kept file.

8
00:00:30,720 --> 00:00:32,730
All of the other three we don't need.

9
00:00:33,160 --> 00:00:34,800
Now, you can delete them if you want to.

10
00:00:34,830 --> 00:00:36,840
I'm just going to move them on the side.

11
00:00:37,140 --> 00:00:42,200
And this is the file that we are going to use for both ways of cracking the password.

12
00:00:42,810 --> 00:00:44,760
Now, open up your terminal first.

13
00:00:45,120 --> 00:00:52,020
And unlike any other brute force tag that we previously did with small password lists of tens or hundreds

14
00:00:52,020 --> 00:00:53,530
or thousands of passwords.

15
00:00:54,120 --> 00:00:58,080
This one is going to be a huge, huge password list.

16
00:00:58,950 --> 00:01:07,940
This password list contains over 10 million unique passwords and it is on our Caledonius machine.

17
00:01:08,640 --> 00:01:10,050
So how can we find it?

18
00:01:10,410 --> 00:01:18,900
Well, you can type the command, locate and then rockyou that this is the name of the password list

19
00:01:19,320 --> 00:01:23,400
and we will see that it is currently in this location right here.

20
00:01:23,490 --> 00:01:29,200
So user SlideShare slash wordlist and RockYou that the dot gov.

21
00:01:29,970 --> 00:01:31,350
Let's go to that directory.

22
00:01:34,060 --> 00:01:42,520
And let's cupie rocket attacks that cheezy to home, Mr. Hacker, and then desktop, let's have both

23
00:01:42,520 --> 00:01:44,830
of the files at the same location.

24
00:01:45,220 --> 00:01:52,110
Now, let's go back and you will notice that this file has this dot jizzy extension.

25
00:01:52,720 --> 00:01:56,920
This means we have to unzip it first because this is a zip file.

26
00:01:57,670 --> 00:02:02,610
Since it has got jizzy extension, we can and zip it using zip code.

27
00:02:03,010 --> 00:02:08,890
And to do that we type G zip and then dash the and then the file name.

28
00:02:09,490 --> 00:02:15,280
If I press enter, you will see that this file is so big that it actually takes a couple of seconds

29
00:02:15,280 --> 00:02:16,840
for it to get unzipped.

30
00:02:17,810 --> 00:02:25,480
And if I were to actually try to catch that foul, well, you will see this will go on forever and ever.

31
00:02:26,580 --> 00:02:33,990
Now I can control cities and not at fault if I want to make some changes or add some passwords, and

32
00:02:33,990 --> 00:02:40,500
you will also see that this takes a couple of seconds as well due to file being so big down here, we

33
00:02:40,500 --> 00:02:44,640
can see it has 14 million passwords.

34
00:02:45,860 --> 00:02:52,040
All of these are some simple passwords that could occur in most of the cases when someone has a simple

35
00:02:52,190 --> 00:02:54,950
password, especially for wireless access points.

36
00:02:54,960 --> 00:02:57,650
For example, here is one, three, four, five, six, seven, eight, nine.

37
00:02:57,660 --> 00:03:02,620
We got Password, Princess RockYou and some names right here.

38
00:03:02,990 --> 00:03:06,650
Basically, these are just some usual words that occur in passwords.

39
00:03:07,650 --> 00:03:14,730
Now, to crack this now that we got both of these files right here, we're going to use the dot cap

40
00:03:14,730 --> 00:03:19,200
file from our desktop and the rocket that the wordlist.

41
00:03:19,770 --> 00:03:23,820
We're going to combine that with a tool called air crack.

42
00:03:24,480 --> 00:03:31,200
Air crack is also preinstalled in Kalinich, so you just type air crack Desh and G and to crack the

43
00:03:31,200 --> 00:03:36,800
password, all we need to do is type dash W and then the password list name.

44
00:03:36,990 --> 00:03:42,850
In our case this is rocketed to 60 and after it comes the name of the dot com file.

45
00:03:43,260 --> 00:03:47,370
So I'm just going to type the name of the file and then dot QEP.

46
00:03:48,510 --> 00:03:51,060
This is the entire comment, if I press enter.

47
00:03:54,290 --> 00:03:58,130
You will see it will start cracking our password.

48
00:03:59,180 --> 00:04:03,190
Down here, you can see the different phrases that it uses, such as current phrase.

49
00:04:03,230 --> 00:04:07,010
This is the current password that it is currently trying to guess.

