1 00:00:01,340 --> 00:00:08,910 Know so far we learn how to use aircraft ngi to run a wordless attack and crack the password for WPA 2 00:00:08,970 --> 00:00:11,730 and WPA to networks. 3 00:00:11,730 --> 00:00:18,680 We did this by doing aircraft ngi followed by the file name that contains the handshake 4 00:00:22,390 --> 00:00:29,380 and followed by the name of the wordlist which in my case is WPA a wordlist. 5 00:00:29,630 --> 00:00:33,020 Now run this command will start to crack in. 6 00:00:33,110 --> 00:00:38,270 And as you can see now it's going through the whole world destroying every single possible password 7 00:00:38,270 --> 00:00:39,560 in there. 8 00:00:39,560 --> 00:00:42,970 So I'm going to control see this. 9 00:00:43,280 --> 00:00:47,040 And as you can see I have quite big dictionary in here. 10 00:00:47,250 --> 00:00:53,250 So it would take two hours and 13 minutes to go through this whole dictionary to try all the possible 11 00:00:53,250 --> 00:00:54,430 passwords in there. 12 00:00:55,760 --> 00:00:59,650 Now there are much bigger dictionaries than the one I'm using right here. 13 00:00:59,690 --> 00:01:05,210 So the cracking process can take several hours or even days. 14 00:01:05,210 --> 00:01:10,750 Now this is not bad for crack NWP I wouldn't mind waiting a day or two to get my password. 15 00:01:10,760 --> 00:01:16,760 The only problem is you're going to have to that aircraft and you run for this amount of time because 16 00:01:16,790 --> 00:01:23,870 if you quit aircraft ngi and run the command again as you can see we're going to start from zero percent 17 00:01:23,870 --> 00:01:31,160 again and we're going to start from the start of the files so aircraft engine doesn't save where it 18 00:01:31,160 --> 00:01:34,020 reached in the previous cracking session. 19 00:01:35,000 --> 00:01:41,860 So what I want to show you today is how to save the cracking session so that if you quit aircraft ngi 20 00:01:41,900 --> 00:01:47,480 and come back to it in a day or two or even if you come back to it after a week you'll still have your 21 00:01:47,480 --> 00:01:51,290 session and you'll start from where you left the last time. 22 00:01:52,800 --> 00:01:57,800 So to do this we're going to first of all use a tool called John Draper. 23 00:01:57,960 --> 00:02:03,700 Now John the Ripper is a very famous cracking tool that can be used to do many things. 24 00:02:03,990 --> 00:02:09,210 And this lecture we're going to use it to do something very simple which is literally just display our 25 00:02:09,370 --> 00:02:11,480 wordlist on the screen. 26 00:02:11,640 --> 00:02:14,400 And I'll tell you why we'll do that. 27 00:02:14,400 --> 00:02:16,050 So first of all let me show you the command. 28 00:02:16,050 --> 00:02:20,940 It's going to be John followed by the name of the wordless. 29 00:02:20,990 --> 00:02:26,880 We're going to say wordlist and give it the name of my wordlist which is WPA wordlist 30 00:02:30,300 --> 00:02:37,670 and then I'm going to tell her that I want you to display this on the standard output which is basically 31 00:02:37,670 --> 00:02:39,920 this current terminal screen. 32 00:02:40,160 --> 00:02:45,230 So the command is very simple we're just doing John which is the name of the program we're giving it 33 00:02:45,290 --> 00:02:49,910 our wordlist which is stored in the root directory so is the current working directory. 34 00:02:49,910 --> 00:02:55,130 That's why all I have to do is just give its name and then I'm saying that I want you to display this 35 00:02:55,130 --> 00:02:58,720 to me on the standard output on the terminal screen. 36 00:02:59,240 --> 00:03:04,880 Now I'm going to hit enter and as you can see this command is literally just list all the passwords 37 00:03:04,880 --> 00:03:07,890 stored in the wordlist. 38 00:03:07,940 --> 00:03:12,680 Now we're hit control-C to stop because it's a very big file and it'll take a while to list everything. 