Saturday, January 19, 2008

Creating Custom Password Lists

This blog entry is on how to quickly create a custom wordlist to use with a password cracker. This is something I have been wanting to learn for a while but was unsure how to do it. I learned this technique from a video created by pur3h4t3. I link to his blog can be found at the bottom of this entry.

You may want to create a custom wordlist using a companies website. What the method I am demonstrating will do is take a website, synjunkie.blogspot.com in this example, and create a wordlist using all the words on that site. Hopefully these words may be relevant to my target.

I will cover how to use this list with a password cracker in a later blog entry.


Tools
All tools i use are on the backtrack3 CD.

  • wget
  • wyd.pl
  • pw-inspector


Creating the Wordlist

1. First I create a directory that I am going to download a copy of the website into. After changing to that directory I quickly grab the site using wget.

wget - r http://synjunkie.blogspot.com



2. After grabbing the site I use wyd.pl to extract all the words from the site into a single file.

wyd.pl -n -o /root/sj/wordlist.txt /root/sj/synjunkie.blogspot.com/




3. I then cat the file that I have created out, piping it through sort and uniq, to put it in order and remove any duplicate words.

cat wordlist.txt | sort | uniq > wordlist2.txt



This then gives me a file called wordlist2.txt that is a bit smaller as the duplicates have been removed.

4. Next I use pw-inspector to go through the file and remove any words that do not meet the criteria.

cat wordlist2.txt | pw-inspector -m 1 -M 20 >customlist.txt

The criteria I have set here is words should be a minimum of 1 letter and a maximum of 20. If you know that your target hes a minimum password legnth of 8 characters you could remove all words with less than 8 characters using this tool.



6. The result is a file called customlist.txt that contains words that may be more relevant to a target.

cat customlist.txt





Links
http://pur3h4t3.blogspot.com/
http://www.remote-exploit.org/backtrack.html

7 comments:

psilo said...

The problem with using uniq is if the word is a duplicate it will remove ALL appearances of it instead of just leaving 1.

ie.

111
222
111

If you run uniq it will only leave 222.

:(

Great tut otherwise.

SynJunkie said...

Thanks for the correction. its good that people of your caliber are reading.

Cheers

Lee

frank said...

I just tested the uniq with

111
222
111

and it worked correctly. It left

111
222

SynJunkie said...

Thanks for the correction of the correction Frank, I retract my previous comment!

Anonymous said...

Excellent tutorial.

Anonymous said...

I am having a problem using pw-inspector on my custom list. Asking for "pw-inspector -m 5 -M 5" gives me a list that seems to contain words that are four characters long. Is there some kind of return character in there? How do I remove it?

Chan Lee Meng said...

To Anon facing the four-char problem: Yes, your list was probably created on a Windows system, so it may have CR\LFs at the end of lines, instead of just LFs.

You can use tr to remove them:

cat listwithCRs.lst | tr -d \r > listwithNoCrs.lst

OR

cat listwithCRs.lst | tr -d \r | pw-inspector -m 5 -M 5 >FivecharwithNoCRs.lst