Hacking WiFi networks in seconds With AI | Real Experiment Pwnagotchi

Подписаться 45 тыс.

Просмотров 40 тыс.

50% 1

Hello Community!!! Welcome to Yaniv Hoffman’s Channel.
This video will teach how to pentest / " hack " wifi networks that can be found anywhere.
This video is for educational purposes only and is meant to help you understand how networks are commonly hacked to be able to protect yourself, family and friends against it.
Resources
1. Pwnagotchi Project - pwnagotchi.ai/
2. Pwnagotchi Github - github.com/topics/pwnagotchi
3. Pwnagotchi world wide map - pwnagotchi.ai/map/
Chapters:
0:00 - 1:22 Opening
1:23 - 3:22 Assembly & Installation
3:23 - 4:56 WIFI Handshake 101
4:57 - 6:00 PWNAGOTCHI strategies
6:01 - 8:55 Hashcat
8:56 - 9:45 AI Function
9:46 - 12:41 PWNAGOTCHI Interface
Watch more cyber security VIDEDO'S
1. Hacking IP camera's - • Hacking IP Cameras wit...
2. How hackers bypass 2FA - • how hackers bypass 2 s...
3. Stuxnet - • Explaining cybersecuri...
4. Meet the man who exposed the world's first cyber weapon (Student) - • Unraveling the Impact ...
5. SW define radio hacking - • radio hacking with a m...
6. Pegasus spyware - • pegasus the spyware te...
My channel contains videos about cybersecurity fundamentals, such as cloud computing, cloud networking, ethical hacking, infosec, IT security, and machine learning.
Be in the loop on the latest videos. Subscribe to my channel and join our growing community! ►►SUBSCRIBE: cutt.ly/YanivHoffman
Thank you for being here!
Stay Safe and Healthy,
Yaniv Hoffman
#cybersecurity
#ethicalhacking
#informationtechnology

Наука

Опубликовано:

6 июл 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 82

@ClickClack_Bam 4 месяца назад

I've built my own Pwnagotchi. It's a rewarding project to build. You'll get more PCAP's if you take your Pwnagotchi where a lot of people congregate. Airports, casinos, & shopping plazas etc are gold mines for getting PCAP's.

@yanivhoffman 4 месяца назад

Thx for the comment

@iuse9646 4 месяца назад

Your comment made me insanely interested!!

@ClickClack_Bam 4 месяца назад

@@iuse9646 Look into it. There are yt videos. There's a main website that'll help. Red (it) will help. There's a learning curve to it but if you watch & read enough you'll likely pick it up. You'll probably see my comments trying to figure out what to do lol. You'll get some exposure to Kali Linux, Raspberry pi, & how to link it all together g get Bluetooth working. I knew very little myself so don't be intimidated. Just watch & read enough before you try.

@TREXYT 4 месяца назад

Nice, is there a way to brute force my gmail account ? If i try password few times then it block me to try again for 24 hours, its an old gmail account that forgot password

@yanivhoffman 4 месяца назад

It's important to understand that attempting to brute force any account, including a Gmail account, is against the terms of service of the provider and can be illegal. If you've forgotten the password to your Gmail account, the best and safest approach is to use the account recovery options provided by Google. Google has a comprehensive account recovery process designed to help users regain access to their accounts by verifying their identity through various means, such as a recovery email, phone number, or answering security questions. This process is in place to protect user accounts from unauthorized access and ensure the security of personal information. I strongly advise against attempting any form of unauthorized access to your account and recommend following the legitimate recovery processes provided

@TREXYT 4 месяца назад

@@yanivhoffman i already tried, my old phone is on this account, 2fa disabled, old revover email also (which i have no idea what email it was), and google dont answer

@TREXYT 4 месяца назад

@@yanivhoffman looks like my comment is removed, its my old gmail account that i created that i have no clue about recovery email and its my old phone number and google dont answer, what should i do then ?

@aqbar135 4 месяца назад

Does pwnagotchi only capture the packets or help to crack the hash as well?

@yanivhoffman 4 месяца назад

Capture only not cracking. for that you need designated app

@aqbar135 4 месяца назад

@@yanivhoffman the app that u means, is that some open source apps that can be installed into the flipper or using normal cracking tools and software outside flipper?

