1
00:00:01,400 --> 00:00:09,680
From the previous lectures we learned that when it comes to WPA and wpa 2 the only pockets that contains

2
00:00:09,680 --> 00:00:18,150
some information that can help us with cracking the key are the handshake packets and in the last lecture

3
00:00:18,360 --> 00:00:23,560
we learned how to capture the handshake and store it in a file.

4
00:00:23,760 --> 00:00:32,000
Now the handshake does not contain any information that can help us to recover or recalculate the WPA

5
00:00:32,010 --> 00:00:39,950
keep the information in it can only be used to check whether a password is valid or not.

6
00:00:39,960 --> 00:00:47,850
Therefore what we're going to do is to create a world list which is basically a big text file that contains

7
00:00:47,940 --> 00:00:50,050
a large number of passwords.

8
00:00:50,310 --> 00:00:56,820
Then go through this file go through the passwords one by one and use them with the handshake in order

9
00:00:56,820 --> 00:01:05,460
to check whether this password is valid or not you can actually download ready word lists from the Internet.

10
00:01:05,910 --> 00:01:12,030
But in this lecture I want to teach you how to create your own world list and in the next lecture I'm

11
00:01:12,030 --> 00:01:18,240
going to explain to you how the word list and the handshake are used in order to recover the password

12
00:01:18,480 --> 00:01:21,440
and we'll see how to do that in practice.

13
00:01:23,810 --> 00:01:29,400
So in this lecture we're going to learn how you create your onward list using a tool called crunch.

14
00:01:29,420 --> 00:01:32,160
This is a really handy skill to have under your belt.

15
00:01:32,180 --> 00:01:38,000
If you want to be a penetration tester because you're going to face a lot of scenarios where a wordless

16
00:01:38,000 --> 00:01:40,040
attack can become very handy.

17
00:01:40,880 --> 00:01:42,500
So using the tool is very simple.

18
00:01:42,500 --> 00:01:49,580
All you have to do is just put the name of the tool and then you specify the minimum number of characters

19
00:01:49,580 --> 00:01:52,030
for the passwords to be generated.

20
00:01:52,160 --> 00:01:59,260
Then we're going to specify the maximum number of characters for the password then you specify the characters

21
00:01:59,350 --> 00:02:01,680
that you want to generate passwords from.

22
00:02:01,810 --> 00:02:05,310
For example you can put all lowercase characters all uppercase.

23
00:02:05,320 --> 00:02:12,740
You can put numbers digits or you can just specify a small a smaller number to make the word list smaller.

24
00:02:12,790 --> 00:02:16,840
You can also use the option T which is an optional to give a pattern.

25
00:02:16,840 --> 00:02:21,580
So for example let's say that you are looking at the person while they were typing their password and

26
00:02:21,580 --> 00:02:24,110
you see that the password will start with an A.

27
00:02:24,550 --> 00:02:30,310
So you can tell crunch that the password will start with an A and then give me all possible combination

28
00:02:30,760 --> 00:02:38,820
of passwords that start with any and after that we use the minus 0 option to specify the file name where

29
00:02:38,830 --> 00:02:40,600
the passwords are are gonna be stored.

30
00:02:41,690 --> 00:02:48,380
So we have a small little example here that will generate a list of passwords that contain that start

31
00:02:48,380 --> 00:02:54,350
from six characters to eight characters and contain these characters right here so it's going to create

32
00:02:54,350 --> 00:03:01,160
combinations of one two three ABC and the dollar sign and it's going to store it in a file called word

33
00:03:01,160 --> 00:03:08,990
list and these passwords are going to start with any and end with the B and it'll generate passwords

34
00:03:09,020 --> 00:03:15,980
based on all possible combinations between the A and the B so all of the generated passwords will always

35
00:03:15,980 --> 00:03:22,770
start with a and end with B so let's have an example of the tool the tool actually have a lot of options

36
00:03:22,800 --> 00:03:24,520
other than what we've seen so far.

37
00:03:24,570 --> 00:03:33,270
So if you just type in mine crunch you'll see all the options that you can set and you'll see detailed

38
00:03:33,540 --> 00:03:37,510
description about all of these options so it's actually really really good.

39
00:03:37,560 --> 00:03:41,420
You can go ahead and spend some time to get familiar with the tool.

40
00:03:41,430 --> 00:03:42,860
Now I'm gonna show you the example.

