IntroductionWordlists are a key part of brute force password attacks. For those readers that aren't familiar, a brute force password attack is an attack in which an attacker uses a script to repeatedly attempt to log into an account until they receive a positive result. Brute force attacks are fairly overt and can cause a properly configured server to lock out an attacker or their IP.
This is the point of testing the security of log in systems this way. Your server should ban attackers that attempt these attacks, and should report the increased traffic. On the user end, passwords should be more secure. It's important to understand how the attack is carried out to create and enforce a strong password policy.
Kali Linux comes with a powerful tool for creating wordlists of any length. It's a simple command line utility called Crunch. It has simple syntax and can easily be adjusted to suit your needs. Beware, though, these lists can be very large and can easily fill an entire hard drive.
Generating a ListTo get started, open up a terminal. Crunch is already installed and ready to go on Kali, so you can just run it. For the first list, start with something small, like the one below.
# crunch 1 3 0123456789Alright, so the line above will create a list of every possible combination of the numbers zero through nine with one two and three characters. To reiterate, the first number is the smallest combination of characters. In this case, it's a single character. This is a bit unrealistic, since no one should have a one character password, and not site should allow it.
The second number is the longest combination of characters. This time, it's three. So, Crunch will generate every possible combination of three of the characters provided.
The last part there is the list of all characters that Crunch will use to make the combinations. This list is relatively small, so feel free to run it, but as soon as you start adding more characters or increasing the maximum combination size, the overall size of the list will explode.
The scenario above isn't all that realistic, though it might be applied to the pin combination to unlock a phone or something of the sort. A more realistic list could be generated with the following linux command.
# crunch 3 5 0123456789abcdefghijklmnopqrstuvwxyzThat command will generate all possible three, four, and five character combinations of the numbers zero through nine and the alphabet using lower case characters. Even though the passwords generated will be short, the list will be absolutely massive.
# crunch 3 10 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZBEWARE! Do not try to run that. It will generate a file that will easily fill your entire hard drive and be virtually unusable with normal hardware. However, if someone were able to use it, it could test every password with every combination of three to ten characters using all numbers and both the lower and upper case alphabet.
Capturing the OutputWhat you've seen so far is just outputting numbers onto the screen. That's obviously not very useful. After all, you're supposed to be generating a text file to use with another program. Crunch as a built-in flag for generating output in the form of a text file.
# crunch 3 5 0123456789abcdefghijklmnopqrstuvwxyz -o Documents/pass.txtJust by adding the
-oflag and specifying a destination, you can create your wordlist in the form of a properly formatted text file.
There is another way to handle this, though. Say you already have a good word list with popular bad passwords. There's actually one installed on Kali by default at
rockyou.txt. You just have to decompress it. What if you wanted to add your generated wordlist onto
rockyou.txtto test additional possibilities in one shot. You can. Just redirect the output of Crunch into the file.
# crunch 3 5 0123456789abcdefghijklmnopqrstuvwxyz >> /usr/share/wordlists/rockyou.txtThe file will be very large, so make sure you have space and actually want to test that many possibilities.