Ethical Hacking using Kali Linux | Ethical Hacking Tutorial | Edureka | Cybersecurity Rewind - 3

Key Takeaways

hi folks my name is Arya and today we're going to discuss about ethical hacking using this operating system that has been well known amongst ethical hackers and I think you've guessed it it's called Kali Linux okay now before we Dive Right into Kali Linux let me give you a brief introduction to ethical hacking for those of you who are here on this channel for the first time following the ethical hacking series so the term hacking has been around for a long time now the first recorded instance of hacking dates back to the early 1960s in Massachusetts Institute of Technology to the Model Railroad Club where both the terms hacking and hacker were coined since then hacking has evolved into a broadly followed discipline for the Computing Community now hacking is the process of finding vulnerabilities in the system and using these found vulnerabilities to gain unauthorized access into the system to perform malicious activities ranging from deleting files to stealing sensitive information now hacking is illegal and can lead to extreme consequences if you are caught in the act people have been sentenced to years of imprisonment because of hacking nonetheless hacking can be legal if done with permission now computer experts are often hired by companies to hack into their systems to find vulnerabilities and weak endpoints so that they can be fixed in the end now this is done as a precautionary measure against legitimate hackers who have malicious intent and such people who hack into a system with permission without malicious intent are known as ethical hackers and the process is known as ethical hacking so now that we know what exactly ethical hacking is and who ethical hackers are let's move over to the hero of our video today and that is Kali Linux now Kali Linux is a deviant based Linux distribution aimed at Advanced penetration testing and security auditing Kali contains several hundred tools which are geared towards various information security tasks such as penetration testing security research computer forensics and reverse engineering Kali Linux is developed funded and maintained by offensive security a leading information security training company nakali Linux was released on the 13th of March 2013 has a complete top to bottom rebuild of backtrack Linux adhering completely to Debian development standards Kali Linux is specifically tailored to the needs of penetration testing professionals and therefore all documentations are actually addressed to them in knowledge of and familiarity with the Linux operating systems in general now as you guys might also know that Kali Linux is basically any Linux distribution that comes pre-loaded with a bunch of penetration testing software now some might argue that Kali Linux is not really necessary but well it does save you a lot of time if you are a penetration tester aside from saving a lot of time there are a number of reasons that you should be using Kali Linux for now let's go over the reasons one by one first of all Kali Linux has more than 600 penetration testing tools included now that every tool that was included in backtrack did not actually make it to Kali Linux a great number of tools are simply not added because they do not work or because they duplicated what other tools did so now you have a bunch of tools that serve a specific purpose and they are basically not cluttering up your computer with duplicates and useless tools the second reason that you should be using Kali Linux is because it's free and it always will be now calling Linux like backtrack is completely free of charge and always will be and you will never have to pay for using Kali Linux the third reason is an open source kit tree now Kali Linux is committed to the open source development model and the development tree is available for all to see all the source code which goes into Kali Linux is available for anyone who wants to tweak or rebuild packages to suit their specific needs then another reason for using Kali Linux is a wide-ranging wireless device support a regular sticking point with Linux distributions has been supported for wireless interfaces Kali Linux has been built to support as many wireless devices as you can possibly think of allowing it to run properly on a wide variety of hardware and making it compatible with numerous USB and other wireless devices more adventurous users to customize Kali Linux to their liking all the way down to the kernel which brings us to the kernel now and the last reason according to me that you should be using Kali Linux is because custom kernels and patched for injections so as penetration testers the development team often needs to do wireless assessment so our kernel has the latest injection package that allows you to do so with much ease so this was six reasons as to why you should use Kali Linux and you can find a lot more reasons on the Kali documentation so you can go through them if you want now this brings us to the main agenda of our video today so with that out of the way now that we know what Kali Linux is and how it works and why you should be using Kali Linux let's go over the topics that we are actually going to go through the course of this video today so through the course of this video you could expect to learn a bunch of stuff so firstly we'll go through some command line Essentials because Kali Linux tools are mostly in CLI format so we have to be well versed with the command line Essentials so that's the first thing that we're going to tackle then we are also going to tackle how we can stay Anonymous using proxy change in Kali Linux we'll be talking about map Changers and we'll be also going into the whole realm of Wireless penetration testing we'll be checking out tools like aircrack NG and we'll be also testing on how we can Brute Force some WPS pins we'll be going through router vulnerabilities and some other miscellaneous topics that I couldn't really group into one so without wasting much time let's dive into the first topic for today and that is command line Essentials now the way that this video is going to follow is that most of the times we are going to take a Hands-On approach to learning how to use things in Kali Linux because I'm a firm believer of actually practical work where for learning any sort of thing so we will be using a lot of practical work and I completely encourage you that you go ahead and download and install Kali Linux you can do it on a virtual machine or you could try and do boot that thing I'm not meant to teach you how to do that in that video because there are tons of videos out there that teach you how to install Kali Linux what we are going to do first in this video is that we are going to take a Hands-On approach to firstly learn what the command line Essentials are now as you might have already realized there are some theoretical aspects that we might need to tackle from time to time for example what is the MAC address what are proxy chains fill me into learning some Theory so for the theory we'll have to go through the obvious evil and that is PowerPoint presentation slides so I apologize for that from before but I assure you that most of the time we are going to be looking at a computer screen and I assure you that you will have tons of fun if you just follow along with me okay another disclaimer that I would like to add before we actually continue with our Kali Linux course and that is this is not the entirety of Kali Linux Kali Linux is a huge thing and this is just not it so these are basically what I find interesting and what you may also find interesting and these can cause a bunch of damage if you're doing it without permission and damage comes with repercussions which would include you being arrested and that is not my fault again I'm saying disclaimer if you do this without permission you will get arrested and that is no way my responsibility because this video is just for educational purposes okay now with all that aside let's move ahead and learn about command line Essentials okay so now it's time that we go through the command line basics of any Linux terminal now the Linux terminal is a very powerful tool it allows you to move around the whole operating system through the files and folders it allows you to create files change their permissions change how they behave and a bunch of other things you can do filtering you can grab stuff the specific stuff from a specific file and there's a bunch of interesting things that you can do and as an ethical hacker you will be working with a Linux distribution most of the time whether it may be Kali Linux or some other thing like parrot OS but you will be working on Linux most of the time because it's a powerful tool for networking analysis and scanning and all sorts of stuff that you want to do as an ethical hacker so the First Essential step is to actually know how to use the tool that is available to you and that is out here which is the terminal now as I'm running this on a virtual machine you might find that my execution times are much slower and that is because I have a very very slow laptop because my virtual machine is actually eating up a lot of my Ram and I have a bunch of other processes that are also rendering I do this on my free time so let's go ahead and go through the commands that we are going to actually go through now let me actually make a list of commands that I want to teach you guys so let me see if Leaf pad is available firstly Leaf pad is basically a text editor so the First Command that we are going to start