Create Custom Wordlists with the Mentalist for Brute-Forcing [Tutorial]

Подписаться 932 тыс.

Просмотров 172 тыс.

50% 1

How to Use CUPP & Mentalist to Make Password Lists
Full Tutorial: nulb.app/x4a6w
Subscribe to Null Byte: goo.gl/J6wEnH
Kody's Twitter: / kodykinzie
Cyber Weapons Lab, Episode 011
Beginners learning brute-forcing attacks against WPA handshakes are often let down by the limitations of default wordlists like RockYou based on stolen passwords. The science of brute-forcing goes beyond using these default lists, allowing us to be more efficient by making customized wordlists. Using the Mentalist, we can generate millions of likely passwords based on details about the target.
To learn more, check out the article: nulb.app/x4a6w
Follow Null Byte on:
Twitter: / nullbyte
Flipboard: flip.it/3.Gf_0
Website: null-byte.com
Weekly newsletter: eepurl.com/dE3Ovb
Vimeo: vimeo.com/channels/nullbyte

Наука

Опубликовано:

11 апр 2018

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 161

@averagejoe8587 5 лет назад

Great videos! You make me fall in love with Linux. Now I am trying to learn about it as much as I can. Thank you.

@christopherlaningham2649 6 лет назад

So Buck Nasty is 96 and he's dating a 17 year old??? JK. Great video, I've learned a few things from you guys, keep it up!!

@NullByteWHT 6 лет назад

It's a May-December relationship. Buck keeps it spicy. Thanks for watching!

@ayrtonanemaet 6 лет назад

And don't forget the kid she got when she was twelve.

@Droggelbecherbot 5 лет назад

I guess at a certain age you don't care anymore if you go to jail...

@grahamr6545 5 лет назад

Also had their child when she was 11..

@-mryr-2364 5 лет назад

When he was 90 and she was 6 Buck Nasty and his partner had a child💀💀💀

@sowhatsupeirik 6 лет назад

Loving this series, PLEASE continue!

@othmanezhanii2811 6 лет назад

Best channel about cyber security please keep uploading videos about cyber security quiq videos = a lot of things

@hafidhzouahi7146 6 лет назад

Keep going! This channel is growing so fast:D

@NullByteWHT 6 лет назад

HAFIDH ZOUAHI thank you!!

@jakubmarincic7543 6 лет назад

Man, I love your intro

@102Pause 6 лет назад

Great video! Keep up the good work!

@BravoSix_Going_Dark 5 месяцев назад

This one was amazing ,Thank you loving your content !!

@dr.-a 5 лет назад

Great Video as always Thank You 👍🏽

@theagns5073 6 лет назад

Do you have an complete list of links for the virtual machine etc? :-) Keep up the good work!

@daronwolff 5 лет назад

Thanks! BTW I love your cats pics,

@cookingandtheword 5 лет назад

Great channel. Lots of terrific information. Do you have a play list order. You know something that shows what order to play vids in a logical order?

@dhananandhan5405 5 лет назад

how to install mentalist in kali linux?

@swestrong6801 3 года назад

How did you set up the bash terminal on Mac?

@peluso_palit 4 года назад

Great explanation. Learn a lot. Thank you.

@NullByteWHT 4 года назад

Thanks for watching.

@ITSecurityLabs 5 лет назад

Great video. I came here after i heard that RU-vid was cracking down on creators like myself.

@enviousfred 5 лет назад

YT are fkkin stupid with this ban BS.

@josetorres6735 5 лет назад

Great video thank you. can you make one on how to remove any trace left behind after hacking anything. That would be great!

@rozer4660 4 года назад

Can we add more than 1 keyword in a line ? For examples how can we add other names if the guys has 2 pets without the fact that the scripts takes it for 1 name

@lucav4045 6 лет назад

This is just so amazing! Thank you for creating all these videos. But is there anything except encrypted files and WPA that is vulnerable to brute force attacks?

@retiallc 6 лет назад

yes, hashed passwords are also vulnerable to this

@hafidhzouahi7146 6 лет назад

Bruteforce attacks can be used agains't login pages aswell, but that would dirty the log files of the server where the website is hosted, in addition, it does take time and depends on your internet speed. The best way to hack login pages, is to first try to dump the password(s) from the database (exploiting some server side vulnerability). In the case where stored passwords are hashed, you'll have to use the bruteforce technique in order to recover the original password, because unlike encryption, hashing goes only on one direction. For example, you've come accross a vulnerable website, and could recover the .htpasswd file, there're a high chance that the password inside that file is hashed. Here you would build a good wordlist based on the webmaster's personal informations, then make a script, or use a pre-made script like John to bruteforce the password. I hope that makes sense.