39 00:03:12,920 --> 00:03:13,820 But you get the idea. 40 00:03:13,820 --> 00:03:18,820 The command will literally just display all the passwords on screen. 41 00:03:18,820 --> 00:03:21,410 Now the question is Why am I doing this. 42 00:03:21,700 --> 00:03:29,230 Well in Linux we can redirect the output to anywhere we want to really. 43 00:03:29,230 --> 00:03:34,630 So we're going to use a very useful feature where we can redirect the output of this current command 44 00:03:35,080 --> 00:03:39,590 and use it as an input to another command. 45 00:03:39,610 --> 00:03:46,420 Now we've seen before that when we use aircraft N-G we give it our wordlist as the input. 46 00:03:46,630 --> 00:03:52,720 Today we're going to use the output generated by the command that we just seen which is basically our 47 00:03:52,720 --> 00:03:59,890 wordlist and we're going to use it as an input to aircraft energy and we were going to use that used 48 00:03:59,890 --> 00:04:03,550 in the pipe character which is the vertical bar. 49 00:04:04,000 --> 00:04:10,900 And then we're going to use our aircraft engine command in here so it's going to be aircraft Kenji followed 50 00:04:10,900 --> 00:04:14,910 by the miners w option where we usually give our wordlist. 51 00:04:15,100 --> 00:04:21,340 But we're not going to give awards this time if we wanted to use the output generated by the previous 52 00:04:21,340 --> 00:04:27,520 command and to do that we're just going to put a dash instead of the wordlist and then we're going to 53 00:04:27,520 --> 00:04:29,860 fill the command as we usually do. 54 00:04:29,920 --> 00:04:35,890 So we're going to do mine asked be to specify the MAC address for my target network. 55 00:04:35,890 --> 00:04:37,220 Now I've already copy this. 56 00:04:37,210 --> 00:04:44,020 I'm just going to paste it and then we're going to specify the name of the file that contains the handshake. 57 00:04:44,140 --> 00:04:51,240 And in my case it's called handshakes minus 0 1 cup. 58 00:04:51,310 --> 00:04:55,050 So I'm going to go over this command again just to explain it to you. 59 00:04:55,060 --> 00:05:00,700 So first of all we're using the first command here that I showed you before and this command is literally 60 00:05:00,700 --> 00:05:07,460 just going to display the output of the wordlist on screen. 61 00:05:07,630 --> 00:05:15,160 Then we use the bar character to pipe the output of the screen which is basically my wordlist to aircraft 62 00:05:15,170 --> 00:05:15,880 energy. 63 00:05:16,540 --> 00:05:19,570 So we use aircraft and as we usually do. 64 00:05:19,570 --> 00:05:25,720 And the only difference in here instead of given a wordlist name we put a dash to tell aircraft that 65 00:05:26,140 --> 00:05:33,850 get your wordlist from the result of the previous command from the result of the pipe know all of this 66 00:05:33,850 --> 00:05:34,710 is good. 67 00:05:35,020 --> 00:05:41,680 But what we did so far basically we're literally just doing something that is very similar to the normal 68 00:05:41,680 --> 00:05:46,720 aircraft engine command because this command right here displays the wordlist and this command right 69 00:05:46,720 --> 00:05:47,870 here reads it. 70 00:05:47,890 --> 00:05:50,820 So we still have installed our session. 71 00:05:51,100 --> 00:05:53,310 And here is why we use John the Ripper. 72 00:05:53,500 --> 00:05:57,810 So the only reason we use the repair is not to display the output on screen. 73 00:05:57,820 --> 00:06:04,390 This is this is useless we can do it using other programs but we use it because it can store and resume 74 00:06:04,390 --> 00:06:05,270 sessions. 75 00:06:05,350 --> 00:06:11,320 So we're going to add one more argument to John Draper and that is the most important argument which 76 00:06:11,320 --> 00:06:12,590 is called recession. 