Hacking WiFi Passwords with Flipper Zero, Marauder, Wireshark and HashCat! 🐬🙀📶🐱💻🖥💽
Vložit
- čas přidán 29. 04. 2023
- Today I'll show you how to use the Flipper Zero and its WiFi Dev Board to capture the PCAP handshakes necessary to decrypt a your WiFi password!!
-----------------------------------
SleletonMan's Flasher : github.com/SkeletonMan03/FZEa...
Wireshark : www.wireshark.org/
Hashcat : github.com/hashcat/hashcat
Cap2Hashcat : hashcat.net/cap2hashcat/
-----------------------------------
Delilah on Twitter : / princesspi3
Delilah's Password Lists:
Huge (74 gig): h.acker.is/74gb-wordlist-rele...
Common: github.com/brannondorsey/naiv...
What I Used: wpa-sec.stanev.org/dict/crack...
-----------------------------------
SimpleLaser Merch : simplelaser.shop/
Astro's Web Store : softpaws-stickers.square.site...
-----------------------------------
Amazon List of All the Parts I Use: a.co/0ujD8M9
UberGuidoZ Repo: github.com/UberGuidoZ/Flipper
Uber's DownGit: uberguidoz.github.io/DownGit/...
I Am Jakoby's Channel: / iamjakoby
-----------------------------------
Check Out The Official Squachtopia Hangout Discord Server!:
/ discord
-----------------------------------
Try SquachWare Community Firmware! :
github.com/skizzophrenic/Squa...
-----------------------------------
Support the Channel at my Patreon!!
www.patreon.com/user?u=29290751
-----------------------------------
Follow me on Social Media!
TikTok : / talkingsasquach
Instagram : / talking_sasquach
-----------------------------------
Help Support my Content At Amazon!: www.amazon.com/hz/wishlist/ls...
-----------------------------------
Thank You SO MUCH For I am Jakoby for the intro, definitely hit up his channel and be sure to subscribe!!!
/ iamjakoby
----------------------------------- - Věda a technologie
Despite this being a year ago, you are still the only person who has gone through the entire workflow like you mentioned near the end of your video. Nobody has done it for flipper zero aside from you, obviously, pwnagotchi, Marauder tutorials or anything like that. Thank you very much for making this!
There's a new version of this video too!
That is false.
the 74gb pwd list / dictionary link is down for me. Any hint concerning mirrors or alternatives would be very appreciated.
Thank you for the lesson! Nowadays with all these smart devices at home, I've become more and more aware of vulnerabilities and want to make sure things are as secure as possible.
That's the big vulnerability. When I ran this on my actual router, the device that actually got deauthed and I grabbed handshakes from was my raspberry Pi that i use for OctoPrint
@chivo0317 the sad thing these vulnerabilities have been around since the 90's if not 80's. I was hacking wifi since 2000 or so, wep then WPA when it came out. Nothing much has changed or ever will. There will always be a way to protect, but with so much tech it will drive you crazy trying.
FYI If you type cmd into the location in Windows Explorer it will launch a command prompt in that folder so you don't have to cd to it. Thanks for another great video.
I literally just learned this lol, I'm a n00b too!
wow... quite the fun fact.
thx... this might come in handy....
What about mounted remote disks [linux] ? Will this automatically shell into the remote location?
The answer is YES. But you won't shell directly into the linux shell, but will be in the localized : associated with that mounted disk. But still this will access that drive location... Derp
This also works with pwsh too (PowerShell Core)
For anyone having issues with step zero, I figured it out:
First: Use his video on how to install python and git. The error you are getting is because python isn’t installed properly or maybe you have two version of python.
Second: ensure the Marauder folder you download is moved to documents and NOT downloads. Python cannot access files that are in downloads.
After this, that should be it! I hope this helps! I spend probably 2-3 hours figuring this out lol
BRO I CANNOT THANK YOU ENOUGH I WAS STUCK ON THIS FOR THE PAST 2 HOURS
@@RUNTHE40ROLL happy to help! I probably worked on this entire project for probably 3+ hours at like 2 in the morning and figured I share it.