@ucanhnguyen7167 6 лет назад

IT'S VERY USEFUL. THANK YOU

@SinanAkkoyun 5 лет назад

Hey, what's the name of the music? :)

@praveen7054 6 лет назад

Keep the good work up !!

@armv7-m603 6 лет назад

The sound quality is great! also great video, thanks!

@NullByteWHT 6 лет назад

Thank you!

@MuhammadTariq-fs8qh 4 года назад

What should we do if we have almost no information .... Please help

@bruh6226 5 лет назад

Great lesson ever

@kchromaticpiano 2 года назад

This video is underrated

@benjaminhernandez9605 6 лет назад

I love your videos. they are very good, keep broh

@NullByteWHT 6 лет назад

Thank you!

@deusvult4678 5 лет назад

nice tut but as always bruteforcing can take for ever to take down a network s password or facebook password etc , we need something else ,other than guessing and bruteforcing plz

@netrunner1145 6 лет назад

why do you use a macbook instead of thinkpad? great video!!

@NullByteWHT 6 лет назад

Thank you! I just use the macbook for video editing

@Techh0bbyist_Shop 6 лет назад

Can you make a tutorial about Hashcat (Hashcat GUI)? Your videos are always the best!

@NullByteWHT 6 лет назад

Great idea! We've got a few in the works for Kali and OSINT, but I'll take a look at hashcat. Would be a good followup to this one.

@gaddhelloo6398 6 лет назад

It will be a good idea to make a tutorial about using hashcat in kali and windows. Thanks a lot

@mralderson5627 6 лет назад

@Null Byte, if you are going to get into hash cat , might as well get into HashToPolis. It's a distributed framework to manager Hashcat workers among multiple systems. It is a way better alternative to the hash cat GUI as it's a (authenticated) webserver and available from every type of device. github.com/s3inlc/hashtopolis

@NullByteWHT 6 лет назад

That's badass, thank you for showing me that!

@benjaminhernandez9605 6 лет назад

I love your videos. they are very good, keep broh

@shashank8575 Год назад

after creating wordlist when i'm trying to open in mentalist it's not able to find that wordlist.txt file

@SharantSharma Год назад

Which laptop are you using?

@kurukhdandi5579 4 года назад

Hey, Can you tell me that which is the best phishing tool because there are some tools like inshackle and socialfish which not working. Please tell me the best working phishing tool

@dude6927 3 года назад

Fishing is an social engineering, i can recommend u type. Networkchuck phishing

@Daniel_CLopes 5 лет назад

Do you have a video about John the Ripper? I searched on your account but could not find any

@Timmymantwo 6 лет назад

Quick question. What wireless usb dongle do you recommend for WiFi cracking??

@nemliveproductions 6 лет назад

USE ALFA , nothing else matters

@Syn_X1e 5 лет назад

@@nemliveproductions i use panda wireless pau07

@shortsentral 3 года назад

I’m late but for anyone else. The one proven for good performance and reliability is the “ALFA AWUS036NHA”

@Timmymantwo 3 года назад

@@shortsentral Thanks

@moneyfr 5 лет назад

My internet box use a 30 caractères capital letter and digits. How heavy could it be?

@lulube11e111 3 года назад

Dowright impossible

@adnankaif9825 3 года назад

But how to use this list its say error

@paulwevers2109 6 лет назад

Hi, thanks for making all these great videos.Recently i started using linux and now i have started trying out kali. I am trying to hack the password of my own wifi that was provided by my isp. In my country this ips delivers routers always using 8 digits and always upper cases letters. Now if i make my own wordlist that list would become big, over a 1 TB i believe? And if i i am reading it right scanning for that would take days or even weeks? So is it fair to say that those routers are pretty good secured in terms of passwords? Or am i understanding it wrong?

@paulwevers2109 6 лет назад

Oh and rockyou is based on english and i tried searching for dutch lists but dont seem to be much around there that cover its. And ho is that in other country`s? Do isp`s still deliver routers with admin admin as user and pass? When isp`s start delivering routers like mine, isnt the rockyoulist becoming outdated? O man....new at linux and security...so much to learn.

@bharatmadho3742 4 года назад

@@paulwevers2109 nederlands?

@amna5575 6 месяцев назад

After creating this list how to use this?

@HirendraTech 4 года назад

some people passwords depends upon phonename and country name how to do that

@joneshack676 4 года назад

When i remove leet mode its still in numbers help.

@dennisasamoah2213 5 лет назад

a really good vid

@makhulu3718 4 года назад

you are great ..good work

@NullByteWHT 4 года назад

Makhulu thanks for watching! Tell all of your friends about us! 😃

@bruh6226 5 лет назад

You got a future man

@rushakpachpande 4 года назад

Please reply I know the password of the wifi but i know only the characters but not the numbers after it so i want to create a wordlist. can you help me plz?

