Hey! It's the NullByte dude!

I enjoy watching your videos. You're a good teacher. You should make it a little clearer that you are capturing hashed passwords. That being said, I work a second job cleaning offices at night. Based on passwords people leave lying around on sticky notes it's clear that people persist in using easily crackable passwords. There certainly needs to be more education about this.

Should be named "Capture Wi-Fi Password Hashes..."

I really don't see the point in this extra work. Why not just use the de-authentication attack? The bottom line is it still results in having to brute-force the password hash. This method just seems like it has unnecessary additional steps, for example, creating a Wi-Fi network. Just de-authenticate a device from its access point and then capture the handshake when it tries to authenticate. I suppose its good to know another method to capture the same information but it just seems like more work.

This only works if the password is listed in the wordlist.

Works as long as you know an SSID. If you try sniffing for probe requests, only mobile devices before Android 10 and iOS 14 send directed probe requests for non-hidden networks.

So how should one protect against such an exploit? Tbh I am more worried about a back door on my el cheapo router than some hackers hanging about in my apartment lobby or something but it’s good to know that such things exist

It's odd to me that smartphones don't use a record of your Wi-Fi access point's BSSID/MAC address along with the SSID to avoid getting duped by fakes, or at least provide a pop-up a warning about the mismatch and requiring you to accept or decline allowing the connection before whitelisting or blacklisting the new MAC address. (Would be useful if you have multiple WIFI APs with the same SSID). I'm sure there are methods and gadgets that can spoof an AP's MAC address, but I'd be surprised if typical commercial Android or IOS devices have the ability even if they're rooted. One easy way to help you avoid falling victim to this trick is to disable "Wi-Fi auto-connect" to all of your stored routers and access points on all of your mobile devices. You'll still be somewhat vulnerable at home or office, but if your phone doesn't auto-connect to your router, SSID spoofing attempts will be ignored while you're out and away from the nest.

I heard of this on the radio. They said to always disable Wi-Fi when leaving home.

Any hack with wordlist is useless

Seamlessly combining Mediatek 5G and Wi-Fi 7 with ATSSS could be a game-changer for rural areas and bridge the digital divide.

P.s don’t let people know they have a “BAD”password unless you directly know that person!! And never forget, NO GOOD DEED EVER GOES UNPUNISHED !

Kody, you’re an S-class hacking video boss.

I'm so happy that kody is with hak5 now! I love his tutorials.

I saw your collection of michael bolten mp3s when you exported packets.

In the end, all depends on having a good password list and a little luck

7:28 it is actually an OR operator, not an AND.

Would you be able to send deauth packets to a network to make, for example a roku device, deauthenticate with the users home Wi-Fi (for example named “MyHomeWifi), but then the roku device would try to connect to your honey pot which is also named “MyHomeWifi” giving you the half handshake? Or would the roku device not try because it would keep trying the actual users home wifi instead of yours?

Love your videos keep up the great work friend

Great video. I gain access to passwords via a access point with no password in a public place. Lesson is dont use public WiFi.

Pretty much everyone where I live uses the same isp and I know that the default router passcode on the control panel is admin so I’m gonna do this to all my neighbours and enable their guest wifi networks (nobody turns them on) and change the ssid and password to the same as my home network. FREE WIFI ANYWHERE YOU GO

Wait but you are using a list of passwords to verify ? What if the password is not in your bruteforce list of passwords ?

Nice video, I've got a question tho. So the catch here is, we set up a network with same SSID as a network that we are interested in getting in (obtaining a password), because devices like smartphones and such would connect automatically when in proximity. Makes perfect sense, but now there are 2 networks with same SSID and different BSSID. It would make more sense for a device to remember the BSSID for such cases, and it would be a simple countermeasure, or I amgetting smth wrong?

"(We) don't have the other half the handshake, we actually cannot verify..." In practice, however, it doesn't take much to complete the other half of the handshake by luring the device to connect again. If password list can be combined with some other brute-force techniques, this can be really powerful!

Great work, thanks for sharing. Could you explain the use of the password list file. It suggests that would have been included, so the password revelation is only as good as the list you have?!

Ok but why not the good old deauth + full handshake spoof? You would get the full 4 ways handshake. Still need to brute force the pass though. A better technique is to set up a rogue AP with the same ssid and no password. The client will connect and then you can ask the password to the user by presenting a nicely formattted html form :-)

theres nothing new here. using a cellphone is the same as using a computer its wifi it has standards for devices to connect . capturing a handshake is easy always has been if theres traffic. i still refer to the 64^120+63^120+62^....10^120+9^120+8^120 ....possible passwords of which only one will work! thats a wordlist of well over 7000 petabytes and a read of years..... so unless theres a hardware vulnerability or social engineering or physical access the odds of having the dammed password in your wordlist are well below being struck by lighting 4 or more times in the same location on earth on different occasions and surviving while on the way to the bank with the winning lottery ticket in your hand every time....the odds of the government randomly giving you money for being a good citizen are so much higher as to be astounding.

so, it seems to me that since you're only able to resolve the pw if it's contained in your dic list, and assuming that it wouldn't be such an easily crackable pw, there's really no time advantage to doing it this way over just cracking the full handshake. Especially since, if the password WAS password123, then you would have gotten it in seconds anyway. Now on the other hand, if u were extracting the plaintext pw directly from the pcap dump, NOW you're talking.. if that could be accomplished somehow, or i guess you'd use an "evil" ap tool..

Pretty useless attack unless they are using a weak password.