off with is CD Now CD stands for change directory now at this moment we are in the root directory as you guys can see we can print the current working directory with the single PWD and that is a current working directory as you see it's called root and suppose we want to change our directory to the home directory so all we have to do is CD which stands for change directory as I just said and specify the Pod now Siri slash home okay so once we're in home I want to make a list of commands that are used on the CLI that I want to teach you us so what would I do I would firstly see if any files are available that I can edit okay so these files are available but let's create a new file for ourselves so firstly let's do Nano list dot txt now what Nano does is nano will open up a small command line text editor Now command line text editors are very much used by ethical hackles because they save a bunch of time if you're always switching between GUI and command line because you'll be doing a bunch of stuff on the command line and suppose you want to write something you are always switching to GUI it's a wastage of time and you want to save time as an ethical hacker so you can use this thing called the command line editor and it's it can basically do most of the stuff a GUI editor would do now you say Nano and the name of this file so Nano basically has created this file now and it has opened up this new fresh window which overwrites the command line that we were in The Bash and this is the place where you can actually edit what goes into the file now let's see the list of commands that I'm going to teach you I'm going to teach you LLS LS will be the list of files we did CD we saw a PWD so that was the print working directory we'll be looking at how you can copy stuff with the CP command then we'll be looking at MV which is basically move then we'll be looking at cap and that's an interesting one and also less which is another interesting thing and we'll be looking at grep which is actually used for crapping or grabbing things from files that you might want to see you'll see what I mean in a short file we'll see echo which probably does what you think if you have any experience with the Linux then we'll be doing touch and we'll be doing make there which is make directory and then we'll do in ch own CH mod then one of the most dangerous commands has RM and then you can do man plus Health okay so these are the list of commands that we are going to go through in in this part of the video so suppose I was making this video and I wanted to save this somewhere so if you see down here there are a bunch of options that I showed you now this carrot sign might be not really thinking that the shift six one it's not shift six it's actually a control so carrot is control and then G of course means G so if you go Ctrl G it will actually get help now what we want to do is save the file and that is Ctrl o and that is right out so what we want to do is say Ctrl o and now it's going to say if we want to name the file list.txt and we want to name the file and it says that we have written down 15 lines so that's how you save a file now all we want to do is exit out of here okay so first let's go LS and let's go through whatever there is so LS shows us the list of files that are there in that directory now LS can also show you the list of files in a directory with the paths that you specify like if I say LS VAR it'll show me everything that is in VAR okay there are a lot of interesting things in bar so let's head over to vars CD slash bar and you hit enter and now we are in the folder bar so now to actually demonstrate how powerful lattice is we have a few Flags now to see the flags if any command you can just do dash dash help universally throughout the Unix command line so out here you see some information that is kind of tough to read but if you go on top and scroll out here you'll see all the flags that you can use with the command that is LS and how you can use them so you can see what you use and you can read a little bit about it so if you use all it ignores entries starting with DOT so suppose we were to do LS and VAR let's see so it shows us like this now if we do LSL it'll show a long list with more information so these are the permissions that you see out here we will be seeing how we can change permission in the files soon enough and this is who owns the file the user and the user group this is the file number I guess I'm not sure this is when they were created the name of the file this is the time when the file is created I guess okay so that's how you get very detailed information about all the files now there's another thing you might want to use with ls and that is the attack so you can go LSA and it will show you all the hidden files also so now you see some two files that were not shown out here our file list begins from backup but when we do LS slash I mean hyphen La we see two more files that is Dot and dot dot so let's see if we can move into that CD Dot so we can't even move into that so that's interesting so these are hidden files so these are not seen to random users and we can actually do stuff with them we'll see how we can use hidden files later on so if you want to show hidden files through LSU all you have to do is LS and hyphen L A so that was all about LS so let's move back to slash home where our list of commands that I want to show you all was so CD home let's LS and see what was it called it's called list and suppose I want to see the contents of list.txt all I have to do is say lists.txt now it shows us whatever this file is containing it'll read it out for you so we've done CD we've done LS and it's various forms we've done PWD now it's time to do CP so CP is basically used for copying files from one place to another so suppose I want to copy this address file that is there into some other directory let's say VAR so all I would have to do is CP name.txt and then you specify which location you want to actually copy it to so CD slash VAR so this is where I want to copy my file to and you hit enter and it's copied but that was a very small file now we can actually check if it was copied before I move on and pour some more knowledge into you so let's go into VAR so CD slash VAR hit enter and you're in war again and you see LS and now you see a name.txt so let's remove name.txt from here because I want to copy it again and show you all a difference between a flag that I'm going to use right now so the hyphen and letters that you use are called Flags technically in the Linux terminology so let's go back to home now instead of the name of the file and moving back home just like I did you can type out the complete name of the file out here so you could have gone CD slash home slash name.txt and copy to slash bar but this time what we're going to do is we're going to use the hyphen V which is basically used for a verbose output of whatever you're doing so most of the commands that we're going to using will have a hyphen V with them so let's see how this actually affects the output so what we're going to do is we want to copy so CP and verbose and we want to copy the file name.txt and we want to copy it to the folder called VAR right so now you'll see that it will give us what is being moved rather that is name.txt and where it is being moved to so this is a very good way of knowing what is actually happening because if you do it without the verbose part and suppose name.txt was just 20 GB file and you just don't know if it has finished or not so if it's a 20gb file it'll continuously update you on where what is being copied so basically all you have to do is type hyphen V if you want to know where your files being copied and the exam bot okay so that was about how you can copy files from here and there now what was the next command that we want to see so cat so let me just go and see the next command that is there so list.txt so after that I want to show less Okay so we've done CP we also have to do MV now as you guys can see that CP is basically a copy copy is as you would expect it leaves a copy of the file that in the original directory while also maintaining a copy in the directory that you specified but if you want to move the file completely all you would have to do is use the command MV so MV is for moving the file now let's see what all goes with MV so you can type help and as I said you get the verbose option and you get suffixes you can force things to happen so suppose you don't have the permission do not prompt before overwriting so it'll give you a prompt and you can completely Overlook The Prompt with the F thing so let me just show you how that looks like we'll be doing a verbose and we will become having the address the txt file and okay so every time I've been actually typing so you can do address.txt by just pressing Tab and autocomplete so address.txt to slash bar now it'll show you that it is actually renamed address.txt to VAR address.txt now if you go and do LS out here you will see that address.txt is not actually here but if we were to move to VAR so CD slash bar okay I've also been typing out commands that have been previously using and you can simply toggle through all the commands that you've used by the up and down keys so LS MV MVB Health Catalyst I did CD home and now I have to go through all this just to prove a point it's a CD bar we want to change that now we're in the variable folder and we also want to see what we have out here so address should be out here and LS and as you guys can see address.txt is the first file that has come up and it is basically the same file and it