CRACKING PASSWORDS LIVE WITH HASHCAT (LinkedIn Leaked Hash Edition) | How to Crack Hashes

In this video we'll be exploring the Rockyou and LinkedIn credential breaches and cracking tens of millions of SHA1 hashed passwords with Hashcat and a GTX 1070 GPU. We'll also be talking about some of the implications of password breaches and what kind of information can be derived from leaked credentials. This video is for educational purposes and security awareness only, it is not intended to be used for malicious purposes.

🙇‍♂️ - Patreon - 🙇‍♂️

⌨️ - Coding - ⌨️

⭐️ - Social Media - ⭐️

🎥 - Equipment - 🎥

📄 - Sample Resumes - 📄

0:00 Intro
0:15 Intro Post Hook
1:09 Disclaimer
1:37 Rockyou Dump Info
2:42 LinkedIn Breach Info
3:45 LinkedIn Breach Data
8:30 Hashcat/Hash Cracking Explanation
10:20 Hashcat Rules / Password Transform Explanation
14:20 Cracking My Password First
17:30 Potfile Explanation
18:00 Seeing My Password
19:11 Password Stuff Explanation
21:13 Cracking All LinkedIn Passwords Configuration
22:50 Cracking All LinkedIn Execute
26:55 Implicating Yourself with "Hate" 29:20 How many Passwords We could crack
29:50 Browsing through the cracked passwords
30:40 Other stuff we can do
31:30 Matching Passwords to Emails
38:20 Looking up by email address
40:33 Donald Trump "yourefired" password
42:08 Outro

Intro:

Hey everybody, Josh here.
Today we're going to do some really cool stuff which includes combing through some LinkedIn breach data and subsequently cracking a bunch of actual people's passwords.
My actual info including my personal email address and password hash are also included in this dump, and which we will be cracking first.
All other persons' personal email will be masked
I also want to talk about password psychology a little bit and maybe show you some things you've never seen before, and hopefully get you to think about some things you've never considered
So if you're excited to see a bunch of things you were never supposed to see, go ahead and smash the button for the youtube algorithm and let's get started.

Disclaimer
So just a disclaimer before we get started.
I'm not the actual person who attacked linkedin back in 2012, I simply came across the dumped information on the internet and am attempting to use it for educational purposes and awareness.
I've found that real situations with actual data and demonstrations tend to have a bigger impact on people.
As I said, the purpose of this video is to raise awareness and give you some kind of idea of how unsafe the internet actually is.
Also, I want to portray how your password could implicate you in some unwanted situations

Content Start (rockyou)
Ok! Now for the actual content!
Before we start talking about the LinkedIn breach, back in 2009 a company called "RockYou" was attacked and about 14.3 million credentials were leaked into the public.
What makes this attack so famous is that the passwords that were leaked were all plain text passwords that anyone can read!
Normally, when businesses have to store user credentials, they salt and hash the credentials so in the case of a breach, they are slightly more protected.
If you don't know what a hash is btw, I'd encourage you to check this video out.
Anyway, this massive breach of cleartext passwords has been really important in the world of cybersec
It has given security researchers (and the whole world, really) a deeper insight into how people think and how they create their passwords.
This list, in conjunction with password transformation rules, will typically allow you to crack MOST passwords. by MOST, I mean over half of passwords created by normal who aren't security minded. This is huge.
This list is widely available and you can just google it and download it anytime! I'm talking about it now because we're going to use it in a few minutes..

Unique: 61,829,207
Cracked: 35,345,355
Failed to Crack: 26,483,852

DISCLAIMER: This video description has some affiliate links and I may receive a small commission. I only share stuff that I use and believe in. Thanks so much for your support 🥺