>> Password cracking is made easier by a wordlist that can attempt thousands
of potential passwords each second.
The wordlist can be used for a dictionary attack
when it contains words that are likely to succeed.
Unlike words in a dictionary, these words will consist of uppercase letters,
lowercase letters, numbers, and symbols.
The wordlist can also be used in a brute force attack when all characters are used
without any specification to words, trying all possible permutations and combinations.
Through social engineering, or passive information gathering,
we can get some information on what might be a user's password or a part of a user's password;
their name, a spouse's name, a child's name, a pet's name, a birthday,
and even a job are some possibilities.
When you fill out those stupid quizzes and surveys on Facebook,
you're giving attackers big clues on how to construct a wordlist for you.
Knowing a company's password policy, which might require a minimum of eight characters;
uppercase letters, lowercase letters, and symbols, can help us out as well.
Kali Linux comes with a tool called Crunch that makes a custom password-cracking wordlist
that can be used with tools like Cain & Abel, Hashcat,
Aircrack-ng, John the Ripper, and others.
This custom wordlist could save you hours or days in terms of cracking passwords,
and can be used in both a dictionary attack and a brute force attack.
I've opened up a terminal and typed "crunch" which shows the basic usage
of this wordlist-generating utility.
More in-depth explanations can be found using the Crunch Man Page.
[silence]
"Q" to quit.
Let's go through some examples and generate some wordlists.
After each command, notice the listings of amount of data and number of lines
that display before the words are generated.
"Crunch 1 3" will generate words from length one to length three, using lowercase letters.
"Dash o" specifies an output file.
Without "Dash o," Crunch will just output the results to the terminal.
This file can be viewed with Cat.
Piped to less.
I can go line-by-line with the Enter key.
Or page-by-page with the Spacebar.
I can use the Up Arrow and Down Arrow keys as well.
"Q" to quit.
You can open up the file with a text editor like Leafpad.
[silence]
"Crunch 3 6" will give us words from length three to length six, using lowercase letters.
I'm going to hit Ctrl+C to break out of this.
"Crunch 8 12" will go from length eight to length twelve.
[silence]
I'm going to break out of this again with Ctrl+C.
But now, if I specify "abc" after the maximum length,
the only acceptable characters will be "a," "b," and "c".
[silence]
You can even mix lowercase letters, uppercase letters, numbers,
and symbols in the valid character specification.
[silence]
Wordlists with Crunch 2
>> In some cases, it's easier to select a specific character set
or create your own character set to generate a word list.
Character sets can be found at user/share/rainbowcrack/charset.txt.
Let's use this file with crunch.
This command will generate eight character passwords
that use lowercase letters, uppercase letters, and numbers.
[silence]
Control C to break out.
[silence]
This one will create words using lowercase letters, uppercase letters,
numbers, symbols and even white space.
The dash F option is followed by the file and character set.
[silence]
Control C to break out.
[silence]
Let's say I'm targeting an employee who posted his birthday on social media.
Bob Smith was born on April 15th.
Dash T which specifies a pattern is following by the @ symbol,
which is a single character place holder.
I am going to reserve four places before Bob's birth date.
This will generate passwords of length eight that end with Bob's birthday.
[silence]
Control C to break out.
[silence]
Bob also posts in a message to his wife, Alice, on social media.
This command will generate passwords of length eight that start with Bob's wife's name; Alice.
[silence]
The dash P option eliminates repeating characters words.
The min and max length values can be anything.
They're never considered but must be included.
[silence]