can prove that to you by just cutting the file and address.txt and you see that is some random address for some random person okay now let's quickly clear our file our window you can do that with the control l or you can just type out clear now what we want to do is move back to home home so yeah City home okay so now that we're back in home again let's get out our next file so let's start txt and after move I've already go through cat now cat as you guys can see is printing out the contents of a file and there's also less which does something very similar to cat so let's see what it does so if you go less and do list Dot dxt if you actually see the contents of the file in a completely new window which overlays on the previous window and this is a very neat way to actually see the contents of file which is true less if you want to keep your main command line interface not so cluttered which cath clutters it completely so if you want to get out of this place this less place and all you have to do is press q and Q gets you back and as you see nothing was printed out on our main interface so this is a very cool way to actually keep your command line interface neat and tidy when you're doing work okay so crap so grep is used for actually filtering out stuff from a file so suppose we want to see whether a command has some verbose option to it or not so now I know that MV has a verbose command but suppose I didn't know that so MV dash dash helps then you use the pipe sign so what the pipe sign means is you have to take this command the First Command and then you pipeline it through the second command and you want to see graph hyphen V if that exists okay so let's see grab for both yep so a verbose exists and that is hyphen B and that's hyphen hyphen verbose so explaining what is being done so what happened out here is basically we took this first command and then we filter it and filtering is done through the piping so basically think about you're taking some information and pipelining it through something else which funnels it out of this command which is grip so you can use MV slash help in conjunction with a bunch of other commands just on correct and I'll leave the creativity up to you so grep is basically used for getting what you want from a file and grep is used very very much throughout this course of this video through the sky Linux tutorial that you're going to be watching so that is a very easy way to see if you have a particular option or let me do something else also so CD slash VAR now we're in the VAR Fuller and less LS we actually have name.txt now let's also go into backup so cdb and tab and brings us backup folder and we're now in the backup folder and let's do an LS out here okay so we have a bunch of files okay we have some password dot back no see if you have cat and you go password dot back you can see the entire thing now what if you didn't want this entirety of it or if you wanted something in particular you want to be very neat so you can do that same command you can pipeline it and you can say grab and you want everything with no login so we can see that there are a bunch of things that say no login and we only want those and these are all the things that say no login in them and it's a much lesser list and it gives us a very particular list that you are looking for so that is how you use crap so now let's head back to home uh okay I type that wrong and again let's see what the next command is so now let's start the XT so we've done grep we now have to do Echo Echo and then touch okay let's go back Q we press q and we get out of there so what did I have to teach again I'm such a dummy we have to Echo okay so what is the echo used for so suppose you will say Echo and open code hello world it would basically do what command says and that is Echo whatever you say now it'll say Echo hello world and that will basically Echo whatever you typed out in the quotations that is Hello World spelled very wrong okay now suppose you want to actually put this into a file so you could do Echo hello world let's spell it properly this time and you want to insert into file we had a phone number I guess phone number.txt yep and we can Echo it into that thing now that was done now let's see what is it phone number.txt phone number.txt and it says hello world so you can basically input text into a certain file with the echo command and that's how you do it okay now let's also see how you can make directories and that is with the make directory come on so okay we also have to do touch before that I forgot now touch is used for quickly creating files so touch you could say touch and then the file name so we can create a name file again name.txt or that will create a name.txt let me just show it to you LSL and we have a name.txt we can also create multiple files with touch and we could say file one file 2 and file three so like this you can create multiple files and let me just LS that out and show it to you LSL and we have file on file two and file 3. now we can also create a directory so make dir and the name of the directory so suppose you wanted to say all your movies in One Directory the make directory movie and now you have directory called movies and you can also move into movies so CD movie okay so that's how you create directories and you can move into them and with the change directory folder now let's see what the next command was so CD and dot dot so if it's CD dot dot you can move back to the previous folder if I'm already not told you that and since we're in movies we can just go back to home with CD dot after now let's see what else is there so cat list.txt and okay now Cho and CH mode now CH own will be a little tough to show because we don't have any sort of other user out here the root user is the only user that we have on this virtualbox as setup but if you want to change the ownership of a file let's say so you can see the ownership of a file through the LSL command and you see that root and root so this is the owner name and this is the owner group and they're mostly the same thing so our next command that we're going to actually see is called CH own so let's see lch own is actually used Chon is used for changing the ownership of a file so I actually don't remember how to use CH own so if you actually don't remember or you're getting stuck somewhere just use the help function so if a command line argument is symbolic so let me just go through this one so this is how you use it owner and then colon group okay and then the file name so you go CH own and then you want to say the name of the owner and the group you want it to belong to that is root and root and then you specify the name of the file so suppose I won't change file one now it already belongs to root and root so it doesn't really matter because I don't have any other username to actually change the ownership to so this is how you would normally change ownership so let me just show you where you can see the ownership and that is LS hyphen L and I'll share the root and root you see on file one is basically this is the owner and this is the owner group they're normally the same thing and the same name but if you had some different owner like a guest you could change it by actually using the CH own method uh the command method different things I always get confused because of the programming okay now the next command that is left is called chmod to actually show you how chmod works let me show you an interesting file so suppose let me just do this once okay now Echo what we want to Echo is let's Echo hello world and let's put that in quotation and we want to put this in test now once we've done that let's LS and we see that we have a test file out here and we want to move test to test.sh so test.sh is the executable file that is used in bash scripting so we move test test.sh and the way you actually execute bash files on your command line is with the dot and the slash so you say dot slash and if I press T and I press tab you see that there is no options that's coming up that is because test.sh is not an executable file so test.sh is don't have the executable permission so let me just show that to you LS and you see test.sh it doesn't have the executable now you see movie it is executable I don't know why it is a directory so it is an executable you can move into it so it's blue in color so the way you actually can make this an executable is by changing its permissions so the way you do that is chmod and basically you change it to an executable so so plus X that is making an executable if you do plus r make it readable and if you do plus W it'll make it writable also so if you do plus X and do test dot sh and now you go and do LSL you'll see that s dot sh has become green because it is an executable file now and now if you do dot slash and you press T you get test.sh if I press tab so now it is an executable file and if I execute it it presses out hello world under my screen so that's how you can use the CH mod or which is basically the change of permissions or files and we'll be changing permissions of files throughout the course of this video it'll be very useful for us and you'll see as we go along with this video okay so the next thing that I want to show you only to our left and I remember those now and it is RM and RM is used for actually removing files so you should be very careful while using RM or any sort of removing command on a Linux system because once you remove something it is very difficult to get it back and it's almost near impossible it's not like Windows where it's basically just disappeared in front of your eyes but it's