Amazing Bro. Thank you again for this eye opening info

How do you know which of the many BISSDs to use? As you demonstrated, Wiggle pulled up many various options

Thank you for sharing, i really like the Wigle tool

Still a brutal force no1 use password123 even by default

hello from Japan🇯🇵

Very cool to drag files into terminal! I didn't even know that was possible. Hehe

So still brute force right? Since you use Wordlist .

I once had a phone that checks the MAC address of the SSID and treat same-named networks differently if the MAC address was different. At the time I thought it was a new standard but apparently it was unique to the custom ROM I was running I suppose.

Hello from Germany🇩🇪

Anything requires a password list is a waste of time. Even with hashcat would take ages.

YOUR PASSWORD NEEDS TO BE IN YOUR TEXT FILE IN ORDER TO FIND IT ... PERIOD

I'm a bit confused. Is this like an evil twin wireless access point hack? I also do not quite understand why you need the half handshake to get the password rather than just using a Wireless access point with the same name as the targets host wifi name.

Kodi. I left some ports open just in case you wanna pentest em.

So, how does one protect themselves? My guess is to use a better password and to turn off WiFi when not in range, but are there other solutions?

Heya! Love your videos. At 4:35 you mentioned that you were already in “root” then said if you aren’t in root “which you shouldn’t be” use sudo. Is it not good running in root or did I just misunderstand. Thank you for all your videos! Sub’d for sure.

Wow.... Null is here 😍

Why use a password list when brute force is better ?

Nice video, it works!

I'm sure I'm too late to the party to get an answer, but I don't understand; do smartphones really just attempt to connect to a network automatically based only off its name?

my favourite teacher

I just love when they do this Wi-Fi hacking videos, so many dumb and nonsensical comments out here. Great video btw!

That definitely doesn't work in my country... Spanish speakers and password as weird as some Russian words

honestly while this does give a way of getting the password. thats only for password in the rockyou file, what if its a complex password?

oh i learned a lot from this robot.. is this what they mean by machine learning? (Big fan Kody)

This episode is not reiterating an old Darren and Shannon post from many years ago about Backtrack?

I like Cody’s videos. Even tho he is very knowledgable, he dosnt come across as arrogant Good Job

What adapters do people recommend in 2022?

Maybe they should do another hacking learning source that is harder to access for those kids

What if the password is using numbers and symbols as placeholders for letters?

I don't see how this is different from capturing Pcap and crack it? Whats new about this technique

Hello, I just wanted to thank you for the great content. I have watched 98% of your video's at least a couple times each haha. I have a couple questions if you don't mind, can you please message me at your earliest convenience? I will explain if given the chance its nothing weird or crazy :) I'm just a fellow computer nerd who could really use a friend. (this is embarrassing lol)

I love poking around in honeypots and leaving all my scent for the bees to smell😁 thx for the tut.

TIL you can drop a file into terminal to enter its path. Thats really handy.

May work if you was connected to this wifi previously.

I know hashcat does 4 way handshake eapol cracking, but wondering if the half handshake can be used. sounds like it should

Beter a half shake than a zero shake!

What operating system are you using that still uses the wlan0 alias for the nic? They stopped using that several versions of debian ago

what's the name of the wifi adapter your using

And if the password is not in the passlist? You know, like real world passwords in "specific organizations"

My network is unhackable!

On this episode of HackByte Me: On this episode of Cyber weapons... Damn😑

could you make a video just like that but using hashcat to crack the password? there are instructions everywhere on the internet of course but on one nice small video it would be a great thing to have!

Thanks for the tips, I didn't know you could drag and drop files in the terminal to get the command.

i only want to know why u blure everything ?? there's no sensitive info ! i just wanna know why

Do we still need a password list for this? Or is there a way to brute force using half way handshake?

Why are we have to cracking to hash? How can we connect to network with sending same hash which get it from victim ?

is your other wifi network called "BOOB" ? xD cool tho

Can we decrypt the handshake file without guessing attack, without brute force attack or without wordlist ?

Can't we do it without the password list? If we have the password in the password list, we may try the BruteForce method instead of capturing packets and all. I thought the packet would reveal the password.

What if the password was not in the rockyou wordlist?

Passwork not in file 'rockyou.txt'.how to find pass :D, and by pass?

How can someone learn something when you scramble parts of the video? Better to watch and learn this somewhere else place then. I understand what you do, but for new people to learn, this is to difficult.

airodump-ng not listing nearby networks for me please help me to solve this issue.

Congrats on the job man. Perfect fit

your system finded simple password like password123 ...handshake methode for strong password wifi not working ...dont try

This won’t work against enterprise WiFi

deauth doesn't work with wpa2 and PFM enabled...

Is it possible to use it on windows OS? Instead of linux?

So... to wrap up... 2way or 4way, if the password isn't in the list this won't work. The End.

this why the best way to learn hack is from onion not from surface ~

Can we hack wireless without using the network connected to our laptop, whether using an RJ45 cable?

Half handshake because of covid protocol

Why are you sudo'ing when you are logged in as root?

this would be so much fun if I was smart enough to do all of this lol

The same intro music as Seytonic channel?

Following this through almost exactly the same, I cannot get EAPOL protocols to be found in Wireshark. Only 802.11. What is the issue?

ok ok I'm getting impressed now :)

In this episode of cyber…

Somehow the export packet doesn't seem to work for me Whyyyy?😤😢

to be honest i dont get it, do you have introduction to your vidoes? because i dont know how to use any of this tool. Im a beginner

I would like to shake your hand.