Password lists

Default Credentials

Rockyou

https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt

Fasttrack

kali-wordlists/fasttrack.txt at master · 00xBAD/kali-wordlistsGitHub

Custom List - Tools

CeWL

GitHub - digininja/CeWL: CeWL is a Custom Word List GeneratorGitHub

cewl --depth 10 --with-numbers --write cewl.txt "$TARGET"

cewl --depth 3 --write cewl.txt http://IP:PORT/wordpress

cewl --write cewl_test.txt http://IP:PORT/wordpress

$ cewl https://www.inlanefreight.com -d 4 -m 6 --lowercase -w inlane.wordlist
$ wc -l inlane.wordlist

326

CeWLer

GitHub - roys/cewler: CeWLeR - Custom Word List generator Redefined. CeWL alternative in Python, based on the Scrapy framework.GitHub

cewler --output cewler.txt --depth 5 --min-word-length 2 "http://IP:PORT/wordpress"

cewler --output cewler.txt --depth 5 --lowercase --min-word-length 2 --without-numbers "$TARGET"

Cupp

cupp -i

___________
   cupp.py!                 # Common
      \                     # User
       \   ,__,             # Passwords
        \  (oo)____         # Profiler
           (__)    )\
              ||--|| *      [ Muris Kurgas | j0rgan@remote-exploit.org ]
                            [ Mebus | https://github.com/Mebus/]


[+] Insert the information about the victim to make a dictionary
[+] If you don't know all the info, just hit enter when asked! ;)

> First Name: William
> Surname: Gates
> Nickname: Bill
> Birthdate (DDMMYYYY): 28101955

> Partners) name: Melinda
> Partners) nickname: Ann
> Partners) birthdate (DDMMYYYY): 15081964

> Child's name: Jennifer
> Child's nickname: Jenn
> Child's birthdate (DDMMYYYY): 26041996

> Pet's name: Nila
> Company name: Microsoft

> Do you want to add some key words about the victim? Y/[N]: Phoebe,Rory
> Do you want to add special chars at the end of words? Y/[N]: y
> Do you want to add some random numbers at the end of words? Y/[N]:y
> Leet mode? (i.e. leet = 1337) Y/[N]: y

[+] Now making a dictionary...
[+] Sorting list and removing duplicates...
[+] Saving dictionary to william.txt, counting 43368 words.
[+] Now load your pistolero with william.txt and shoot! Good luck!

Bash

for i in $(cat pwlist.txt); do echo $i; echo ${i}2019; echo ${i}2020; done > pwd.txt

cp pwd.txt pwlist.txt

for i in $(cat pwlist.txt); do echo $i; echo ${i}\!; done > pwd.txt

Hashcat

Rules

echo 'password' > pw

hashcat --stdout pw -r /usr/share/hashcat/rules/best64.rule

hashcat --stdout pw -r /usr/share/hashcat/rules/best64.rule > pwlist

Mutation

$ cat custom.rule

:
c
so0
c so0
sa@
c sa@
c sa@ so0
$!
$! c
$! so0
$! sa@
$! c so0
$! c sa@
$! so0 sa@
$! c so0 sa@

$ hashcat --force password.list -r custom.rule --stdout | sort -u > mut_password.list
$ cat mut_password.list

password
Password
passw0rd
Passw0rd
p@ssword
P@ssword
P@ssw0rd
password!
Password!
passw0rd!
p@ssword!
Passw0rd!
P@ssword!
p@ssw0rd!
P@ssw0rd!

John - Improve the custom list

As we all know few password are just simple words. Many use numbers and special characters. To improve our password list we can use john the ripper. We can input our own rules, or we can just use the standard john-the-ripper rules

john ---wordlist=inlane.wordlist --rules --stdout > wordlist-modified.txt

pentest/password-related-attacks/generating-custom-password-lists.md at master · lamontns/pentestGitHub

Remove password not compliant - Password policy

Example: We know that the password must meet the following conditions:

8 characters or longer
contains special characters
contains numbers

sed -ri '/^.{,7}$/d' william.txt            # remove shorter than 8
sed -ri '/[!-/:-@\[-`\{-~]+/!d' william.txt # remove no special chars
sed -ri '/[0-9]+/!d' william.txt            # remove no numbers

PreviousDefault Credentials NextUsername lists

Last updated 2 months ago