still there in the memory cluttering it all up that's why Linux always trumps Windows that's one of the reasons I'll make a video on that later on but for now let's focus on RM now we can remove file one so let's see so file one is going to be removed so if we LS now you see file one doesn't exist but let me show you RM and if I do movie it'll say cannot remove movie is a directory but if you go into the help menu I I bet there will be a option that you can just forcefully remove it so RM force will just remove so RM slash R and you can do movie and it'll recursively remove everything and if you go here and do LSL you'll see that there is no movie directory anymore and that is how you can remove movies now the problem that you see out there is actually a safety measure because once you remove a directory and it's not retrievable that's a very sad scenario and you don't want to get yourself in such a scenario in whatsoever possibility okay moving on so on so forth that was all about the RM folder now you can do RM and the address of anything so RM I know we moved and address.txt so into the VAR folder we can go RM VAR and address Dot txt and the Apple remove address.txt from the folder of our let me just show you that work so CD bar and and LS and you see that there is no address.txt out here okay another way to get help for any command that you want is man and suppose you want to see about RM you'll show everything about RM that is there to show to you it'll show you how to use it it'll give you a description synopsis the name remove files or directories it's a very useful way so out here you see this is a manual page so that is where it means man and you can press line one or etcher you can press Q to quit so that's very much helpful okay guys so that was all about the command line interface and how we can use it to go about the operating system and change file permissions copy files move files and a bunch of other stuff now it's time to get on with the interesting stuff and that is firstly we're going to be learning how you can actually stay Anonymous with proxy James okay guys so now that we are done with the command line Basics it's time that we move forward with proxy James so before we move forward with proxy chains let us head back to our PowerPoint presentation and see what exactly proxy chains are okay so proxy chains now as the name suggests proxy chains are basically a chain of proxies now where is a proxy used a proxy is used whenever you want to anonymize yourself on the wire or the network you do not want to know or you do not want your others to know what the source IP address was for your client system and to do this all you have to do is send your package through a bunch of intermediary systems and these intermediary systems carry the packet out and they transmitted to the Target system and this is much slower and let's see how we can use this in Kali Linux now in combination with Tor to in order to anonymize traffic not only on web browsing traffic but rather instead on all networks related traffic generated by pretty much all their applications but you can also change this in the settings now what we're going to do is we're going to open up the proxy chain configuration file and we're going to understand all its options that are available so to do that all you have to do is say Nano you go into the ETC folder and then you go for the proxychain.conf and what you see out here is the Nano editor and we had spoken about Nano editor when we were discussing the CLI bar I hope you haven't skipped that now what you see out here is a bunch of instructions and options so let me just zoom in into this command line interface and now you can read everything much well so what proxy genes is well it gives you the ability rather to route your traffic through a series of proxy servers and stay Anonymous in such a fashion by hiding behind them or by having them forward your request so it looks that on the other side that your requests are coming from them as opposed to you now surprisingly enough there are a large amount of these proxy servers out there that you can use but they're not very stable you know they go up and down and they're not very fast so for a specific targets they can be useful but not for brute forcing and not for any sort of computing attack so suppose you're doing something to a certain Target if you're trying to log in or you're already logged in you can definitely do it through proxy chains and it will be reasonably fast and reasonably stable as well but if you're doing some sort of mass scanning or you're brute forcing a password or something of a kind of a proxy chain with a list of proxies selected from the internet especially the free proxies it's not going to work I mean it's going to work out eventually in a technical sense but it will consume more time than you can spare and by that I mean it can be very very long time it can take about months or two to do a simple scan so that's not an option and there are other ways of doing that but for the time being I just want you to know how you can use proxy genes and how you can configure it and actually because it's really useful and I use it fairly often and a lot of people do and it's a fantastic piece of software so first off we have the types of proxies so you see HTTP sucks 4 and socks five now they are fundamental differences between these protocols and you always want to find yourself a Sox 5 proxy as that's the best possible one and that has the ability to anonymize all sorts of traffic HTTP well as the name it says it's for HTTP traffic and sox4 is very similar to sox5 but it does not support IPv6 protocol and it does not support UDP protocol so this can be sucks for and it can be rather problematic and you always want to make sure that you're using sock 5 wherever and however anyway down below you have these other options which we will go over so basically how you enable these options is that you don't need to type some complex lines of code or anything of any kind basically all you have to do is just leave the hash out here let me show you so suppose we wanted to actually activate Dynamic chains options so all we have to do is to leave the hash but let's put in the hash right now so after you delete the hash all you have to do is save the file and the option is enabled this hash presents a commented outline meaning that the system reading this will ignore if there's a hash and if there isn't a hash it will take a into consideration and interpret it accordingly anyway what we have here are statements which allow us to specify how we want our traffic to be routed so first off we have Dynamic chain now Dynamic chain is a sum and is an option which you will find people using the most it is most commonly used option and a preferable one too with that and honestly I think it's the best one out there primarily because it's the most stable one and here's why now suppose you have ABCD proxies so those are some servers with IP addresses with open ports and if you have a strict chain policy which is enabled on this computer right now as you see if you have a strict change policy we can only be able to access any site on the internet in general by going through ABCD so you have to go through all of them and you have to go through them in that specific order that is ABCD and that's not always a good thing I mean if you're paying for five proxies that's not a problem because they will always be operational and they will always be up and why not that's not a bad idea or an option but there are however people who use proxies for free and they don't tend to pay for them why would you pay for like five proxies for a simple scan or something of that kind they're not free and they cost money and they're rather expensive also but still I mean the act of paying itself identifies you and kind of diminishes the amount of anonymity you have on the internet so some complex payment methods can still be used to actually anonymize yourself but it's fairly simpler to just use a dynamic chain so firstly we're going to go ahead and uncomment the dynamic chain option and we're going to comment out the strict chain option so strict chain will no longer be used and I will be using Dynamic chains and one more thing to note here is that if you want to use proxy chains in combination with Tor if you want to Route all your traffic through the Thor network not just web traffic you must be enabling Dynamic chains I mean there's a chance that it will work with strict chains but due to the instant instability of door nodes it is highly unlikely you will need Dynamic chains and that is why I'm using them anyway if you're using Dynamic chains just you give you the ability to go from a b c d to your desired destination by not having to adhere to any order so let's say C is down and you would go a BD and it would work with no problems even if P was down you would go to a d and you would go and still reach the destination so as long as one single proxy is functional it's going to work and you don't require any specific order to do it down below now down below you have some other options too so first is random chains now random chains in effect are basically the same thing as resetting your server I mean if you're resetting your door you will be now assigned new IP address in Tor assigns your new IP address every 10 minutes or so anyway with the random chain you can specify a list of ips and then you can tell your computer okay I want you to try and I want you to connect to this point and every time you connect every time you transmit the packet I want you to use a