In this blog, I will tell you about a tool that will help you to HACK your target faster, so let’s begin…
▪ Required Knowledge:
1. What is a wordlist?
2. What are the different types of attacks that use a wordlist?
3. How to create a wordlist?
Wordlist: 🥵
➡ A wordlist is a text document in which we have or create the list of passwords that are used worldwide or the continuous set of all words or numbers. We use those wordlists to crack passwords using various kinds of attacks.
Few of the attacks that uses wordlist are: 🐒
1.Dictionary attack :-
A dictionary attack uses a targeted technique of successively trying all the words in an exhaustive list called a dictionary (from a pre-arranged list of values).
2. Brute Force Attack :-
Brute Force Attack whereby a script is repeatedly used to attempt to log in until a positive result is attained. Then, you can choose to refer it to a trial-and-error method to get a positive unlock result. Brute force attacks are overt and can lock out an attacker from their IP whenever the server is well configured.
3. Hybrid Attack :-
It works like a dictionary attack, but adds some numbers and symbols to the words from the dictionary and tries to crack the password.
4. Syllable Attack :-
It is the combination of both brute force attack and the the dictionary attack.
5. Rule-Based Attack :-
A rule-based password attack is a way of focusing a password cracking technique when an attacker knows which rules passwords in a particular system are based on, such as “alphanumeric and eight characters long.
Creating a wordlist:💨
▪ I’ll be using ‘Crunch’ tool that comes pre-installed in Kali Linux to generate my hacking wordlist. The Crunch tool will create a wordlist with several combinations for the range you provide. For example, I want to create a wordlist of 8 characters that will contain combinations of numeric values only. So for this, the command will be like:
crunch 1 8 0123456789So here firstly we will write ‘crunch’ then we fix the range that is 1–8 and then we provide our numeric value. Now if we need to create a wordlist with alphabets that will include both uppercase and lowercase of 8 character then we will write the command like:
crunch 1 8 abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZNow if we need to create an alphanumeric wordlist that will generate 3 to 5 characters then the command will be like:
crunch 3 10 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ💥 CAUTION!!! Do not run the command above. This command will generate a list of files that will fill your hard disk drive in no minute, and it renders it virtually unusable. However, the bright side about this combination is it will test every password containing three to ten characters using a combination of both upper and lowercase alphabets plus all numbers.
Now to save the generated wordlist, use the following command:
crunch 3 10 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ -o Documents/pass.txtThe -o flag added to the command above will create a properly formatted text file in the provided destination, which is the Documents folder.
However, there are other ways of outputting the combinations in the form of a text. For instance, a user might have a good wordlist containing popular bad passwords. In that case, they should use the default wordlist included in Kali Linux known as the rockyou.txt that can be found here /usr/share/wordlists. To save your password combinations to this text file, then you first have to decompress it.
On some occasions, the user might want to add a generated wordlist onto the already existing rockyou.txt to be in a position to provide an additional testing possibility in a single shot. If this is the case, then the user will redirect the crunch output into the file as shown below:
crunch 3 5 0123456789abcdefghijklmnopqrstuvwxyz >> /usr/share/wordlists/rockyou.txtBefore executing the command above, ensure you have enough space since the file generated will be huge to enable testing of various possibilities.
Virus_boss
Comments
Post a Comment