Creating Customized Wordlist
Introduction :
In the previous post I explained how to crack wifi password with wpa or wpa2 protection. But as you might have noticed (or may be you didn't), the method that we used was a dictionary attack method. Dictionary attack method is where once we get the HANDSHAKE file we try to match the hashes and obtain the password with a readymade password list. This list is called as WORDLIST ( Rockyou.lst in the previous post). Now what if this wordlist does not contain the password of your wifi, it means you won't be able to crack the password for this wifi with this wordlist. No need to worry here's an alternate mthod to create your own wordlist.
We are going to create our own customised wordlist. Having a big and good wordlist always helps but its not always enough to depend on a wordlist that doesn't understand your current situation. So we must be able to create our own wordlist at any time. So lets get started......
The first thing that you need to do is start the crunch. So open the terminal and type the following to start CRUNCH.
cd /pentest/passwords/crunch (hit the enter key)
you will see this screen as below
see the usage for crunch below
Usage:
crunch <min-len> <max-len> [charset OR -f /path/to/charset.lst charset-name] [-o wordlist.txt] [-t [FIXED]@@@@] [-s startblock] [-c number]
where,
1. <min-len> is the minimum length string you want crunch to start at.
2. <max-len> is the maximum length string you want crunch to end at.
3. [charset] is optional. You may specify character sets for crunch to use on the command line or if you leave it blank crunch will use the default character sets.
4. [-d numbersymbol] is optional and limits the number of duplicate characters. -d 2@ limits the lower case alphabet to output like aab and aac. aaa would not be generated as that is 3 consecutive letters of a. The format is number then symbol where number is the maximum number of consecutive characters and symbol is the symbol of the the character set you want to limit i.e. @,%^.
5. [-o wordlist.txt] is optional allows you to specify the file to write the output to, eg: wordlist.txt.
6. [-t @,%^] is optional and allows you to specify a pattern, eg: @@god@@@@ where the only the @'s, ,'s, %'s, and ^'s will change.
@ will insert lower case characters
, will insert upper case characters
% will insert numbers
^ will insert symbols
Examples :
1. type the following command
./crunch 7 8 abcdefgh -o pass1.txt
through this command we are creating a wordlist which contains a minimum character set of 7 letters length and maximum of 8 using alphabets 'abcdefgh' and this file will be stored by the name pass1.txt in CRUNCH directory.
Off course instead of just letters we can create a wordlist that will include only numbers with the command:
./crunch 5 5 12345 -o numbers.txt
This command will direct the crunch to create a wordlist which contains passwords of length 5 words and containing mix of numbers 1,2,3,4,5.
Specify the number of words
Crunch allows us to specify the number of words in each wordlist.This will create a wordlists that it will contain 20 words maximum by taken a specific charset of lalpha which is [abcdefghijklmnopqrstuvwxyz].
./crunch 3 3 -f charset.lst lalpha -o START -c 20
Alternatively you can use any other charset from the list that comes with crunch if you don’t want to use a custom charset.
Prefix Wordlists
Now lets say that we want to create a wordlist that will contains the word pentestlab followed by 3 random characters.The command for that will be:
./crunch 13 13 -f charset.lst lalpha -t pentestlab@@@
which will produce the following output:
Alternatively if we want the word admin to be in the middle we can modify the command like this:
./crunch 9 9 -f charset.lst lalpha -t @@admin@@
Compression :
You can compress your wordlist with the -z option using either bzip,gzip or lzma.
Example:
./crunch 4 4 -f charset.lst lalpha -o wordlist -z gzip
Procedure:
The first thing that you need to do is start the crunch. So open the terminal and type the following to start CRUNCH.
cd /pentest/passwords/crunch (hit the enter key)
you will see this screen as below
see the usage for crunch below
Usage:
crunch <min-len> <max-len> [charset OR -f /path/to/charset.lst charset-name] [-o wordlist.txt] [-t [FIXED]@@@@] [-s startblock] [-c number]
where,
1. <min-len> is the minimum length string you want crunch to start at.
2. <max-len> is the maximum length string you want crunch to end at.
3. [charset] is optional. You may specify character sets for crunch to use on the command line or if you leave it blank crunch will use the default character sets.
4. [-d numbersymbol] is optional and limits the number of duplicate characters. -d 2@ limits the lower case alphabet to output like aab and aac. aaa would not be generated as that is 3 consecutive letters of a. The format is number then symbol where number is the maximum number of consecutive characters and symbol is the symbol of the the character set you want to limit i.e. @,%^.
5. [-o wordlist.txt] is optional allows you to specify the file to write the output to, eg: wordlist.txt.
6. [-t @,%^] is optional and allows you to specify a pattern, eg: @@god@@@@ where the only the @'s, ,'s, %'s, and ^'s will change.
@ will insert lower case characters
, will insert upper case characters
% will insert numbers
^ will insert symbols
Examples :
1. type the following command
./crunch 7 8 abcdefgh -o pass1.txt
through this command we are creating a wordlist which contains a minimum character set of 7 letters length and maximum of 8 using alphabets 'abcdefgh' and this file will be stored by the name pass1.txt in CRUNCH directory.
Off course instead of just letters we can create a wordlist that will include only numbers with the command:
./crunch 5 5 12345 -o numbers.txt
This command will direct the crunch to create a wordlist which contains passwords of length 5 words and containing mix of numbers 1,2,3,4,5.
Specify the number of words
Crunch allows us to specify the number of words in each wordlist.This will create a wordlists that it will contain 20 words maximum by taken a specific charset of lalpha which is [abcdefghijklmnopqrstuvwxyz].
./crunch 3 3 -f charset.lst lalpha -o START -c 20
Alternatively you can use any other charset from the list that comes with crunch if you don’t want to use a custom charset.
Prefix Wordlists
Now lets say that we want to create a wordlist that will contains the word pentestlab followed by 3 random characters.The command for that will be:
./crunch 13 13 -f charset.lst lalpha -t pentestlab@@@
which will produce the following output:
Alternatively if we want the word admin to be in the middle we can modify the command like this:
./crunch 9 9 -f charset.lst lalpha -t @@admin@@
Compression :
You can compress your wordlist with the -z option using either bzip,gzip or lzma.
Example:
./crunch 4 4 -f charset.lst lalpha -o wordlist -z gzip
Conclusion :
Creating wordlists can facilitate your needs when performing a penetration test.Crunch of course offers a variety of options and combinations that a user can play with.Trying to brute force of course an application or a system with a wordlist can of course lock you out depending on the account lockout policy but it always helps if you can have your own custom wordlists that may be help you to obtain access.
So start creating your own custom wordlist to crack different passwords.
happy hacking......!!!
Thank you for reading ......keep visiting for more updates.
No comments:
Write comments