different proxy and we can do that as well and that's one of the options definitely and you can say Okay use this is phone five times and then change to another one or some kind of like that there are a lot of options to specify there primarily the chain length anyway down below there's quiet mode and you don't really need that then that's proxy DNS requests no leak from DNS data this is very important you cannot have any DNS leak and let me explain to you what DNS leaks are and even though somebody cannot get your particular IP address they can get the IP address of the DNS server that you are using and that DNS servers do is resolved main domain to the IP address and vice versa so for example if you typed in youtube.com the DNS server of your local ISP provider will resolve that into some sort of IP address that YouTube has and it will make a request no problem and you do not want that happening because your local DLS server will be discovered and that is information that can be used in order to figure out your personal IP address and when that is done your physical location is pretty much compromised and that's a no-go and you definitely need proxy DNS here it might slow you down a bit but without that you're practically not anonymous and it's just a matter of time before somebody finds you now if you go down below we have some other options here but we're not really interested in them at the moment what we here are for the formats for entering proxies and I'm going to leave it at that so what you see out here is first the type of the proxy that the stocks five and the IP address then the port number and then two words that is llama secret and then juice to Hidden okay so now what you see out here as I just said is how you would actually write down your proxy chains and now as I had already also said you always want to be using sucks 5 and you don't want to be using HTTP because they're not really that safe and sox5 doesn't support a lot of options anyway and this is the IP address of the proxy server that we will enter a few of them manually later on and this here is the port number that you see on which the proxy server is listening and and that port is open over here these two words now what some proxies are especially paid ones will always have a username and password so you can just type them here in plain text unfortunately it is assumed that only you and you alone have access to this computer besides this file and besides this file is not not everybody can read this file anyway so if you can just type in the username here and password here you will gain access to a certain proxy that you have chosen or that you have paid for anyway these are just some examples and we won't actually be using these proxies or anything of a kind we need to go down below here uh here you see and at the end of the file so if I just press enter a couple of times there we go so here is only one proxy active at the moment in socks 4 and all traffic Rings routed here through Tor by default so let's set to third now and Tor default listens on this port so this 905 report is what all listens on now what we want to do is we want to add a socks file give proxy address so what you want to do is just type in socks5 and the same IP address sucks five and you want to be keeping the spacing correct just use tab so 127.0.0.1 and then you want to specify the port number the also so 9050 so what you see out here the 127.0.0.1 this is the loopback address of your computer so this is for any device communication and if you ping this address in if you're pinging yourself basically and usually people bring this address in order to make sure that the IP protocol is set up correctly even though they don't have internet connectivity so let's just type in 1.27.0.0.1 and the same port number and 9050 so now we have to press Ctrl o to save our file and we're going to save on the same name and we wrote 65 lines of codes down and that's written and now you have to press Ctrl X and you exit out so let's press Ctrl L and clear out our screen now we just edited our proxy chains configuration in a very neat environment so to go ahead and type in our service door status so we want to check status of our door service or service charge status so tar service could not be found so do we have the torch service installed okay so tar service is not installed just give me a little moment I'll quickly install it okay so now that we have set up our proxy genes configuration file and we have put in a sock 5 proxy chain giving it the torch service now what we need to do first is start up onto our service now to actually check if tar is running or not or if the charge service is running or not let me just clear that out we need to go service to our status and you see it says it's inactive so what you have to do is say service door start and that will start the tour service it might take some time depending on the system that you're using and voila there it has started it for me now what you have to do to actually use proxy chains before you go to any website so all you have to do is say proxy chains then you specify the browser that you're using so we're going to be using Firefox and you could say it's not like www.doc.com so now here you will see how your thing is being transmitted to doc.gov Com when I say thing I mean your package and your requests I'm sorry for my vocabulary so now your packets are going to be directed through a bunch of IP addresses but we haven't actually put a bunch we just have put the loop back for the dollar Network so we will let our do the rest of the things for us okay so depending on your system this might take a little bit of time to actually open up okay so let's go ahead and see what's actually happening on the terminal while this thing is loading up okay as you can see it's going through a bunch of proxies out here and some are denying it and some are saying it's okay so as you guys can see most of the time you might get denied and it'll be a lesson number of okays and that is exactly what we're looking for because primarily we have gone a great extent for the anonymity and what you want to do is stay like that so this is basically how you use proxy genes now if this computer just decides to open up talktago.com on Mozilla I could actually show you some interesting stuff but it seems my computer has kind of given up on actually opening duck Deco it's still waiting for duck that goes actually confirmation but that's about it so this is how you can actually configure proxy chains I'm really sorry that my computer isn't working right now so well and nothing is actually opening on Mozilla it's mostly because my Ram is overloaded I think I should go ahead and get myself a new Ram but for now let me just also say that we can put some custom proxy lists and instead of just saying let me just go ahead and open up that file again as you guys can see out here I'm going to end this right now because my computer can't really take all this pressure see it's lagging so hard okay let me just quit out of that and let me just open up a new one now as I had said that you can put up some custom proxy lists not really going to do that but let me just show you how you can do it you go Nano and you go Etc and proxy so you basically have to go into the proxy chain okay so I think I have to put this again yeah now if you just go in and edit out here all you have to do is set up Dynamic genes and you can go online and search for free proxy list and that will give you everything that the port number to the IP address let me just show it to you free proxy server list so all you have to do is search for a free proxy server list and you can see out here the proxy type is https and you basically want to find the software proxy to find software proxy just add that into your keyword and once you find those proxy addresses all you have to do is take down this IP address and followed by the port number and you go ahead and just put it down in this configuration file and then you hit Ctrl o and you just save it and then you just go back so that was all about proxy chains and how you can set up proxy chains to set make yourself very Anonymous I'm sorry the whole muscle up pardon for work that's the sad state of my computer but moving on let's go ahead and study about Market changes okay guys so that was all about proxy change let's move ahead to Mac changer okay now before we go into the tool called Mac changer let's just see what a MAC address is now a MAC address actually stands for media Access Controller address of a device and is a unique identifier assigned to a network interface controller for communication purposes now Mac addresses are used as a network address for most IEEE a02 Network Technologies including ethernet Wi-Fi and Bluetooth now in this context Mac addresses are used in the media Max's control protocol sub layer and as typically represented as Mac addresses are not recognizable as six groups of two hexadecimal digits each now these are separated by colon and the first three hexadecimals are actually the organizationally unique identifier so they actually represent your vendor and the next three hexadecimals actually represent your network cards uniquely okay so when you are actually on a network you are recognized on something called an art paper let me just show you the ARP table how you can see it let's go in so the password is root still an ARP table is basically an address resolution protocol table and well this is a virtual machine and it doesn't really know many machines on the local network but if I were to go on my Windows system and show