@@AlexSingletonMusic did you get it to work? Were you able to successfully grab the pcaps/logs and also I can’t get my marauder to deauth my devices but it’ll still inject Rick rolls and probe the network, any thoughts?
@@RUNTHE40ROLL yes I did, my best guess is that you haven’t set the Sniff to raw. That’ll collect the data. You just need to make sure click on sniff after you’ve deauthed it, fairly quickly too
@@AlexSingletonMusic Thxx for the help, you should make a vid that covers Step 0.
As for hashcat itself, it prefers to be ran from a cmd inside the folder. It also prefers that the user convert the pcap with the hcxdumptool -> hcxpcapngtool -> hcxhashtool (additional hcxpsktool/hcxeiutool) -> hashcat or JtR workflow method.
Also straight from hashcat: “Do not clean up the cap / pcap file (e.g. with wpaclean), as this will remove useful and important frames from the dump file. Do not use filtering options while collecting WiFi traffic.”
Great video, I followed well up until the last command for running keys against dictionary list.
How does that translate over for running in terminal (macOS)?
what color should the wifi board LED be when plugging in? it only seems to connect when its red but it's unable to get most of the marauder data when i try to flash it onto the board
Another great video for the FZ community, nice one bro 👌🏼
Thanks! Trying to keep up with all the great stuff coming out!
How do you like that line 6 amp? I got one that looks kinda like it and the tuner stopped working and all the controls are wacky sometimes
nice video man, ive used wireshark quite a bit but never thought of doing this. nice one
Thanks!
Thanks for this. Question. Do i now need an additional device other than my flipper?
Another great video as always!
Thank you!!
Hi
Thank u for the instructions.
When I connect the devboard to win in need to connect the flipper too ?
Thank you so much for the in depth guide. its amazing.
I'm getting some issues when i scan for AP's.
it's saying E(234) esp_core_dump_flash: No core dump partition found, ESP-IDF version is: 4.4.5 CLI Ready
Any idea what that means?
Good stuff!! Thank you! Keep it bro!!! TalkingSasquatch you a legend
I appreciate you!
@Talking Sasquach any way you could do the full walkthrough for the iPhone? Would love to be able to do it (not sure if it’s possible) thanks!
Pip3 isn’t recognized, it keeps saying it’s not a recognized script file or operable program. I installed git and the drivers not sure what wrong :/
Hey thanks for all the great info in your videos! I have a question, when I test my wifi and capture my EAPOL it doesn't save PCAPS to my SD card. I follow your steps and save to SD before running search.. Any suggestions?
I love your background 😂😂 couldn't Pay attention to anything else.... currently re watching lol.
I keep getting a write timeout error when trying to flash the board. I followed instructions to the tee. Is this sensitive to a specific usb c cable?
where did u get ur wifi dev cover?
will this also work for pwnagotchi handshakes? or is there a separate video for that?
Amazing work!
I followed this video and all the apps were update a couple of days ago and they say PRELOAD FAILED API VERSION. Any advice? Nothing on the device is working.
😮my duuuude, thanks for all the great videos you make.
I target my IP through target, but when I run the sniff - raw i get information from all the wifi's around me. Is this supposed to happen? Or is the target for the deauth only?
Hello and thank you for the hard work you put for us. I have failed to actually get it work before your guide. Do you have another link of the Delilah's huge password list? The link is not working.
Great tutorial!!! I got a question though: When I perform the attach Deauth the LED on the Dev board turns Red, after I sniff Raw and download the Pcap, it appears as 0kb and on Wireshark, show just a grey screen (I assume its because its an empty file). Could you help please?
Is a Windows PC required? Can this be done somehow on an apple device? The Github appears to only list install instructions for Windows.
For some reason I am unable to flash the SD_serial version onto my board. I can flash the non sd version using Frog's .bat file no problem. What am i doing wrong?
