This blog entry is on how to quickly create a custom wordlist to use with a password cracker. This is something I have been wanting to learn for a while but was unsure how to do it. I learned this technique from a video created by pur3h4t3. I link to his blog can be found at the bottom of this entry.
You may want to create a custom wordlist using a companies website. What the method I am demonstrating will do is take a website, synjunkie.blogspot.com in this example, and create a wordlist using all the words on that site. Hopefully these words may be relevant to my target.
I will cover how to use this list with a password cracker in a later blog entry.
Tools
All tools i use are on the backtrack3 CD.
- wget
- wyd.pl
- pw-inspector
Creating the Wordlist
1. First I create a directory that I am going to download a copy of the website into. After changing to that directory I quickly grab the site using wget.
wget - r http://synjunkie.blogspot.com
2. After grabbing the site I use wyd.pl to extract all the words from the site into a single file.
wyd.pl -n -o /root/sj/wordlist.txt /root/sj/synjunkie.blogspot.com/
3. I then cat the file that I have created out, piping it through sort and uniq, to put it in order and remove any duplicate words.
cat wordlist.txt | sort | uniq > wordlist2.txt
This then gives me a file called wordlist2.txt that is a bit smaller as the duplicates have been removed.
4. Next I use pw-inspector to go through the file and remove any words that do not meet the criteria.
cat wordlist2.txt | pw-inspector -m 1 -M 20 >customlist.txt
The criteria I have set here is words should be a minimum of 1 letter and a maximum of 20. If you know that your target hes a minimum password legnth of 8 characters you could remove all words with less than 8 characters using this tool.
6. The result is a file called customlist.txt that contains words that may be more relevant to a target.
cat customlist.txt
Links
http://pur3h4t3.blogspot.com/
http://www.remote-exploit.org/backtrack.html
7 comments:
The problem with using uniq is if the word is a duplicate it will remove ALL appearances of it instead of just leaving 1.
ie.
111
222
111
If you run uniq it will only leave 222.
:(
Great tut otherwise.
Thanks for the correction. its good that people of your caliber are reading.
Cheers
Lee
I just tested the uniq with
111
222
111
and it worked correctly. It left
111
222
Thanks for the correction of the correction Frank, I retract my previous comment!
Excellent tutorial.
I am having a problem using pw-inspector on my custom list. Asking for "pw-inspector -m 5 -M 5" gives me a list that seems to contain words that are four characters long. Is there some kind of return character in there? How do I remove it?
To Anon facing the four-char problem: Yes, your list was probably created on a Windows system, so it may have CR\LFs at the end of lines, instead of just LFs.
You can use tr to remove them:
cat listwithCRs.lst | tr -d \r > listwithNoCrs.lst
OR
cat listwithCRs.lst | tr -d \r | pw-inspector -m 5 -M 5 >FivecharwithNoCRs.lst
Post a Comment