you my ARP table let's see okay so if I show you the ARP table of my Windows machine on any machine that has a TCP protocol suit installed you will have this command that is working called ARP and you give the hyphen a and now you see that your IP address or somebody else's IP address is actually mapped to a physical address now the MAC address is very commonly used in the art protocol and this is how you are actually identified on a network now sometimes what you want to do is be unknown on this network there are various reasons why you want to do that let me just give you an example of a very malicious reason that was done in my college so we as students would actually change the MAC address of our own computer to the professor's computer so we would somehow look up the professor's IP address and then come to know about his Mac address and then we would spoof our Mac to be his Mac address and then we would do some sort of malicious activity on the college internet and then the internet administrators of our college would come to know that that Mac address is doing some sort of malicious activity and that Mac address would get permanently banned for that session on the college Network so basically our professor would not be able to use the wireless projectors that he would use to actually show us his presentations and we'd end up getting a free class now I am not actually promoting any sort of bad activity like this I have just experienced this in my own college life so that was something but there are many other reasons that you might want to spoof your Mac now Mac changer is an amazing tool for Ashley spoofing your Mac so first of all how do you come to know your Mac address so let's see you go if config and this will give us our Mac address now this address that you see out here is the MAC address of this machine so you can also check out the MAC address by going Mark changer then let's type in the help options and this will show us how to get the MAC address so if you see there's a show flag so we can go Mac changer and you can put the S and then you put the interface now the interface is where it's working so at zero is where we are actually adding we don't want the loopback one so at zero and this will give us the MAC address so our current MAC address is zero eight zero zero two seven let's see if that was the same one shown where is that Mac address okay so either zero a zero zero two seven so I'm sorry this was the MAC address I selected the wrong thing what I was showing you is the IPv6 address and you can see that it's very very long so this is our Mac address now what you might want to do to change your Mac address well let's see with v we can get the version with s you can show we can do the E and as I said if you remember that the first three bits is about the vendors so you can also get the vendor list by going hyphen l so you go hyphen L and this will give you a list of uh Mac addresses and which vendors they belong to so sometimes if you do the vendors that are actually being used on the network of your college for example and you want to just stay Anonymous and not Trace any Flash suspicion so you could hide yourself as a Cisco router so suppose your college was using all sorts of six core routers and you decided that today I'm going to spoof myself as a Cisco router and I'm going to screw around with the network so it would not raise any Flags before you actually decided to do some malicious activity in some deeper inspection of your Mac address people would actually realize that you are actually spoofing the dress and after some investigation they would indeed take some time to actually reach to you and how you spoofed it but the point of changing your Mac is not tracing any flags and that is exactly what you should try to do so map changer is also very useful for getting the list of all the Mac addresses and their vendor IDs now let me just clear the screen out quickly so we go clear and let's bring back the help so being a match changer and dash help now what you want to do is give ourselves a random Mac address now Mac changer so that is done with the r flag and we want to do it on each zero so once you run that you will be given a new Mac address so our new Mac address is F6 c649 now you can verify that by running ifconfig now we could just do ifconfig and you see our new Mac address is on ether so we could also do something like this I F config and you could grab Peter so that is telling you the MAC address and this is completely new also you could show it through the match changer tool itself okay so we need to give it the e0 I forgot that now you see that this is a current MAC address and this is a permanent Mac address and they too are completely different sometimes you also might want to actually change your Mac when your laptop is or your system is booting up because you might want to stay Anonymous all the time who knows and sometimes you might think I'll actually change it when I want to change it but let's face it we are forgetful as human beings and we tend to forget things that we are supposed to do so what else is better than to actually automate the whole process yourself and forget about remembering all these stupid nitty-gritty stuff so you can tell Linux or Cargill Linux to actually change your Mac address on boot up is use this tool called cron tab now cront tab is actually used for scheduling tasks on Linux so let me show you how to do that firstly let's clear our screen and go Crone Tab and go help now you see it's a pretty small menu so first we start with the U flag which user this file is going to work for then we got the e-flag which is for editing frontab users the users Chrome tab list and you can see the list of users Chrome tab and let's see so do we have any crunch out of this so there is no Crown tab at this moment so we can set up one for ourselves by going to the E then there there's the r which is delete uses Chrome tab and I want to tell you all be very careful when deleting anything of that sort because once you delete something from the nuts that I've already said that it is very very difficult to actually retrieve it back you might get fragmented pieces of what you had actually deleted and that will only leave you with sadness and Devastation now what you want to do is go through Chrome tab and press e and this will bring us to select an Editor to change later run select editor so we'll do it with Nano so what you have out here is the readme file of clontab and if you read this entire thing you will get how to use Chrome tab completely but if you have any sort of doubts even after reading it you can leave them down in the comment section below now what you want to do is actually set up a crown tab so that you can change your Mac address whenever you reboot your computer so all you have to do is say at reboot what you wanted to run is Mac changer and if you remember we want a random Mac address and we want it on each zero so that's done now all you have to do is save this thing so you go Ctrl o and that will write it out to cron Tab and you press enter and you have written on one line now you go control X and you have access it out so now let's ask clear the screens by pressing Ctrl L and enter and let's go ahead and get our Mac address so if we go ahead and run that our Mac address is set to F6 c649 so just remember the first few letters F6 C6 and 49 uh now let me just reboot my computer and you will see after I reboot and run ifconfig again with graph etop we will see a different Mac address now rebooting might take some time because I'm actually using a virtual machine but still now it's giving problems with the Firefox but let's hope this won't take much time okay so now that our computer has booted up and we have actually opened up a terminal let's go in and type ifconfig and let's get in our ether that is the MAC address so if you remember the MAC address now you see that it has completely changed and that's how you can spoof your Mac address on a local network and this will basically help you in staying Anonymous on our protocols and anything that actually Maps your IP address to the MAC address okay so that was all about match Changers I'll meet you in the next section now so in the section we'll be talking about a wireless encryption protocol cracking so that is basically Wi-Fi cracking now Wi-Fi in today's day and age uses pins or passwords to normally encrypt their data usage basically if you want to access the wireless access point you need a password or a PIN to actually gain authorization now this authorization is done using a four-way handshake which we will try to capture using a tool called aircrack NG and then we will try to crack into the password using a wordless generator called crunch now you can use aircrack NG to crack WPA and WPA2 there's also another protocol called WEP or web and that is not normally used these days if you find anybody using that you should always advise them to actually upgrade to WPA or WPA2 because WEP is actually very easily cracked in these days and people are generally punished for using WEP buy hackers all around the world okay so now you can actually go ahead and go into a terminal and type ifconfig to actually look at your network card name as you guys can see out here it's called wlo1 so the first step that we need to do to actually go into the process of Wi-Fi cracking is set up our network access card or our access point into monitor mode so as you guys can see out here after typing ifconfig it shows me that my Wi-Fi access card is wl1 interface now our process of cracking passwords is pretty