Saturday, January 19, 2008

Creating Custom Password Lists

This blog entry is on how to quickly create a custom wordlist to use with a password cracker. This is something I have been wanting to learn for a while but was unsure how to do it. I learned this technique from a video created by pur3h4t3. I link to his blog can be found at the bottom of this entry.

You may want to create a custom wordlist using a companies website. What the method I am demonstrating will do is take a website, in this example, and create a wordlist using all the words on that site. Hopefully these words may be relevant to my target.

I will cover how to use this list with a password cracker in a later blog entry.

All tools i use are on the backtrack3 CD.

  • wget
  • pw-inspector

Creating the Wordlist

1. First I create a directory that I am going to download a copy of the website into. After changing to that directory I quickly grab the site using wget.

wget - r

2. After grabbing the site I use to extract all the words from the site into a single file. -n -o /root/sj/wordlist.txt /root/sj/

3. I then cat the file that I have created out, piping it through sort and uniq, to put it in order and remove any duplicate words.

cat wordlist.txt | sort | uniq > wordlist2.txt

This then gives me a file called wordlist2.txt that is a bit smaller as the duplicates have been removed.

4. Next I use pw-inspector to go through the file and remove any words that do not meet the criteria.

cat wordlist2.txt | pw-inspector -m 1 -M 20 >customlist.txt

The criteria I have set here is words should be a minimum of 1 letter and a maximum of 20. If you know that your target hes a minimum password legnth of 8 characters you could remove all words with less than 8 characters using this tool.

6. The result is a file called customlist.txt that contains words that may be more relevant to a target.

cat customlist.txt



psilo said...

The problem with using uniq is if the word is a duplicate it will remove ALL appearances of it instead of just leaving 1.



If you run uniq it will only leave 222.


Great tut otherwise.

SynJunkie said...

Thanks for the correction. its good that people of your caliber are reading.



frank said...

I just tested the uniq with


and it worked correctly. It left


SynJunkie said...

Thanks for the correction of the correction Frank, I retract my previous comment!

Anonymous said...

Excellent tutorial.

Anonymous said...

I am having a problem using pw-inspector on my custom list. Asking for "pw-inspector -m 5 -M 5" gives me a list that seems to contain words that are four characters long. Is there some kind of return character in there? How do I remove it?

Chan Lee Meng said...

To Anon facing the four-char problem: Yes, your list was probably created on a Windows system, so it may have CR\LFs at the end of lines, instead of just LFs.

You can use tr to remove them:

cat listwithCRs.lst | tr -d \r > listwithNoCrs.lst


cat listwithCRs.lst | tr -d \r | pw-inspector -m 5 -M 5 >FivecharwithNoCRs.lst