in , ,

Penetration Testing – Generate Targeted Wordlist for Cracking

How To Generate a Targeted Wordlist for Password Cracking

Penetration Testing with Kali Linux – Cracking Password

In our courses Learn The Basics of Ethical Hacking and Penetration Testing with Kali Linux on Section 2 Real World Information Intelligence Techniques we explain to you How To Generate a Targeted Wordlist for Password Cracking.

In many of our password cracking disciplines, we often need to use a wordlist that will essentially attempt thousands of potential passwords per second. This is often referred to as a dictionary attack, even though we need not rely solely on dictionary words. These wordlists may have any combination of characters and words in an attempt to crack a complex password offline.




Sometimes we may have indications of the target’s choice password or password components which may come from our knowledge of the target, e.g. girlfriend, neighbor, friend, etc. It could be their name, children’s names, a pet’s name, birthday, or job. We may also know the organization’s password policy (e.g. minimum 8 characters, uppercase and lowercase, etc.).

In these cases, we may be able to generate a custom wordlist that reflects our knowledge of the target or the organization’s password policy.

Kali Linux has built into it a tool called “Cewl” that enables us to create a custom password-cracking wordlist that we can use with such tools like Hashcat, Cain and Abel, John the Ripper, Aircrack-ng, and others. This custom wordlist might be able to save us hours or days in password cracking if we can craft it properly.

Let’s get started with Cewl and generate some custom wordlists to crack passwords in our favorite password cracking tool.

 

Penetration Testing With Kali Linux – Cewl

CeWL on Kali Linux is a ruby app which spiders a given url to a specified depth, optionally following external links, and returns a list of words. Which can then be used for password crackers such as John the Ripper.

Kali Linux – CeWL also has an associated command line app, FAB (Files Already Bagged). FAB uses the same meta data extraction techniques to create author/creator lists from already downloaded.




CeWL example usage on Kali Linux : Scan to a depth of 2 (-d 2) and use a minimum word length of 5 (-m 5), save the words to a file (-w docswords.txt), targeting the given URL (http://k4linux.com):

[email protected]:~# cewl -d 2 -m 5 -w docswords.txt http://k4linux.com/

If you have encountered a problem or you have any questions or remarks please feel free to set a comment.

If this article helped you to solve your problem please feel free to Share it with your friends.


With Love and Prosperity K4LINUX-TEAM.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *