Break WiFi networks using Cloud GPUs in seconds

WiFi Password Warning: Use good passwords otherwise they can be hacked in seconds using cloud GPUs.
Create your own virtual machine on Linode with a 60-day $100 credit: davidbombal.wiki/linode
Disclaimer: This video is for educational purposes only. I either have permission to use, or own all equipment used for this demonstration. No actual attack took place on any websites. Only use the tools demonstrated in this video on networks you have permission to attack. Use the tools ethically to improve network security.
// Previous Videos //
WPA/WPA2 vs hashcat and hcxdumptool: czcams.com/video/Usw0IlGbkC4K/video.htmlali
16 secs to break it! 70% of real world WiFi networks owned!: czcams.com/video/ZTIB9Ki9VtYW/video.htmliFi
Wifi Adapters: czcams.com/video/5MOsY3VNLK8/video.html
Old method using airmon-ng: czcams.com/video/WfYxrLaqlN8/video.html
Old method using GPUs: czcams.com/video/J8A8rKFZW-M/video.html
// Menu //
00:00 - Intro
01:12 - Don't use weak wifi passwords! // Quick wifi cracking demo
05:28 - Setting up for wifi hack // Setting up a Linode server
08:08 - Setting up for wifi hack // Installing Hashcat
09:05 - Setting up for wifi hack // Installing NVIDIA CUDA Toolkit
12:42 - Cracking wifi passwords using Hashcat
17:08 - How the Hashcat command works // Detailed explanation
21:08 - Cracking a range of wifi passwords
27:24 - "Mixed passwords are strong passwords"
27:57 - Cracking a range of wifi passwords (continued)
28:54 - Conclusion
// David's Social //
Discord: discord.gg/davidbombal
Twitter: twitter.com/davidbombal
Instagram: instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
CZcams Main Channel: czcams.com/users/davidbombal
CZcams Tech Channel: czcams.com/channels/ZTIRrENWr_rjVoA7BcUE_A.html
CZcams Clips Channel: czcams.com/channels/bY5wGxQgIiAeMdNkW5wM6Q.html
CZcams Shorts Channel: czcams.com/channels/EyCubIF0e8MYi1jkgVepKg.html
Apple Podcast: davidbombal.wiki/applepodcast
Spotify Podcast: open.spotify.com/show/3f6k6gERfuriI96efWWLQQ
// MY STUFF //
www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
// Hashcat Steps //
1) Setup server in Linode GPU server
2) SSH to server: ssh root@192.168.1.1
3) Install Hashcat:
$ sudo apt update
$ sudo apt install hashcat
$ hashcat -I
4) Install Cuda: (Docs: www.linode.com/docs/products/compute/gpu/guides/install-nvidia-cuda/ )
$ sudo apt update && sudo apt upgrade
$ sudo apt install build-essential linux-headers-$(uname -r)
5) Install nvidia drivers (Docs: www.linode.com/docs/products/compute/gpu/guides/install-nvidia-cuda/ )
$ wget developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64/cuda-ubuntu2204.pin
$ sudo mv cuda-ubuntu2204.pin /etc/apt/preferences.d/cuda-repository-pin-600
$ wget developer.download.nvidia.com/compute/cuda/12.0.0/local_installers/cuda-repo-ubuntu2204-12-0-local_12.0.0-525.60.13-1_amd64.deb
$ sudo dpkg -i cuda-repo-ubuntu2204-12-0-local_12.0.0-525.60.13-1_amd64.deb
$ sudo cp /var/cuda-repo-ubuntu2204-12-0-local/cuda-*-keyring.gpg /usr/share/keyrings/
$ sudo apt-get update
$ sudo apt-get -y install cuda
$ sudo shutdown -r now
6) Upload files to the server:
sftp root@192.168.1.1
put 8-digit-wpa2.hc22000
7) Check GPUs available:
hashcat -I
8) Run Hashcat:
8 digits:
hashcat -m 22000 8-digit-wpa2.hc22000 -a 3 ?d?d?d?d?d?d?d?d -d 6,7,8,9 -w 4
10 alphanumeric:
hashcat -m 22000 10-digit-letters-wpa.hc22000 --increment --increment-min 10 --increment-max 12 -1 ?d?l?u -a 3 ?1?1?1?1?1?1?1?1?1?1?1?1 -d 6,7,8,9 -w 4
======================
Hashcat commands:
======================
-m 22000 means WPA-PBKDF2-PMKID+EAPOL
-a 3 means Attack mode is brute force
-d means Backend devices to use, separated with commas
-1 means mask to use hashcat.net/wiki/doku.php?id=mask_attack
Explanation of WPA/WPA2: hashcat.net/wiki/doku.php?id=cracking_wpawpa2
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

I am so glad that I can do 2 things at the same time watching your videos, learning English and security. Thank you so much for your lessons!