@exlirty7351 3 года назад

can you make one for windows im having trouble pls

@Manuelgsx 4 года назад

Great video and i was wondering if you can walk me through how to decrypt my HDD that i encrypted with veracrypt and i can't remember my password however i do remember most of it so i wanted to create a passwords list using words that i used and adding few variations can you please help me?

@NullByteWHT 4 года назад

Yeah you can create a custom word list with this guide. nulb.app/x4a6w

@Manuelgsx 4 года назад

@@NullByteWHT but veracrypt password is about 20 caracters long so how do i create the list? just type a password and add variations to it?

@aroncohen8301 4 года назад

Please show video on hashcat cpu.......bcoz many people dnt have graphics card such as me.......and also old comfiguration computer......plz show that video tooo.......

@thanhlam129 4 года назад

I have two dictionary files, one name, one numeric character, how can I create a dictionary of numerical names and characters into a password for example: Andrew, 2010 would become Andrew2010

@talldarkshark8012 5 лет назад

In my interview i'll list Buck Nasty Ltd as my previous employer.

@NullByteWHT 5 лет назад

I will endorse your work ethic

@1a4s4l7 6 лет назад

Oh man, it would be a bummer if you failed bruteforcing with a file like that :'D

@thouhidsec5145 6 лет назад

Sir can you make a video about how to use metasploit outside our Network.. please

@NullByteWHT 6 лет назад

I spoke to someone at Rapid7, who makes Metasploit, about this. We'll see, good suggestion.

@thouhidsec5145 6 лет назад

Null Byte thanks ✌✌✌✌

@broloxploit9479 6 лет назад

ThouhidSec ill make one for you! You need to use ngrok or another server to attack from outside the network!

@jabrijan1417 4 года назад

Hi, When i am installing mentalist, its work only Python3 and not latest version of Pythons. when i run make its return me an error.

@NullByteWHT 4 года назад

Yeah not all tools on GitHub are well maintained.

@jabrijan1417 4 года назад

@@NullByteWHT please could you forward me the complete package link, Thanks for the reply. Have a best

@BillyBlocko 6 лет назад

great video

@drunkpatato7961 6 лет назад

Hello can you make tutorial about fastest way to brute force ? Thanks for reading . You're doing a great job.

@ugurtasdan1469 5 лет назад

Yea I'd like to see that also. Hack my local city's governer's twitter acc then declare a holiday through the city.

@ugurtasdan1469 5 лет назад

@@Guuy believe me our mayor is SHIT. There was 35 centimeters of snow outside...

@ashrafjunior3479 5 лет назад

@@ugurtasdan1469 You just read my mind

@theperson624 4 года назад

Best video bro!

@NullByteWHT 4 года назад

Thanks man! We really do love this tool.

@mrpokmalac 6 лет назад

Hello, I get this error message when I try to open cupp.py -i inside my windows 10 terminal, could you help please? What could be the problem? print "[+] Saving dictionary to \033[1;31m"+filename+"\033[1;m, counting \033[1;31m"+str(lines)+" words.\033[1;m" ^ SyntaxError: invalid syntax Thank you!

@RJ-ls7rt 4 года назад

It's bc you are gay:/

@homectg4996 4 года назад

bro please help how to install mentalist i fond error

@bakanane 4 года назад

find it here: github.com/sc0tfree/mentalist/wiki/Installation

@sridhark2547 2 года назад

Good very helpful

@faranallahverdi5115 3 года назад

sorry i dont know why but it dont accepts my sudo password:[

@GabrielSykes 4 года назад

Had a little play around and kinda didn't think about how many nodes I was adding... 19,826,966,679,384,240 total words (estimate) / 491.8 PetaBytes My hard drive is only 320 GigaBytes (Yeh ik it aint much, old PC and not my main so I can't be bothered getting at least a TB drive.)

@letsgetto1millwithoutvids 3 года назад

I don't understand why we can't just bruteforce the Wi-Fi connection it's just like entering the password in over and over until you get it correct so there is no need for a handshake or anything yes it might take a year to do but it will actually work instead of hoping the password is in a list

@tibettenballs4962 2 года назад

lil suzie is happy you spelt the hoz name with a z;. she showed her joy thru a sloppy beejay. mmm goood

@hamzzhooper637 5 лет назад

Please send me a link to download kali linux version i should use , and i really love your videos. Great effort

@rwy-ug6pl 5 лет назад

just git clone the mentalist link from the mentalist GitHub page. On this page github.com/sc0tfree/mentalist/wiki/Installation there is a setup guide. under 'install mentalist'

@Gamexoozi 4 года назад

What if the target password is like stevenhammock. While his name is steven and his friends name is hammock.? It would not create a word like that. Only creates steven12.... And hammock12...