simple what we want to do is actually monitor for all sorts of access points that are nearby to us once we have chosen the access point that we want to actually penetrate into and find the password what we want to do is run an arrow dump scan on it and then we will try and de-authenticate any device that is connected to that access point now one assumption out here is that the password is saved in that device and it will automatically try to re-authenticate itself with the access point and we want to catch and log this re-authentication process which will actually have a four-way handshake between your device and the access point so this is basically the procedure we are going to follow now another thing that you need to know before actually using this process to gain any access to any Wi-Fi is that you need to know a little bit about what the password is maybe it could be length or it could be something like a specific character at a specific place maybe you know a series of characters so you just can't really guess the password out of thin air that is not how cracking Works unless you have some unlimited potential of processing power in that case you can very well brute force it and just find the password but if you are not somebody who has unlimited processing power and you're trying to use aircraft NG you need to know a little bit about the password also before we proceed with this wireless encryption protocol cracking what I want to say is if you want to get into somebody's Wi-Fi network or you want to actually test for vulnerabilities it's better that you test for router vulnerabilities than actually tracking a Wi-Fi password because you're more likely than not to find more router vulnerabilities than actually successfully crack a Wi-Fi password if you don't know anything about it if you don't know anything about the password just go ahead and run some vulnerability tests on the router itself and more often than not you will just find something you can abuse okay now let's talk about the two tools that I'm going to be using now these two tools one of them is already installed on Kali Linux but if you are not using this on Kali you can also use this on any Linux based system so what you have to do is download and install aircrack NG which is easily installed with the command opt-get install aircrack NG and you also have to install this word list generator called crunch now crunch is easily downloadable by just Googling the name and the first link will be a source Forge link and all you have to do is go inside that and install it and once you've figured out how to install crunch you can make sure that it's installed foreign you can check out if the manual pages are opening up let me just open the manual page of aircrack NG and show you that it has been properly installed now as you guys can see the manual page of aircraft NG opened up and the manual page of crunch is also opening up so that means both of our softwares have been successfully installed on our system now before we go ahead let me just show you how crunch actually works so crunch is basically a wordless generator what you would do is you try and generate a word list with given characters so what you can see out here is I've typed in crunch three five so that means the minimum lens is 3 and the maximum length is five and I've given it a series of numbers so it will use these numbers and generate all the words that are possible from length 3 to length five so the way we are going to use crunch in conjunction with aircrack is that we are going to use crunch to generate the word list and then we're gonna pipe the word list through aircrack NG when we are actually trying to capture and crack what we will capture in a certain log file now what you want to do first is actually put your network interface card on a monitor mode now you can do that by typing in ifconfig and then the interface name which happens to be wl1 and first you have to put it down so I've config wl1 down now to put your interface card into monitor mode you have to type in iwconfig and you go the name of the interface and then you go mode monitor okay it seems I've spelled it wrong so let me just do it once again so that has put our network interface card into monitor mode and what we need to do after that is we need to start up our network interface so all we have to do is type in ifconfig wl1 up now once it is up and running you can check by typing in ifconfig that indeed your network interface card is up and running don't worry it's running in monitor mode if it's up and running what we want to do next is pretty important to the whole process so what we want to do now is check for some services that might still be running in the background that might hamper with our whole scanning process so we do this by actually typing in the command air mon NG check and then the name of the interface so as you guys can see nothing is exactly running right now but if there were any processed running you would only add the command M1 and g-check and instead of writing the interface name all you have to do is say kill and it will kill any processes now if you see any process name the network administrator you want to kill that process first separately and then kill any other child processes you may need to actually run this command a few times before all the processes are killed and then you're good to go okay so now that we have finished killing all the sub processes what we want to do is run an error dump scan on the network card so that is wlo1 so for this we go dump hyphen NG and then we put in the name of the interface and this will start up a scan that will look something like this so after you run the aerodynam scan on your interface what you see out here is a result of all the access point that is found out through the monitoring mode now if you see we have a bunch of columns out here first of all we have the BSS ID column now the BSS ID column is basically the MAC address of all the routers that are found now every router obviously has a MAC address so those are the MAC address that is tied to the router names which is shown by the ESS ID then we have the pwr column we have the beacons column we have the data packets column another important column is the channel column it's important to know which channel your router is working on then we can see the cipher column the authentication so out here we can see the encryption that is used so most of it is using WPA2 so what we will be cracking is basically WPA2 so from this list what you need to recognize is basically the Wi-Fi router that you want to crack into now I'm performing this particular test in my office and I don't really have the permission mission to actually go in and test them for these vulnerabilities I'm not a security analyst off here so I don't really have the permissions to penetrate into them so what I have done is I have run a similar test at home using my own Wi-Fi and I will show you the results for that but for this working example you will see the scans that I'm running in this office so as we intend to stay ethical what we are going to do out here is we are going to capture whatever we find in our office for only educational purposes but when we are doing the actual cracking step that is the last step of this whole procedure I'll be running it on a file that I had generated at home as I just said because I have four missions to do whatever I want with my own Wi-Fi and password okay so for this example I'm gonna pick this wi-fi that is called edutreca Wi-Fi and it's running on channel number six so what we want to pick from here is the bssid and the channel number we need to remember these two things first the BSS ID and second the channel number now what do you want to do after that is open up a new window on your terminal and log in as root now what we want to do here is run a separate aerodump scan on this specific BSS ID and check for all the devices that are actually connected to this access point now we do this by running the command aerodump NG and while we're doing this we also want to capture all the scan outputs that we actually get into a certain file so we'll be actually storing it in a file called capture and then we just have to pass in the BSS ID and the interface we also have to specify the channel so let's see what the channel is one so the channel is Channel 6 so that's what we want to do and we specify the Channel with the hyphen C Flags so after you have identified the MAC address all you need to do is copy it down and place it with after the BSS ID flag okay so we're gonna run our Command out here and we just want to say our file is going to be called desktop capture now that our scan is up and running all we want to do is wait till someone is actually connected to this access point so I forgot to mention this for this process to actually work properly somebody needs to be connected to that access point because what we are going to try and do is disconnect that certain device and let them reconnect and capture that log file okay so it seems like nobody is actually connecting to it so at this time all I'm going to do is go back to our aerodynam scan that we had run on our network interface and look for some other Mac address or other access point to actually penetrate into and let's see if something has actually connected to that okay so oh voila now what you see out here is that somebody has actually connected to this access point and his Mac address can be seen under the stations tab now what we want to do is run a de-authentication broadcast message on that station and de-authenticate that guy