41
00:03:42,870 --> 00:03:48,630
And based on the example you'll be able to run all of these commands but if you want to run or create

42
00:03:48,630 --> 00:03:55,280
some advanced word lists then I highly recommend that you go over this one of the really cool options

43
00:03:55,280 --> 00:04:01,910
that I want to highlight is the minus B option the minus B option tells crunched to generate passwords

44
00:04:02,120 --> 00:04:04,130
that don't have repeating characters.

45
00:04:04,340 --> 00:04:09,250
For example when you specify all lowercase characters you use specify ABC.

46
00:04:09,530 --> 00:04:17,480
It'll start by generating passwords made of AAA and then a B and then a BBB and all of that.

47
00:04:17,540 --> 00:04:23,300
So when you do this crunch will actually ignore these type of passwords and it'll only create passwords

48
00:04:23,300 --> 00:04:29,120
that don't have any repeating characters and that'll reduce the size of the word list from the number

49
00:04:29,120 --> 00:04:36,440
of characters to the power of the length to the number of characters factorial if you scroll down you'll

50
00:04:36,440 --> 00:04:43,280
actually see more examples of commands and the type of word lists that will be created.

51
00:04:43,290 --> 00:04:47,700
So again you can have a look at these and get your self for me familiar with.

52
00:04:47,700 --> 00:04:52,830
Once you're done looking at the mind you can just press Q and you'll be out of it and we're gonna run

53
00:04:52,830 --> 00:04:59,470
our command here so we're gonna use crunch and again I want to generate passwords of minimum of six

54
00:04:59,470 --> 00:05:08,240
characters and maximum of eight characters and I want them to contain combinations of ABC and let's

55
00:05:08,240 --> 00:05:10,900
say the digits 1 2.

56
00:05:10,940 --> 00:05:16,310
Now in here you can actually keep listing things you can list characters you can list uppercase characters

57
00:05:16,310 --> 00:05:21,520
or even symbols if you wanted to once you're done with list and the characters were going to specify

58
00:05:21,520 --> 00:05:23,030
the file to save it too.

59
00:05:23,140 --> 00:05:31,410
And we're going to save it in a file called test that 60 so the command is very simple.

60
00:05:31,530 --> 00:05:37,470
It's crunch minimum length of the password the maximum length of the password followed by the characters

61
00:05:37,470 --> 00:05:43,650
that we want to use to generate passwords from and then 0 to the file that the passwords are gonna be

62
00:05:43,650 --> 00:05:44,700
stored in.

63
00:05:44,900 --> 00:05:51,940
You can hit enter and as you can see now is telling us that it generated four hundred and forty eight

64
00:05:51,940 --> 00:05:59,290
thousand passwords approximately and they're all stored in a file called tester 60 now the size of the

65
00:05:59,290 --> 00:06:01,390
file is four megabytes.

66
00:06:01,390 --> 00:06:03,730
And now I can open this filed by doing cat

67
00:06:07,310 --> 00:06:13,490
dirt the extra and as you can see now we can see all the passwords that have been generated.

68
00:06:13,490 --> 00:06:18,950
I'm going to control C out of it because it's a huge file and as you can see it actually contains all

69
00:06:18,950 --> 00:06:24,570
possible combinations of ABC 1 2.

70
00:06:24,610 --> 00:06:28,120
I also want to show you an example of using the minus t option.

71
00:06:28,120 --> 00:06:34,060
So I'm gonna set this to only six to six so it's only six characters and we're going to use the minus

72
00:06:34,060 --> 00:06:39,370
t option which is the pattern option and I'm gonna tell it that I want the password to always start

73
00:06:39,370 --> 00:06:47,920
with any and then I want you to feel all possible combinations of characters between the A and the B.

74
00:06:47,950 --> 00:06:54,400
So I want passwords stuck to the name and end with a B and in the middle at the outside you can fill

75
00:06:54,460 --> 00:07:02,810
all possible combinations of ABC 1 2 can hit enter as you can see now the number of passwords is much

76
00:07:02,810 --> 00:07:08,930
less it's only six hundred and twenty five passwords because I've narrowed down the possibilities of

77
00:07:08,930 --> 00:07:19,730
passwords again if I do cut test 30 60 you'll see that I have all the passwords right here.

78
00:07:19,960 --> 00:07:20,880
So this is it.

79
00:07:20,890 --> 00:07:23,940
Tool is really useful can be used in many scenarios.

80
00:07:24,190 --> 00:07:29,230
I highly recommend that you spend some time with it and also have have a look on some of the existing

81
00:07:29,230 --> 00:07:31,000
word lists out there on the Internet.