Do you think I’m having trouble with is for some reason I can’t get any Pcaps or they’re not showing up in wire shark
thank you so much for this genuinely, you deserve more than just my sub
everything works well, but when I start the hashcat program with the converted file, it never give me a password, if I try using a password list, the psw it's obviously noy in that list, but If I send it without a list, after a while it gives me this: No password candidates received in stdin mode, aborting
I’m really interested in Flipper and everything it can do but I don’t understand anything about what I just saw or what it is. Where do you suggest I can learn what all of this stuff means for someone interested in learning computer tech, programming and whatever else this is? Thanks for any and all help!
Watch the rest of my videos!
@@TalkingSasquach Will do but I don’t quite understand them. But I will. Thanks 🤙
Any tips on where to get fairly comprehensive password lists? I'd be keen to mess around with this at home
See if there is a list in sec-list
Very "educational" I like it I learned a lot 😎
Hello Sasquach, can these flipper gadgets be countered from hacking devices?
When you don't do something harmful (like cracking WIFI pwd from your neighbors), it's not a hacker device.
But if you do, it is
Do I have to flash my dev board to Marauder?
I just flashed it to Evil Portal, but does not work
DONT GET ELIMINATED! Hahaha love it great video bro!
Dose it make change on what version Maruder is running? I made many redowlands and this still dosnt work
Do you plan on selling any of the boards you make?
SKID. I'm assuming that's 'script kid'. Never heard that before. I like it.
is there a way to do this all on the flipper?
What os is that? Its so color full love it
Hi Sasquatch, I see in a few threads, forums etc that quite a few people (including myself) just get empty pcap files. No matter what i try or how long i leave a raw sniff running then when i drag the pcap file into Wireshark its completely empty everytime - any help or suggestions? :)
Having the same issue
did you ever figure it out??
I had the same thing. What I did was i re-flashed my wifi devboard and it worked.
@@oofyx9776 Thanks I'll give that a try!
@@oofyx9776 Just tried to reflash a few times but still the same problem :(
good day sir.. have you tried saving pcap files using DIY wifi board?
Not clear for me what moment of the video you stract the password of the wifi network, i have read many post and all of them agree that is not possible to hack wifi passwords with flipper zero.
I want to know if you can extract any wifi password with this device its or not possible to do?
already love the content here
hi and thanks !! otherwise i don t have the marauder folder on my SD card why ?
It doesn't show the Maradeur app on Flipper. After all the steps, when I connect the board to a flipper, there is no Maradeur in GPIO
There are two things to complete your work:
1. With Marauder, you can easily create your own script at the bottom of the app, so there is no need to switch rapidly between deauth and sniffing.
2. You should have mentioned that it can take a really long time to crack -recover- your own password from the hc22000 file, depending on the number of characters. If you are interested, I can show you a way to use the power of multiple computers with Hashcat instead of just one.
Create your own script? Care to elaborate?
@@verbalhustle Flipper > Applications > GPIO > [ESP32] Marauder > Scripts (at the bottom) > [+] Add script
And there, after scanning and manually selecting your ap, you can create a script that will deauth for x seconds and then sniff raw for x seconds
@@maxencelaurent4885 You seem very knowledgeable, can you please make some videos on how this can be done? Even the Hashcat on multiple PCs thing sounds very cool
@@shaners1 Aha thank you!
I don't have much time to do it, but I would love to collaborate with someone to make it possible, I have cybersecurity degree and I just love it so I think I can help people aha
I have a cyber security degree too. Just ordered my flipper. Can't wait to take my shit to work and have some fun.
I'm getting a PIP3 error in Powershelll. Did I miss a step?
The total number of lines is shown at the bottom right of Notepad++ window under "lines:", this way you don't have to scroll through the entire file.