77 00:06:12,820 --> 00:06:14,080 So we're going to do session 78 00:06:16,770 --> 00:06:22,800 and we're going to name it anything so we're just going to name it you PC because the name of my network 79 00:06:22,800 --> 00:06:24,920 is UPC. 80 00:06:25,020 --> 00:06:30,710 So now when John the Ripper will run it's going to read all the passwords. 81 00:06:30,720 --> 00:06:36,450 It's going to pipe them to aircraft and the aircraft engine is going to read this password and start 82 00:06:36,450 --> 00:06:37,280 cracking. 83 00:06:37,560 --> 00:06:43,940 And then when we quit John the Ripper will start the session and a file called UPC. 84 00:06:44,430 --> 00:06:50,690 So I'm going to hit enter and you'll see that aircraft ngi will just start as usual trying to crack 85 00:06:50,690 --> 00:06:54,850 my password and I'm just going to let this run for a little bit of time. 86 00:06:54,950 --> 00:07:03,720 So some progress is made and then we'll see if we're actually reassuming from where we left OK. 87 00:07:03,810 --> 00:07:09,240 Now I'm going to press on the q button to quit. 88 00:07:09,650 --> 00:07:13,570 And as you can see we finished 0.4. 89 00:07:13,620 --> 00:07:25,160 You can think 0.39 of the whole file so our progress is 0.39 percent so our session name now is called 90 00:07:25,160 --> 00:07:29,690 UPC because we specified that in the session argument. 91 00:07:29,690 --> 00:07:31,750 So I'm going to clear all of this 92 00:07:35,840 --> 00:07:42,230 and we're going to use John again to assume the section so we're going to tell it to restore 93 00:07:45,550 --> 00:07:52,300 and then we're going to give it the session name and my session name is UPC then I'm going to pipe all 94 00:07:52,300 --> 00:07:57,130 of this again to aircraft ngi. 95 00:07:57,460 --> 00:08:03,070 I'm going to give it my notes there but you my word list and I'm going to send that to dush because 96 00:08:03,070 --> 00:08:11,160 again I wanted to get the word list from the result of the previous command which is the per command. 97 00:08:11,520 --> 00:08:14,120 Then I'm going to give it my VSS idea. 98 00:08:18,250 --> 00:08:29,340 Followed by the name of the file that contains the handshake which is handshake 0 1 cup. 99 00:08:29,480 --> 00:08:35,740 Now notice this time we didn't specify a word list because basically what we're doing is we're telling 100 00:08:35,790 --> 00:08:42,440 John the Ripper to start from where it left last time we gave the word list in the previous command. 101 00:08:42,500 --> 00:08:48,110 And now all we have to do is literally just tell John to start from where you left and John can do that 102 00:08:48,140 --> 00:08:50,840 because it supports that functionality. 103 00:08:51,110 --> 00:08:55,130 And then we're pipe in whatever John is going to read to aircraft. 104 00:08:55,170 --> 00:09:01,520 N-G again with aircraft entry we're not given a word list because it's get in it's from John then we're 105 00:09:01,520 --> 00:09:05,430 given a dubious I.D. and the handshake file. 106 00:09:05,440 --> 00:09:12,460 Now if I hit Enter you'll see the cracking will start again but I'm going to stop it quickly this time 107 00:09:12,470 --> 00:09:16,810 just to show you that we are already at 50 percent. 108 00:09:17,060 --> 00:09:22,310 So as you can see there is no way we could have done that in this very short period of time which means 109 00:09:22,310 --> 00:09:27,080 we basically started from where we left the last time. 110 00:09:27,080 --> 00:09:32,630 So like I said this method is very very simple because it allows you to basically stop the attack and 111 00:09:32,630 --> 00:09:35,360 then come back whenever you want. 112 00:09:35,360 --> 00:09:41,720 Also piping is a very handy skill to know because you can actually use it in so many scenarios to do 113 00:09:41,720 --> 00:09:43,250 different types of things.