Tuesday, July 7, 2015

Password cracking- lets make it an art to be.. (Creating Custom Wordlist using CeWL)

Cracking password is sometimes requirement and sometimes hobby for many of the security enthusiasts..

When cracking password there are two things which are very important. One of them is how good is your password word-lists and to make it look good it has to have the word that is going to crack the password. :)

Also how efficient is your password cracking tool (The artillery) as in how much power it consumes and how much power it has to crack your password or in another word how many attempts it makes per second or how fast it is able to go through your word-list to pick up the correct password.

Time has changed and so is the computing power of the devices. Now there are password crackers which also utilize GPUs.

I thought of writing this blog wherein we can create a custom word-list which will help you design your own word-list and thereby give more chances to find your password.

One of the tool to do so is CeWL- Custom Word-list Generator. It comes pre-installed in the latest versions of Kali Linux.

The tool has been designed to spider the targeted websites searching for key words in the website thereby compiling them into a word list. It has some super powers wherein you can control this spidering feature like on how many links it should follow or what is the minimum word length you want in your website.

It even supports some authentication mechanism wherein you can search authorised pages.

So lets dive into this tool:)

The foremost command that i like is the help command and i prefer it as my first command always as it helps us to understand how it works and what all options can we explore..

Next let us look on what magic it can do when it is fed with proper inputs:P

The format in which the command has to be written is as follows:

cewl http://www.example.com/ -d 1 -m 6 -w example-wordlist.txt

Lets look at the options we used in the command here:

-d - This defines the depth you want to go into or you can say as what is the depth the spider will crawl into

-m -- This option tells as as what should be the minimum length of the word 

-w -- Write the output to a file named example-wordlist.txt

Once this is done, we will be able to see that CeWL has noted down a lot of passwords for you..

The following command will help you look into the same :

wc -l example-wordlist.txt

Now there can be various scenarios which we can consider for generating our custom word-list. For e.g. if you have any kind of authentication mechanism in place and want the spider to crawl the authenticate pages. The creator of this wonderful tool has thought as well and have provided us with the options like:

--auth_type: digest or basic depending upon the mechanism to have
--auth_user: authentication username
--auth_pass: authentication password

And over all this if you want to know all the things the tool is doing i will suggest you go verbose by the option -v

Now your wordlist is ready to be used by your password cracker.

Some guys are looking for a more enhanced list depending upon the situation. So for that there is another wonderful tool probably which i will try to cover in my upcoming blogs which i call as UNCLE JOHN (The infamous John The Ripper). This tool is famous for the job it does and there are a lot of rules where you can play around and suit your needs.

Refer to http://www.openwall.com/john/doc/RULES.shtml

Now for instance to integrate Uncle John with your CeWL wordlist we can use the following command 

john --wordlist=example-wordlist.txt --rules --stdout > new-wordlist.txt

And now you can see that there is alltogether an enhanced list as per the requirement or the rules you have told to Uncle John..

This command will come handy again..

wc -l new-wordlist.txt

So lets start cracking. Try out creating your custom lists with different rules around.

No comments:

Post a Comment