# Wordlist Generation Using passwords for authentication is one of the most amazing methods as they are simple to implement and there is almost zero learning curve from the user's end. However, this proves to be its own downfall. Passwords can be guessed, phishing, recorded or stolen in so many different ways since they are a shared secret. Over decades many the process of using passwords have been refined and reinforced to make them more robuts but they are still suscpetible to the most simple forms of attack. Here we will begin with the most basic form of attack "GUESSING" the password. In order to guess the password, we need a list of possible passwords that the victim could use. The following are some of the techniques for generating wordlists that will help in cracking the password or using it in systems/applications to pass authentication. ## Bespoke Wordlist When we try to infliterate a corporate network one of the first things to do is to create a wordlist that born out of the commom words and terminologies that the company uses in its documents, websites, social media posts, etc. The following command can be used on a website to scrap words of it, ``` cewl www.particle42.com -m 8 -d 12 -w p42-cewl.txt ``` -m 8 - This picks all 8 characters and greater words out of the website -d 12 - This defines the depth that the tool should dig within the website for words Once the list is ready, it will be composed of words that form very weak passwords since most applications require passwords to be strong with a combination of Upper, Lower, Numerals and special characters. We will use another password cracking tool John the Ripper to generate the password list that we desire based on the password rules that the company may have. Besides the rules that the configuration file contains, we will add another rule that adds 2 digits to the end of each word. ``` sudo vim /etc/john/john.conf # Try the second half of split passwords -s x_ -s-c x_ M l Q # Add two numbers to the end of each password $[0-9]$[0-9] ``` Now we can generate the wordlist from the scrapped data from the website, ``` john --wordlist=p42-cewl.txt --rules --stdout > p42-wordlist.txt ``` ## Bruteforce Wordlist Bruteforce wordlist as the name suggests is brute approach to creating a wordlist that contains every combination of letters, numbers and special characters. This process is extremely cumbersome and creates an extremely large file. This can be time consuming to execute as it will take a very long time to try out every combination. Here are a few examples to create wordlists using crunch, ``` crunch 6 6 -t ,@@^^% ``` 6 6 denotes the minimum and maximum number of characters the password will contain. , represents the upper case of a character. @ represents the lower case of a character. ^ represent special characters. % represent numbers. Further we can create wordlists that has predefined set of characters using the following command, ``` crunch 4 6 0123456789ABCDEF -o crunch.txt ``` This creates a password of minimum lenght 4 and maximum length 6 with the mentioned characters. ## Combining word lists Under circumstances that you find that you have 2 files that have to be combined to create a mutated word list file, then combinator binary within hashcat utilities can be used. ``` /usr/lib/hashcat-utils/combinator.bin file1.txt file2.txt > mutated.txt ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.particle42.com/passwords/wordlist-generation.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.