now to actually run the de-authentication process all you have to do is go ahead and open up a new terminal window again and let the scan be running in the background don't close any scanner this moment okay so the information that we need to remember is a BSS ID or rather the Mac ID of the station now you also want your monitoring to be running on the same channel so that your de-authentication message is being already broadcast on the same channel so we can do that easily by going Airmont NG and saying wl1 and you can say start on the specified channel so what we want to be doing is running this on Channel 6. then we want to go and use the third suit of tools that is air replay now air replay is used for broadcasting the authentication messages and all sorts of stuff now you can see all this in The Help menu also and you can do that by typing in dash dash help if you go down you see that you can send a de-authentication message using the hyphen 0 flag and that's exactly what we're going to do then we say zero again because we want to constantly send a broadcast of the authentication so it's looping basically and until and unless we stop the scan nobody will actually be able to access the Wi-Fi so it's basically like a small dos attack and then we want to specify the bssid okay so it seems like I forgot the whole a tag before the bssid and that should get it working okay so it seems like I have copied some wrong bssid I guess so let me just go ahead and copy that once properly okay so now that we have the proper bssid as you guys can see we are running uh the authentication broadcast message on that particular network access card and now you want to run this for around a couple of minutes so that you become sure that all the devices have disconnected now while this is happening what you're doing is basically sending a Dos attack to that small little Wi-Fi and you want to catch the handshake that occurs between devices and the router that it is connected to while reconnecting themselves okay so now that we've let scan run for a couple of minutes let us just stop it let's stop this other scan too now if I go and list out the files on my desktop you should see that there's something called the test capture now the test capture is given to us in various formats we have the capture format which is test capture hyphen01 dot cap and then we have test capture CSV we have a Kismet CSV so it gives you a bunch of formats to actually run your cracking on now if you remember I had told you all that I have already generated a similar file at home basically when I was trying to crack into my own home password so I will be running the test on that file or the cracking procedure on that file and that is the last step of this whole procedure so let me just go ahead and move into that folder so I go CD scan now as you guys can see out here if I list down the files you can see a Capture One Dot cap capture1.csv there's a gismet CSV and there's a net XML so I was not lying when I said that I have already done this at home so we are going to run our cracking process on capture01.com now let me just tell you guys the password for my home Wi-Fi is sweet ship 346 so you can say that I know the entire password but I'm gonna act like somebody who only has a general idea of what my password looks like so let's say I know that my password contains tweet share but I don't really know the last three numbers or letters or whatever they may be okay so we are going to use crunch once again to generate a list of words that might include sweet ship 346 and let me just open the crunch manual for once now if you go down in the crunch manual what you'll see is The Hyphen T So as you guys can see there is a pattern that is specified like at the rate at the rate God and Then followed by four other ad rates and all the ad rates will be replaced by a lowercase character now you can remove other it and use a comma and it'll be replaced with an uppercase character or you can use percentages which in case it'll be numbers or you could use the carrot side in which case it'll symbol so when you know the length of the password and also a certain degree a few letters you can use the hyphen T flag so that is exactly what we're going to use with crunch out here for this example so let me just remind you guys that the password for my home Wi-Fi is feature 346 now what we can do is we can ask crunch to actually generate something that looks like streetship346. so what I could do is say crunch so the minimum length is 12. I already know that and the maximum length is also 12. now let me just input in the pattern so we put in the pattern after hyphen t so now I'm gonna just show you how long it can take so we are just going to say sweet and then put in some other rates and then also again try and guess in the numbers so after you put in the pattern you want to also input which letters and numbers it could be and I'm just going to input my entire keyboard out here now what you want to do is pipe this command through aircrack NG's cracking procedure okay so now what we want to do is pipe this command through aircrack NG and we want to write from or rather read from the capture file so what we go is hyphen W and then hyphen and then the capture file name so capture01.cap and then we also have to specify the ESS ID which is given to the e-flag and the ESS ID for my home wifi is Nest away underscore c105 so that's exactly what I'm going to type in and this will start up the tracking process on my Wi-Fi from the captured file so as you guys can see this is going to take a long long long long long time and I'm not really actually going to complete it so in this time I'm actually just going to try and explain why this is not very feasible on a virtual Network so basically this is not feasible because at this moment my computer is using all four of its cores and all the memory that is possible so what this means is on a virtual box this is not really possible your virtualbox doesn't really have that much power if you are using a focal processor computer only two of its maximum cores can be actually allotted to your virtualbox machine above that you can't really give it the entire memory because that will make your computer crash so if you want to do something like this it's better that you install Kali Linux as a dual boot or as your own daily driver and then you can do this so this is why I have not done this on a virtual machine and instead done is on deep in Linux which is my daily driver operating system now as you guys can see it is constantly trying to actually guess the password by actually going through all the permutations and combinations that is basically it's taking in all the words generated from crunch piping it into the current command that is the Air Track engine command and it's comparing everything so what I'm going to do is I'm actually going to end this because this will take a very very long time and what we're going to do is we're going to actually try and shorten the command of the or the amount of guessing that we're trying to do so let me just try and do that so as you guys can see out here I have reduced the number of alphabets that might be actually tested but even in this case this will take a humongous amount of time and let me just show that to you so as you guys can see the test is running running and running and there's not really much you can do you can just let this run go out for a cup of coffee and then come back and you might still see that running it really depends on what the password is and how much time it takes to crack it and how much processing power you have directly affects how much time this will take so let me just show you guys that this is taking a bunch of time okay so now that I have fast forwarded a lot into the scan you can see that I have tried almost two one two seven six zero eight keys so that's more than a million Keys that's two million keys that I've tried so and it still hasn't reached sweet ship 346. so what we're gonna do is just to show you for demonstration purposes that this procedure actually works let me just shorten our guessing even more so what we want to do is this time we want to just guess the numbers so we will modify our Command accordingly so we just put in sweet chip and let the algorithm just guess the 346 part so we're going to remove the alphabets from the guessing scope also and as you guys can see the password is almost immediately guessed because only 456 keys were tested and as you guys can see it shows that the key was found and it switched at 346. now let me also show you that it works with the guessing of letters just because I don't think I've Justified that that letters are also guessed and not just numbers so let me make it just guess the P part that is sweet she and then it should guess p and then 346. so let me just show you that and as you guys can see it guesses it almost immediately after just going through 15 000 Keys okay so that brings us to the end of this wi-fi tracking tutorial and also to the end of this video which was regarding ethical hacking using Kali Linux I hope you guys had a bunch of fun learning about Mac changes proxy chains and a bunch of stuff that we did like Wi-Fi password cracking I hope you practice these procedures and methodologies that I've taught you only for your own educational purposes and not use it to harm anybody or do anything harmful with it because let me just tell you very seriously that you can be prosecuted by the law so let's end this video on a good note by saying please practice this for only educational purposes until then goodbye