This forum is in archive mode. You will not be able to post new content.

Author Topic: Password Profiling Tutorial  (Read 2291 times)

0 Members and 1 Guest are viewing this topic.

Offline overflow

  • Serf
  • *
  • Posts: 21
  • Cookies: 5
    • View Profile
Password Profiling Tutorial
« on: January 17, 2016, 07:04:20 PM »
Password Profiling

Using random word-lists to crack passwords can be a very long process due to large number of combinations. Password Profiling means, using words used by or about the victim in order to generate and include those in a customized word list.
To make this task shorter you can try to profile the password, because the creators of passwords are human beings, beings of habits. So I'll show you the basics of profiling passwords and you can research and customize deeper..


1. Scrape the web-server and output the generated word-list from words found in that web-server using cewl in kali linux

Code: [Select]
cewl www.example.com -w example-list.txt
To check for the length of your generated word-list:

Code: [Select]
cat example-list.txt |wc -l
2. Customize your generated wordlist by adding rules in john the ripper

Code: [Select]
nano /etc/john/john.conf
and then proceed to add rules to those passwords in order to customize a better word-list

example:

$[0-9]$[0-9]  #In each word, this rule will add 2 numbers at the end of the word

Finally, just output the word-list one more time and you got yourself a list of possible passwords used by the victim.
« Last Edit: January 17, 2016, 07:56:18 PM by overflow »
"Personally, I make it a habit to avoid habits."

Offline th3l4st

  • Serf
  • *
  • Posts: 21
  • Cookies: -2
    • View Profile
Re: Password Profiling Tutorial
« Reply #1 on: February 17, 2016, 11:12:36 PM »
I suggest you take a look at CUPP on GitHub! It's a tool written in python that creates wordlists based on information you input. I read of a guy who actually managed to find 16 passwords in 20 tries with it!

https://github.com/Mebus/cupp
"Privacy is like bacon, it makes everything better." Zoz, DEFCON 22

"Timeo danaos et dona ferentes" Laocoön, Aeneid

 



Want to be here? Contact Ande, Factionwars or Kulverstukas on the forum or at IRC.