Can we able to get the handshake file for WPA2/Enterprise corporate wifi?
yo bro I'm an 18 year old about to go to college for cyber security and I don't know shit about anything but ur videos have been so helpful🙏🙏🙏
im in the same boat bro
how school going
@rj8868 just finished the first semester and it's going pretty good ngl it's way easier than highschool. Also halfway through the Google cybersecurity course. Think im gonna try and figure out how to use a virtual machine today so I can practice more in Linux and SQL. Have to take a gender and race class next semester though which is gonna be lame as fuck.
Can the Flipper Zero take the place of USB hardware license authentication, like, for example, with the iLok used with Avid Pro Tools audio recording software?
If you have another USB hardware to copy already I assume... But not gonna be able to brute hack it I'm not sure a crack for that specific software has been exploited publicly?
Another awesome video!
I appreciate you! Thanks for the good work you guys are doing as well!
Mimicked step zero, but it did not work. Looks exactly like your Powershell cmd lines. error i got "pip3 : Ther Term 'pip3' is not recognized as the name of a cmdlet, function, script file, or operable program. Help!
I installed wireshark but whenever i drag my pcap files into it im left with a blank screen. Do you have any idea what Im doing wrong?
So I did it all and had 1-4 of the EAPOL I ran it through and it came back as exhausted. I checked the password list and the password I had used was listed in there. Any reason this didn't work?
Basic cracking this process may take up to years if the password contains personal information
Is it possible to crack the password if i have only 3 of the 4 handshakes?
So, essentially the Flipper Zero + wifi card's only purpose was to provide a wifi radio that could be ran in promiscuous mode? After that it's just brute force attacks.
wifi marauder doesn't show up for me, any help? I successfully installed the firmware after typing in option 2
after I installed the silabser and went to powershell and did the exact steps you did with the file location then "pip3 install -r requirements.txt" it did not install that and I tried a few times. Any help?
Thanks for the great video! Super helpful and fun! Anyone here ever been in the scenario where they are able to successfully capture pcap file, which definitely have > 0B size) but the contents (as viewed in a hex editor) are all "0000" blocks, throughout the entire file? I can verify that I put the correct firmware on the board (using the WiFi Devboard from Flipper) because if I load the firmware without Flipper SD card support I indeed get 0 B files. When using the correct firmware, with SD card support, the pcaps have >0 Byte size, but the contents are essentially all 0s. Just hoping for someone to point me in the right direction.
Find a fix?
is this limited to the generated pcap files from the flipper, or does your method also work on most other .pcap files? (ex. pwnagotchi)
Instead of using a PC, is there a way to do this password process using your cell phone? some app or something like that
What are the router settings, SSID, WPA? You need more input, it looks like an open network has been hacked.
What is the deauth time for sniff raw? For me it doesn't show eapol
Followed your guiding, but i did't get any EAPOL Messages in my raw pcap when i analyse them in wireshark.. any idea?
I had to keep disconnecting and reconnecting my phone and laptop to capture them.
I can get all the way to the command prompt no problem, then my ignorance takes over. i feel like im following your instructions to the letter, but always get the error "cannot find the drive specified" Any help for a novice on this part?
dang a day to late for the one year aniversary. the 75gb password list link isnt working anymore. great video :D did learn a couple of things.
So funny but good to see all you new folk on the scene. I was using wireshark in the 90's... then we called it ethereal. Nothing beats the 80's and 90's hack scene... free phone calls on pay phones etc . Good times indeed
The good old days. I spent countless hours making a redbox only to learn our local telco didn't use those tones
if im going to bruteforce the pw why do ineed all the extra steps?
After following this tte PCAPs are there, but are 0 length when I save them. Any ideas?
Good video. The only question I have, is why are you using Windows?
That's what most of my viewers are running
Is there an alternative for Hshcat for MacOs?
Hey. What if the password isn’t on the list? Will the crack still work, or hashcat is going to give an error?
Anyone know what commands to use on a Mac (Terminal) to run hashcat w/ the password list and hc2200 file?
What do you recommend? DarkFlipper or RogueMaster?
They're both good but I usually end up with RogueMaster
having issues downloading the INF driver.. windows 11. any help?