@NullByteWHT 4 года назад

Yeah I don't know about that. There's another tool called wordlister that would make that password. nulb.app/x4s5v

@SQUIDTUBE 5 лет назад

I can't find my .txt file. Where can it be?

@bharatmadho3742 4 года назад

im at your house to help you search. open the door please

@detax5415 3 года назад

After 3 years

@okeyshourovroy2769 6 лет назад

Mentalist download link please!

@kurkanschiky5237 5 лет назад

Okey Shourov Roy just Google it. Is it too hard?

@eyelessclowned 4 года назад

@@kurkanschiky5237 😂😂😂😂😂

@DDBAA24 3 года назад

Skeeeeeeeeeeter Maggoooogoooooo

@microgamawave 4 года назад

You is the best!#

@jimikailby7902 5 лет назад

Nice

@NinhTran09 3 года назад

🎉

@godwho5365 6 лет назад

BOB = 808

@SkyFoxTale 5 лет назад

Nasty papa lmao

@sawmitra_datta_1437 6 лет назад

Can i get in direct contact with you? I need to know some thing. It would be a great help for me.

@GeekGuru_ 4 года назад

it still cant get a complicated password like "12!@##$%@#$%!@#$%*(~~~~~ammukuttymodi". You might actually make a password of all words that humans can actually type + permutations & combinations of it. Can someone imagine that fixed file size?

@NullByteWHT 4 года назад

True but the vast majority of people don't use complex passwords like that.

@bharatmadho3742 4 года назад

Buck Nasty: Call me Ben because all my bitches 10... Wait. i ain't meant it like that

@ENG-CT4982 2 года назад

i managed to get a 361k french combolist full of emails and passwords

@simonhadid5894 4 года назад

Hi. I watched your video very nice. If my RU-vid Channel is stolen, can you help? I will provide you with all the info if you can help me. Thanks

@GianlucaRoccaGian 3 года назад

If u find the way to install nvidia driver with optimus in kali u would mark the history🤣

@xana3790 6 лет назад

Child at 12 though?

@haqqadam4093 5 лет назад

Blinkkkkkkk Gaddamit blinkkkkk

@ne12bot94 4 года назад

Firstname: buck lastname:naked ( george cant stan ya joke :) )

@EagleEyez786 5 лет назад

She was 12 when she had McGoo... damn.. lol

@DAVID-ow4st 5 лет назад

Exactly the same as "cupp"

@NullByteWHT 5 лет назад

Oh wow, when did CUPP get a GUI?

@DAVID-ow4st 5 лет назад

@@NullByteWHT i mean the entries for the wordlist. Those are the same questions (i don't know if i did express myself good😅)

@dhananandhan5405 5 лет назад

please reply me

@Mirda007 4 года назад

hey, no peeking

@RJ-ls7rt 4 года назад

Damir Mešić nigga

@webvuln 4 года назад

Its sounds like more of a dox

@WPGinterceptor460Interceptor 7 месяцев назад

Damn go buck.. he has a young girlfriend

@hossambasha7909 5 лет назад

BobVagene is the password

@user-yn2xh7qt3h Год назад

Bro went a little dark with the names and dates :/ ... Still a cool tutorial tho ..

@purerocketleaguegameplay4532 4 года назад

I see a Psychopath in those eyes

@NullByteWHT 4 года назад

I see the dull emotionless eyes of a robot.

@bimaagastya9468 5 лет назад

Seriously, i cant imagine how a dictionary attack will works if the wordlist is only based on english. Yeah, its a vurnerable worldlist that usually used by people.. WHO SPEAKS ENGLISH

@NullByteWHT 5 лет назад

My targets speak english, adjust accordingly.

@dangerousity_tutorial 3 года назад

rockyou.txt is the worst password list ever like bruh 😂

@nemliveproductions 6 лет назад

Thats not 2million pwd's

@human1889 Год назад

no one gonna talk about how his partner is a minor and the guy is 100 years old and the chile is only 12 years older than his mom and that means his mom was 11 when she got smashed by the old man 🤐🤫🥴😔

@Yvelto_Gaming 6 лет назад

Mcgoo is definitely nasty look at the age difference between him and his partner. 79 YEARS!!!!

@pyrofriends180 5 лет назад

U dont want to make the child older than the mom.. so you thought the mom was 12 y/o when she gave birth well and while she's born in 2001 her partner was born in 1922 ... well... we need to keep it consistent

@stupidfunnyvideos4291 3 года назад

I hate how all these toutorials assume all computers are going to run the same command the same way. For a beginner this would completely confuse the shit out of me

@calmchess2515 4 года назад

word lists are useless because a router /program will protect its self after a certain number of password tries. It won't let you try 30,000 passwords