Thank you David once again for a high quality video. While these short and easy passwords are good for making a point, it would be more interesting and useful to try a real world 14 character password, which is a NIST recommendation I assume, having digits, alphabets and special characters. It would be a more powerful point, since many consider such passwords "safe". Thanks again.

Super interesting video! I miss this style of content from you. I like the interviews too but you're a great instructor too

This is why using access control (if your router supports it) is important. With this feature, even if your wifi password is hacked, the hacker still needs to be allowed on the network to access it. Also if you use network segmentation to separate your wifi network from the rest, you can limit the damage the hacker can do to only that network if they do get access.

I remember back in the day when i was exploring "aircrack-ng" and bruteforcing WPA handshakes.. Back than brutting a 10-12 digit password on a very high end CPU was estimating to take 5-10 years.. As i learned how brutefircing works and how to use wordlists i realized that soon there will be a way to crack a 10-16 mixed digit lowercase password within minutes. I am amazed of how correct my guess was.. Watching this video makes me wanna take my old Alpha WIFI antenna and see how secure my neighborhood is.. Very nice video i learned something new today, thank you!

This enables phone hacking to a greater extent, by SCP'ing the captured files over to the cloud GPU VM, takes away processing limitations that a mobile phone may have in comparison.
This is a fantastic demonstration of this.

Ok, but "10 digit password with assumption of first two digits" is no different than simply brute forcing 8 digit password.
So adding "assumptions"' and emphasizing on password length is kind of misleading. You might as well say "We've cracked *TWENTY* digit password in minutes _assuming first 12 digits are ......"

Thanks David for the showing us the way, not to keep passwords simple anymore. Great demo.

Thanks! That's beautiful! You answered several questions about Hashcat, too. Maybe Hashcat's estimator is a little pessimistic. Cloud GPU's, now that's brilliant!

Thank you David for this Awesome Video again ! Love it!

First of thanks for the tutorial... but maybe you should tell about the Linode GPU restriction, before baiting us to their website with the 100$. I can't even create the Linode with a GPU, unless I make a plan and contact their support. And your password is the same as in the first tutorial from 18th February 2022. And you were fortunate yet again with the fast result. I mean, you make it sound so easy...

Outstanding demonstration and explanation of something many find confusing and feel it's out of their reach.
Not sure I've seen it but a video on passwords and how to choose them or create them both human, app and computer recommendation, Mac always suggests passwords to store in keychain file, are those easy to crack.
Maybe ask users to suggest a password and show how easy it is to crack ?
Thanks again for a great educational video

Excellent video, instructions, and tuition David. Many thanks. 👍

Best youtube hacking channel in my opinion! So much to learn and David teaches us all it so well. I wish I was more on the ball to take the opportunity to learn from all the videos but I don't quite have the discipline to focus and one particular area at the moment as it is all so fascinating. Belated new years resolution maybe lol

Cool video. Isn't cracking a 10 digit password that starts with 02 the aame as cracking an 8 digit password? 🤔

Stay safe and do the following:
-set strong complex router password
-set strong complex wifi password
-disable router remote management
-disable ssh
-block all incoming ports
-only allow reserved devices

David Love your work... Ps: We ( Singapore ) ain't the other part of the world ( haha) probably just a very very tiny dot and hard to find in this big world of ours... cheers and keep up the good work☺

I watch your every video love from Pakistan 💚

Thanks David for this amazing video once again!!