@glitchdev 3 месяца назад

@@aqbar135it could be installed easily but the reason people don't do that is, that it requires a lot of computing power, so it wouldn't make much sense to run something like this on a device like this.

@erisi1988 Месяц назад

so what's the point of this device when i can do the same thing through kali linux airgeddon and a cheap alpha usb adapter .

@aqbar135 Месяц назад

@@erisi1988 yes sure. U want to scan a network. We can go setup a laptop with kali linux, plug some adapter, do some scan to get the packet and crack it. But u cant do covert operation right? Especially if u want to attack some private site. Look super sus to setup laptop there. Thats where pwnagotchi come. You can make it as small as a keychain, attach to your bag or keys, then just go jogging to your target place or chat casually with ur target. Let it collect the wifi packet, go back home and crack it, and come back to attack later. One other reason, is for fun. Theres no harm in capturing wifi packet (yet haha) unless u know cybersec stuff. This it make pwnagotchi some small cute toys. Normal people can just have fun exploring around capturing wifi packet, without even knowing how to crack it.. So thats it. Have fun 🙂

@blazkristan3237 3 месяца назад

i have problems setting up v4 screen

@lagallinafachera5555 4 месяца назад

The editing on this video is amazing! Like, great video.

@yanivhoffman 4 месяца назад

Thx so much!! We are trying to improve video by video so appreciate the feedback

@wassimmariamable 4 месяца назад

Can you please share the links where to get all the parts to build the tool?

@yanivhoffman 4 месяца назад

Yes sorry - will put it tonight my time zone

@UNcommonSenseAUS 4 месяца назад

Feed the gotchi... run it all back through wigle

@Conspiranoiiico 4 месяца назад

What is the power supply? Does a powerbank work?

@kergoat29 4 месяца назад

yes

@DJZofPCB 4 месяца назад

9:44 Pwanagotchi does not CRACK, Hashcat CRACKS, jack the ripper CRACKS. PWNA - CAPTURES

@yanivhoffman 4 месяца назад

True and thats why I explained you take data from pwnagotchi and use hash at

@wonderlustesm8880 4 месяца назад

is it better than flipper zero?

@yanivhoffman 4 месяца назад

Great question - Pwnagotchi is specialized for WiFi penetration testing with a focus on learning and AI-driven network auditing. It's great for those interested in network security and ethical hacking. Flipper Zero, on the other hand, is a versatile hacking multi-tool that supports a wide range of protocols like RFID, NFC, and Bluetooth, making it suitable for a broader range of hacking and making activities beyond just WiFi. Choose Pwnagotchi for WiFi security exploration and Flipper Zero for a more general-purpose hacking tool

@wonderlustesm8880 4 месяца назад

@@yanivhoffman thanks man. i will get this one too.

@marinob7433 4 месяца назад

great video friend as always.

@yanivhoffman 4 месяца назад

Thx a lot my friend

@yanivhoffman 4 месяца назад

Hi Everyone - hope you enjoy this one . Cool and powerful tool - for ethical purposes only . If you do like it please help to share, like and subscribe. It will really help me promote my content ❤

@JohnLeHaq-tv8ol 4 месяца назад

As a beginner, please explain this to me, I assume wordlist collection is in English. So what about using wordlist just by moving outside of US or UK, let's say Iceland where network keys are written in Icelandic words? Or in any other country in the world.. Most tutorials and education seem to assume that English is the only language used in the world.. An english wordlist is pretty much useless outside of US or UK.. Also, many corporations and workplaces use words or names related to their business, that will probabky not in the wordlist.. I don't think words like Nvidia or Starbucks will be in the wordlist..

@yanivhoffman 4 месяца назад

Great question! Wordlists can indeed be language-specific, and using an English wordlist might not be as effective in non-English speaking countries or in specific contexts like corporate networks named after businesses. To enhance your penetration testing efforts, it's beneficial to use or create wordlists tailored to the target's language or industry. Tools like Mascot can generate custom wordlists based on various criteria, including non-English languages or specific jargon. For global or diverse environments, incorporating multilingual wordlists or custom terms related to the target organization can significantly improve your chances of success. This approach reflects the adaptability and global perspective necessary in ethical hacking and cybersecurity. but remember do only ethical hacking !

@BillAnt 4 месяца назад

@@yanivhoffman- If a password is longer than 20 charters including non-standard spelling AND symbols, it would take thousands of years to crack it with HashCat. That's what I use for my WiFi password, also better routers have a timeout on wrong password attempts making brute forcing impractical.

