Skip to main content

Building Password dictionary

file 4.2, 25.40 minute

tested...
#cewl www.ignitetechnologies.in -d 2 -w /root/Desktop/dict.txt

  • cewl <url> -d<depth> -w<path>
  • Cewl – indicated the tool which is being used
  • <url> – here give the URL that you want to use as a foundation of your dictionary.
  • -d<depth> – here, give the number of links you want it to go through while creating your dictionary.
  • -w<path> – here, give the path where you want to store all the possible passwords.
  • For example in the terminal of kali type :[source: http://www.hackingarticles.in/5-ways-create-dictionary-bruteforcing/]

$ mkdir /tmp/source
$ cd /tmp/soruce
$ wget -r -1 [N] [target_website]
$ cd..
$ grep -h -r "" source | tr '[:space:]' '\n' | sort | uniq > wordlist.lst
$ grep -v '<' wordlst.lst > newlist.lst

-r pulls recursive pages from the target website, following links to a depth of N (-1) pages.
grep to omit file names  from the output (-h) while recursive going thru all subdirectories (-r) searching for files with any data in them "" in the source directory. Take those results and use tr to change spaces into carriage return. Sort the results and pull out unique  words, and store the results in wordlist.lst.
---------------------------------------------------------------------------------------------------
free dictionary generator tool at www.fonlow.com/zijianhuang/kpa runs on windows
---------------------------------------------------------------------------------------------------
$ cat worldlist.txt | sort | uniq > dictionary.txt

eliminate duplicate words from a file involves "uniq" command, which removes redudant words from a sorted file.
---------------------------------------------------------------------------------------------------
$wc -l password.lst
counts the list of password in the password.lst
---------------------------------------------------------------------------------------------------
$ cat password.lst | pw-inspector -m 6 -n -u -l  -c 2 | wc -l      OR
$ cat password.lst | pw-inspector -m 6 -n -u -l  -c 2 >  newpassword.lst
pw-inspector allows you to customize the password file based on the org poilicy so if the company has a policy for pwd length=9, your list shouldnt have any character less than 9
m 6= min pwd length is 6
n = pwd must contains atleast 1 number
u = pwd must contains atleast upper case
l = pwd must contains atleast lower case
c 2 = minimum number of criteria required in each password crieria mentioned above is 2
---------------------------------------------------------------------------------------------------
use cewl @ http://nagpentest.blogspot.com/2018/04/vmw-fristileaks-13-base64-encodedecode.html
------------

Comments

Popular posts from this blog

VM 9 : PHP Include And Post Exploitation

Walkthrough 1.        https://medium.com/@Kan1shka9/pentesterlab-php-include-and-post-exploitation-walkthrough-8a85bcfa7b1d 2.        Ine [] 3.        http://megwhite.com.au/pentester-lab-bootcamp-walkthrough-php-include-post-exploitation/ 4.        http://fallensnow-jack.blogspot.com/2014/07/pentester-lab-php-lfi-post-exploitation.html Notes: root@kali:~# nmap 10.0.0.12 Starting Nmap 7.40 ( https://nmap.org ) at 2017-05-30 12:23 EDT Nmap scan report for 10.0.0.12 Host is up (0.00035s latency). Not shown: 999 filtered ports PORT    STATE SERVICE 80/tcp open   http MAC Address: 08:00:27:1F:12:24 (Oracle VirtualBox virtual NIC) Nmap done: 1 IP address (1 host up) scanned in 5.31 seconds root@kali:~# Enumerating port 80 Run dirb root@kali:~# dirb http://10.0.0.12/ ----------------- DIRB v2.22 By The Dark Raver...

VM 5: Vulnix :

Walkthru: A. https://mrh4sh.github.io/vulnix-solution [SMTP and Finger enumeration, creating linux user with specific UID, root squashing, ssh pwd cracking using medusa & hydra, logging using ssh keys, updating /usr/sbin/exportfs] B. http://overflowsecurity.com/hacklab-vulnix/ [ same as above. create ssh keys for root and copied to victim to login as root w/o recovering pwd] C. https://www.rebootuser.com/?p=988[ local bash shell from nfs] B. https://www.vulnhub.com/?q=vulnix&sort=date-des&type=vm [list of solutions] D. https://www.rebootuser.com/?p=988 [User Enumeration #1 – SMTP, Finger; Entry Point including hydra, Putty(using rlogin service), nfs (showmount,mount) ] Notes: - As you can see the root user is the only account which is logged on the remote  host.Now that we have a specific username we can use it in order to obtain more information about this user with the command  finger root@host . -  Another effective use of the finger...

VM 13 : Basic Pentest 1 csec

Notes: Walkthru: 1. https://medium.com/@evire/basic-pentesting-1-7251fb3e3f9e [ w/metasploi t using Wordpress t] 2. https://prasannakumar.in/infosec/vulnhub-basic-pentesting-1-writeup/ [ w/metasploit using ftp ] 3.  https://www.ceos3c.com/hacking/basic-pentesting-1-walkthrough/ [ by uploading php-reverse-shell in wordpress ] 4. http://k3ramas.blogspot.com/2018/02/basic-pentesting-1-walkthrough.html [  access wordpress config file to get pwd and access the DB ] 5.  https://cowsayroot.com/walkthrough-basic-pentesting-1/ [ Wpscan, ftp metasploit vulnerability, phpbash ] 6.   http://www.hackingarticles.in/hack-the-basic-penetration-vm-boot2root-challenge/    [use msfvenom to create  to create php shell to be uploaded in Wordpress ] 7.   https://d7x.promiselabs.net/2018/01/30/ctf-basic-pentesting-a-guide-for-beginners/ [adding command using using PHP] Notes:  Ports - 21...ProFTPD 1.3.3c - 22 openSSH 7.2p2 ubuntu ...