How are you emulating the flipper zero on your screen to record it?
Just using QFlipper
Problem I'm having is no data in the Pcap. I'm switching to sniff (raw) as fast as I can after deauth. Letting it run for various lengths of time but with no success of even 1kb of data, nothin shows up in wireshark because of this. Used on a known 2.4ghz network as well. Thank you for your time and awesome videos!
Usually means that your DevBoard has the wrong firmware on it
avais le meme problème , j avais le firmware 10.3 et une carte sd dans mon slot du flipper zero, jai flashé le wifidevboard avec la version 10.4 mais avec un bin serial... me demander pour + d infos
@@TalkingSasquach could you remind me the easiest way to update the devboards firmware please? Thanks a mill
czcams.com/video/IU8KaRjdxfQ/video.htmlsi=sYHl0KwyxxpTaSbW
This fixed the issue for me.
All things were going well until the step of 8m0s in the video,my Marauder app can't generate a correct pcap file after sniffraw.Though it generated a file then,but when I export it,the file manager shows the size of data is 0B,that means it's a empty file.I tried several of methods to solve this problem,but they all failed.I have been working on it for at least 8 hours.I need help now.
Having same exact issue.
@@N2CFX Sniff pmkid! Not raw this issue was beating my ass too
@@jayrflocca6704 what option in PMKID? passive active? list targeted active or passive?
Error in Wireshark when dragging the file ...
The file "sniffraw_0.pcap" appears to be damaged or corrupt. (commview NCFX data length 0
Having the same problem
@@prokazzza8402 My understanding is it has to do with a wrong version of Wireshark, or the headers are bad in the file. I am looking into it.
I need help too
The file "sniffraw 0 (1).pcap" appears to be damaged or corrunt (commview: NCFX data length 0
did all of you google it? I found an easy answer researching myself.
Just a thought I grabbed a couple old computers, my old Wi-Fi router and set that up in my house just for pen testing.
i run into an issue when i download the files from flipper zero's sd card logs. My pcap files are always empty (0 bytes). I think I installed something incorrectly or missed a step somewhere because none of my sniffraws contain any data. How do I fix that?
same for me, pcap with no packets
What is that awesome desktop wallpaper? Is it available to download somewhere?
Wait, so it has to be a common password? Meaning that mine can't be cracked? I use 3 initials of 3 different words in which one is a made up word, mashed together in l33t
I have tried to Deauth my network a couple of times and nothing happens. However in the middle of a deauth attack, if I disconnect from my network and then try to reconnect it does not let me. It does not kick me off though. What could be the cause of that?
Do you know where is possible to buy 5 Ghz GPIO extension card?
Another great video Squatch! My pcap files are zero bytes! Any ideas. Checked Flipper forums, Reddit, and Koko YT comments. No answers.
same i don t know why
This almost always means your dev board either A) Doesn't have the latest version of Marauder or B) You don't have SAVE PCAP enabled in the Marauder app. Check out my latest video on Marauder, it shows EVERYTHING
I keep getting error "commview: ncfx data length 0 < 20" when I try to open a pcap file in wireshark. anyone have this issue or know a fix??
Did you get around this? I get the same issue
I'm wondering why my wireshark shows up nothing when I type EAPOL
Hi.
Thans for the video.
My pcap file its empty 0 byte. What did i do wrong?
Hi Sasquach, when I try to flash I recieve this error: Cannot configure port, something went wrong. Original message: OSError(22, 'A device which does not exist was specified.', None, 433)
Unable to erase the firmware on esp32s2
Same error
Anyone got a fix for this issue?
Can you help me? What im doing wrong and i cant have any captures? All my pcaps are empty 0 bytes. I am ready to give up with this device. Thank you!
I got to wire shark put the rawsniffed file in and it showed nothing to which I hit the shark fin button and it started showing tons of numbers and when I look up eapol it doesn’t show anything, any word on what I could be doing wrong?
same question here, any solution?