@doxeleon8403 4 месяца назад

Video Great

@yanivhoffman 4 месяца назад

Thx a lot

@fixer1140 4 месяца назад

Me getting one in my hands: "I solemny swear that I am up to no good"

@yanivhoffman 4 месяца назад

😱

@Glanmire3 4 месяца назад

What if the password is a meaningless mixture of letters and numbers? How can be brute-forced?

@yanivhoffman 4 месяца назад

Brute-forcing a complex mix of letters and numbers is highly impractical due to the massive number of combinations. While techniques like dictionary, hybrid attacks, and rainbow tables exist, their effectiveness drastically decreases with password complexity. Modern security measures further complicate brute-forcing. It's essential to remember that attempting to brute-force without authorization is illegal and unethical. In practice, focusing on securing systems against vulnerabilities is more viable than attempting to crack complex passwords

@Glanmire3 4 месяца назад

@@crownlands7246 I'm know that, just want to be sure (as I'm not an expert just a bit more advanced user) is it something out there to have to worry about safety or I'm OK with my pass codes (so not words :) ). In this case a bit misleading the title of this video. Am I right?

@cvenn63 4 месяца назад

@@yanivhoffman Here is a useful chart that roughly shows the time it would take to literally 'brute force' a password, i.e. attempt every possible combination of random letters, numbers, uppercase, lowercase, & symbols, for a given password length. I may be disliked for saying this, but unfortunately it gives some credibility to those annoying requirements that are forced on us as we are updating our passwords....lol........... www.halnor.ca/wp-content/uploads/2023/04/PASSWORD-CRACK-TIME-CHART-2023-scaled.jpg

@raymondtunmbi9168 4 месяца назад

Yaniv my Guy! You're the best brother ❤

@yanivhoffman 4 месяца назад

Thx a lot ❤️

@OH2023-cj9if 4 месяца назад

The doors in my office operate on AI, they seem to close shut when they detect no one is holding them open! The way people describe everything as AI is fraudulent.

@yanivhoffman 4 месяца назад

Haha... i only state the product and i did look at their AI algorithm which is open source

@EvgeniX. 4 месяца назад

9:01 adding sugar to any dish would only improve it? well tell that to a diabetic 🤦‍♂

@yanivhoffman 4 месяца назад

True 😂

@anglija-england 4 месяца назад

What's the salt diabetic called?

@yanivhoffman 4 месяца назад

@@anglija-england 😂

@SammyRoblox 4 месяца назад

Woow Awesome Video 😮

@yanivhoffman 4 месяца назад

Thx a lot

@moshecohen5210 4 месяца назад

אחלה ווידאו, ברור מאוד. ייצא לי להכין לא מזמן כלי שזה לצורך מחקר.

@yanivhoffman 4 месяца назад

Thx so much.

@highlights973 4 месяца назад

yaniv sir, how to create hacking videos without breaking youtube guide lines like you

@myname-mz3lo 4 месяца назад

teach for ethical hackers and dont simplify it too much otherwise any random person can try it and will get in trouble

@highlights973 4 месяца назад

@@myname-mz3lo thank you

@StefCoders 4 месяца назад

Pwnagotchi was quite long ago.

@yanivhoffman 4 месяца назад

True it’s not new but still effective

@StefCoders 4 месяца назад

I have a small M5-NEMO that can make a fake Google Captive portal for WiFi and it can be changed to anything such as starbucks free wifi or airport free wifi.@@yanivhoffman

@jhlewis10 3 месяца назад

Just talk, no actual instruction...

@YoKKJoni 4 месяца назад

וואו אחי פעם ראשונה שאני רואה אותך ביוטיוב ופשוט ישר איך שהתחלת לדבר הבנתי שאתה ישראלי ואז ראיתי את השם של הערוץ והבנתי שאני צודק... תעבוד על המבטא 3>

@yanivhoffman 4 месяца назад

Thx a lot for watching and the feedback . Will work on it

@SlavomirDanas 4 месяца назад

Wait, it will get better at capturing handshakes over time? I don't get it. Is the ML model so bad that it needs updates? Why is there no update that makes capturing handshakes good from the start? Why release inferior product that "might" get better over time? Why do I need to wait for the product to do its job good from day one? Am I missing something or is this a joke?