50
00:04:07,460 --> 00:04:11,080
And here we can see the progress of all of the passwords.

51
00:04:11,090 --> 00:04:17,120
So by the time that I started this program, it already managed to scan over ten thousand passwords

52
00:04:17,270 --> 00:04:19,880
and compare them with our hash password.

53
00:04:20,360 --> 00:04:26,500
The speed you get right here in brackets, which is currently almost four hundred passwords per second.

54
00:04:27,170 --> 00:04:31,610
And here you get the total number of passwords that have to be tested.

55
00:04:32,420 --> 00:04:39,040
The time left is at this current speed, how much time you have left to go through all of these passwords.

56
00:04:39,500 --> 00:04:46,550
And here you get the percentage of the entire password list, which we are currently at zero point fifteen

57
00:04:46,670 --> 00:04:47,270
percent.

58
00:04:48,020 --> 00:04:50,920
Now, of course, we are not going to be waiting for this.

59
00:04:50,930 --> 00:04:56,360
I can just go and check out whether the password is in this password list or what I'm going to do right

60
00:04:56,360 --> 00:05:02,690
now for the purposes of this material is I'm going to manually add that password to our password list.

61
00:05:03,350 --> 00:05:09,620
So I'm going to Nannerl, the Iraqi data, and I'm going to scroll a little bit down.

62
00:05:11,090 --> 00:05:18,260
Two, for example, 400 or 500 passwords, and there I'm going to write the correct password to my wireless

63
00:05:18,260 --> 00:05:24,620
access point and we want to see whether our program will be able to find it as the correct password

64
00:05:24,980 --> 00:05:28,180
with that speed of four hundred passwords per second.

65
00:05:28,610 --> 00:05:35,080
So I'm going to stop right here and let's type a new line.

66
00:05:35,600 --> 00:05:41,120
And here I'm going to add the correct password to my wireless access point.

67
00:05:41,270 --> 00:05:43,640
And it is this one right here.

68
00:05:44,620 --> 00:05:50,530
Now, you should do the same thing, just scroll a little bit down through this password list and just

69
00:05:50,530 --> 00:05:57,160
write your password somewhere in the list and you will notice that it will manage to find this in less

70
00:05:57,190 --> 00:05:58,470
than one second.

71
00:05:59,050 --> 00:06:01,820
So let's save this first control.

72
00:06:01,840 --> 00:06:02,200
Oh.

73
00:06:03,190 --> 00:06:09,760
It will write this to the file and then we press control X to exit, the next thing that we want to

74
00:06:09,760 --> 00:06:13,360
do is we want to run this exact same command.

75
00:06:13,780 --> 00:06:14,860
Just this time.

76
00:06:14,870 --> 00:06:17,770
We know that we have the correct password in that list.

77
00:06:18,190 --> 00:06:19,570
Let's press enter.

78
00:06:21,810 --> 00:06:29,130
And here it is, it managed to find the password in one second, you will notice as soon as it finds

79
00:06:29,130 --> 00:06:34,610
the password, it will stop the execution of the program and it will print it right here.

80
00:06:34,890 --> 00:06:40,440
Key found and in the brackets will be the correct password to that wireless access point.

81
00:06:41,040 --> 00:06:45,120
It's scanned about four hundred and ninety two passwords out of ten million.

82
00:06:45,660 --> 00:06:50,100
And in less than one second it found the correct password.

83
00:06:50,370 --> 00:06:51,390
How cool is this?

84
00:06:51,690 --> 00:06:56,480
And keep in mind that this is the speed of us running this from a virtual machine.

85
00:06:56,490 --> 00:07:03,390
For example, once I test this program on my laptop, it has a speed of three to four thousand passwords

86
00:07:03,390 --> 00:07:04,110
per second.

87
00:07:04,560 --> 00:07:08,550
And in the next video, we're going to see how we can increase the cracking speed.

88
00:07:08,550 --> 00:07:13,630
Even more so with CAT, which is the program that we're covering.

89
00:07:13,630 --> 00:07:19,980
The next video, we're actually cracking the passwords with GPU and here we're cracking the passwords

90
00:07:19,980 --> 00:07:24,540
with our processor and cracking with GPU is much faster.

91
00:07:24,540 --> 00:07:30,030
Therefore, we should have a higher speed once performing the cracking with our Hackgate program.

92
00:07:30,630 --> 00:07:33,490
Nonetheless, more about that in the next video.

93
00:07:34,230 --> 00:07:34,590
You there?