This is the video I been dreaming about

i am getting this message "Additional verification is required to add this service. Please open a Support ticket." cant create linode

I appreciate the end with the reasonable note that mixed chars will be much harder to crack.
Most routers ship with a default sudo random 8 char alphanumeric string.
Yes, knowing that it's only 8 characters can limit your scope and time. But that's still a beefy dataset.
Wpa2 has vulnerabilities, but for brute forcing... it's still plenty strong compared to wpa.
Most likely you're going to do a man in the middle, or some evil twin attack. It's so much easier then trying to brute force your way in

Not in vain saying that CCIE is equal to Phd, you are really badass geek Dave 🙏🏻👍
Thanks a lot …

Hi David. First i want to thank you for your incredible great videos!
For this video you maybe mention that Linode wants you to deposit $100 before you can access GPU instances.
I tested google cloud gpu witch needs a credit card to aktivate gpu`s.
Next i checked ovh cloud for a gpu instance. There you need to activate a quota, for this they want a photo of your id card.
I don`t found any service where to "rent" a gpu instance quickly. Maybe you have some tipps for this?

Wow well presented. Learned a lot will definitely give this a try.

Sir what happens if I change all digits of my device's permanent mac address rather than only 6 digit or it's not possible???

Sir, I have a question that is if we want to use internal wifi card in kali linux we have to dual boot kali linux using usb drive, but there is a method that we can dual boot kali linux without using any usb drive,cd or dvd, we can flash into our system ssd by doing partition, so after dual booting kali linux without usb drive can we still able to use internal wifi card/chip if it support monitoring and packet injection mod?

what about if the password is 14 digit with number up and lower case and symbol , from your experience if use 4 GPU like this environment . how long it approximately can crack ? or if it is possible to get in within a year ?

على هاد الهدرة لي قلتي والله تا شتاركة عندك وغادي ديما نحظر فيديوهات ديالك حنا بغينا الحقيقة والتواضع مشي الكدوب ❤

thank you for educating us sir.

Great video David! And actually it shows that still 10-character password with all mixed characters is actually strong enough, right?

David, do you sell test questions and answers for exercise and preparing for CCNA exam? If yes, where can we buy?

Hi sir , i respect you a lot plz create a paid course , in which everything is in systematic order and teach us more advanced thing which are illegal to teach on CZcams . Luv from india. Like u understand what I am saying.

linode needs additional verification to start ? Anyone else have this issue ?

Break WiFi networks using Cloud GPUs in seconds . but video lenght is 28:48. Just Awesome tutorial😅😅

thank you david it was a video that everyone can understand you are great

Linode is cancelling almost any new register on his platform.
Is there a similar cloudservice to use, as alternative to Linode?

i never get to crack any wifi before even watching your previous video. Gave up doing it.

hi !
I really learn somthing from this .

Just a quick heads up everyone, quite ironically there is a fake David Bombal account going around trying to scam you.
Please be careful!
And Mr. Bombal, thanks again for another outstanding video :)

Does this Lenode server has already installed Ubuntu that you just kinda run? if it does, why they don't preinstall all that you need like CUDA support, like, that's the reason you would use Lenode in the first place? Otherwise you waste time on doing it yourself.

great video. like to ask why only use 4 GPUs? will using more GPUs(if possible) speed things up? thanks.

I'm really struggling to comprehend the power a machine with 4 x RTX6000 would have. That's insane

Do they charge you when it's processing the GPU or as soon as you start the server?

128x4 = 512 gb Quadro ! And after password cracking is awesome.

Couldn’t Wi-Fi router co’s easily fix this by offering 2 factor security? I.e., if someone wants to log into the network they must have correct password then owner of network receives a 6 digit code that the requester must input? Why wouldn’t router companies go this route?

You look like G-Man from Half Life

Great video David, thanks.

How can I know how many signs are in the password if I don't know the password?

we used to use rainbow tables for this.

When you have cracked the password and login to that computer, my question is, can they not see you and ban your ip. I mean with some wifi´s do you get some software so you can see who is logged in to your wifi

I'm not concerned with passwords where someone knows it's likely certain characters are placed. My greater concern is how cloud computing is rapidly reducing how even totally random passwords are becoming vulnerable. Using numbers, lower and uppercase alphabet characters, with a password that is shorter than 10 digits is now within a reasonable time for cracking when using cloud services.

Couldn't sign up for linode

I am learning a lot from your videos! 😍

i am a software engineering student . i am a mad fan of you

Thanks for sharing this informative video.

Sir please sir please how to find hidden Wi-Fi SSID I just want to know is it possible in android device non rooted.

how do you mix uppercase,lowercase,digits and specials? how can we specify which to use
😭 GPU's into nightmare mode?

thank you for the video, it's great. Can it be done using just kalilinux?