@yanivhoffman 4 месяца назад

Thx for your comment. let me try to answer you - Pwnagotchi's use of machine learning (ML) isn't about releasing an 'inferior product' but rather embracing a dynamic learning approach that adapts to varied and real-world WiFi environments. The ML model isn't 'bad' but designed to improve through experience, much like how human skills develop over time. This learning process allows Pwnagotchi to optimize its strategy for capturing WiFi handshakes based on the unique characteristics of the networks it encounters. The reason for this approach is twofold: First, it ensures that Pwnagotchi becomes more effective in a broader range of scenarios than if it were programmed with a static set of behaviors. Second, it engages users in the learning journey, making the experience interactive and educational. In cybersecurity and AI, the adaptability to new threats and environments is crucial. Pwnagotchi's evolving efficiency reflects the nature of security work, where continuous learning and adaptation are key. So, it's not about waiting for the product to 'do its job' from day one but about engaging with a tool that grows smarter and more tailored to your specific environment over time

@SlavomirDanas 4 месяца назад

@offman I'm sorry but that sounds like some AI marketing bullshit someone made up. WiFi networks are not a framework where you are allowed to create arbitrary servers and clients and some MITM system needs time to figure out most frequently used combinations to make any attack feasible. WiFi networks are based on standards and norms (IETF 802.11) and the set of authentication and encryption options is finite and is actually not big (you can practically only use AES or TKIP). What you are probably (and unknowingly) talking about is that the device gets better at guessing (ridiculously simple) WiFi PSK due to the fact that it keeps hashed results and does not need to calculate them again. That in and of itself is very weak argument for it being "ML/AI powered" or "good at it". Brute forcing WiFi PMK/PSK with 8 characters with UPPER, lower and digits takes almost 2 days with RTX 4090 (2533.3 kH/s in hashcat), 7 days if it also contains special characters. 10 character UPPPER, lower, digits, special characters password takes 17,5 years to brute force with one RTX 4090.

@yanivhoffman 4 месяца назад

@@SlavomirDanas my friend , it’s simple video for educational purposes . There is no point to continue saying what you say on raspberry pi since it’s not for it . Ofc you need super computer but even today pass can be cracked by hours and days but it depends indeed on the chars and complexity. I did experiment connecting 8xRTX 4090 and cracked a 8 digit pass in 48 min. If you want send me private message and I will share the info. Anyway it’s not that you are wrong but again it’s educational video

@qu3nt 4 месяца назад

it’s a stupid clickbait video for people with 0 knowledge that thinks you can brute force a wifi with 50$ hardware complete bullshit

@yanivhoffman 4 месяца назад

@@qu3nt good for you, you said it three times.

@alexsevo6 4 месяца назад

thats bullshit title there is no AI in the device its runs on built code .. whit , IF , and , or function parameters .

@yanivhoffman 4 месяца назад

It’s not BS - Pwnagotchi is an A2C-based “AI” powered by bettercap that learns from its surrounding WiFi environment in order to maximize the crackable WPA key material ... I suggest you do your research

@MyEyeOnAi 4 месяца назад

Lol he shut you up little boy

@aurelf3158 4 месяца назад

To crack a password with raspberry pi -brute force -takes years due low power processing specs ,dude .Clickbyte -thumb down

@yanivhoffman 4 месяца назад

Thx for the feedback and sorry you feel its a click bate but its totally not. let me explain - You're right that a Raspberry Pi has limited processing power, making it unsuitable for brute-force cracking of complex passwords within a practical timeframe. Brute-force attacks, especially on secure systems with strong passwords, require significant computational resources that far exceed what a Raspberry Pi can offer. The intention behind using tools like Pwnagotchi on a Raspberry Pi isn't to perform brute-force attacks on highly secure passwords but to explore and learn about network security, ethical hacking, and AI in a more accessible, hands-on way. For those interested in the computational challenges of password cracking, there are more efficient methods like using GPUs or specialized hardware designed for high-intensity computations. However, the ethical and legal implications of attempting to crack passwords without authorization remain paramount, regardless of the hardware used. The Raspberry Pi's appeal lies in its affordability and versatility for educational purposes, not its capacity to break into secure networks. It's a tool for learning and experimentation within the bounds of ethical hacking guidelines