How can i snip fb & other password from pc & phone connected to the network.
Please suggest me

Thank you, David.

So as long as you use solid passwords, no one with a copy of haschat and wifi attenna will be able to break in too easily. I wonder if quantum computing rigs for brute force attacks would shorten the 7000 years, to minutes?

Great tutorial David!

Been doing this for years and years now, saves so much time

Your video is very interesting, I have registered in Linode with your code but the hashcat issue is a bit complicated and I don't want to enter a wrong command.
Could you tell me the command to write in hashcat to decrypt an 8-character password made up of numbers and uppercase and lowercase letters?
That would help me a lot...
Thank you very much in advance.

7000 years? For my gpu it will take 15 years. And if without capital letters it (in most cases there is no capital letters) will take only 75 days.

You can’t start the Linode plan straight ahead - any bypass?

Hi! Thank you for your video. Linode is Great. I have it a lot of years. Only 1 question; your "method" work only for "simple" numeric pasword or for all? Thnx

How to find hidden Wi-Fi SSID?

Can you use linode for 1-2 hours to avoid paying for a whole month?

Hello man, do you know how to install hashcat on M2 silicone. ? Doesnt work for me

command for capturing wifi information in older video does not work now
hcxdumptool: unrecognized option -- 'o'
and then i changed 'o' with 'w' and now says
hcxdumptool: unrecognized option '--activate_beacon'
can anyone pleas help?

I will use this video for *"Scientific"* purposes

What if my password is 36 characters long with small and caps and numbers and symbols? How long to crack.

I am not watching the video but i have a question according to thumbnail if we can hack wifi in seconds then why your video is 20+ ?

*Please Help, David Bombal Sir Please Help Me! I Have Successfully Installed Kali Linux On My Laptop And I Have **_Alpha 8188FU_** WIFI ADAPTER. AND The Machine Is Recognising It But I Am Unable To Install The Driver To Practice Wifi Hacking.*
*PLEASE HELP ME IN THIS MATTER, PLEASE I WILL BE REALLY THANK TO YOU*

How much does a pentester cost for personal home security testing?

i got that to work. testing on my home wifi it would take more than 10 years to go thru all possible combinations. i see i have 2 tplink neighbours thou... :>

you have some of the best vids out there!!!

I have Gmail locked by my relatives they have changed password, recovery number and email. How can I get back my Gmail ??? Please respond as soon as possible i need my Gmail immediately

Yeah I love when people say this what you said but it's a 30 minute video it's not a second it's a 30 minute video

See how long it takes to guess the password if the SSID salt is not broadcasted. Better yet, see how long it takes to crack a Radius server's password that changes every 24 hours. Even these tools are very limited. I still see some old school WEP routers once in a while. LOL.

id like to add that this no longer works unless you have been a user with linode and have several months of positive billing with them. i tried to use this method to test on my own network and could not use any linode except for some very basic plans. also linode wants a very detailed reason why you would like to use their service

What about passwords with mix of numbers, letters and special characters?

What if I use the power of my PC? Rtx 3060 ? It is possible?

Sir one question can non root device android 12 phone can hack Wi-Fi?
I show your Kali net hunter but at the end he ask me for root access. I am a student and I don't want to root or damage my device unless I get new on. Please say yes/no in shortly thanks

Please can you help this problem
Unable to locate package php-cgi

What program are you running for this on your computer

Sky have bad passwords on a lot of their last gen routers. 10 digits all letters in caps. Probably 3 - 8 mins to crack on medium spec PC.

To bad we cant create GPU images on linode.... :(

David you're such a swell guy. I don't care what anyone says. : )

So, where is ACTUALLY CLOUD part of the video?

Hi sir. Can u help me I am being remotely by my neighbor upstairs they can see and hear everything what can I do I'm from Philippines and I am being harrased by a techy japanese neighbor sir
They're doing it for fun I can hear all their voices talking about my privacy thanks sir appreciate it so much they're on my phone since last year can't change phone in japan

Outstanding video !👍

i get no devices found/ left
anyone know a fix ?

Could I test this on my workplace? And yield the same results

Can we use AWR cloud computing?

how about an MD5 of a random word? is it still easy to crack?

Can you use this in conjunction with a flipper zero?