Home page logo
/

basics logo Security Basics mailing list archives

Re: Fwd: password list generation
From: Miguel Dilaj <miguel.dilaj () oissg org>
Date: Wed, 15 Aug 2007 13:46:20 -0300

Or generate a .txt file with your "base" word, and then process it with
John the Ripper mangling rules:

     john --rules --wordlist=basedict.txt --stdout > bigdict.txt

Double check John's syntax, I wrote the above from the top of my head.
Regards,

Miguel


whip () netspace net au escribió:
I'd agree. Write you own script to take a string and generate a list of
permutations, based on your own variation. Will come in very handy for
future pen tests.


Scott

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Radu Oprisan
Sent: Wednesday, 15 August 2007 6:33 AM
To: sami seclist
Cc: security-basics () securityfocus com
Subject: Re: Fwd: password list generation

sami seclist wrote:
  
Hi list,

I am pentesting the backbone of an ISP. There are several ssh and
telnet ports open, and I would like to launch a brute force password
attack. However, i want to lower the number of possibilities to try to
those common combinations we all use in our company (ACME2007,
AcmE2OO7, AcMe123, etc.).
is anybody aware of a tool that can generate a list of passwords from
a root word, the company name for example, or is there any source that
lists all the trivial combination of words commonly used as passwords.

Thanks guys.
    

You can probably find password lists by using google.
Modifying a password list by adding numbers should be very simple,
however, modifying case should be a job for a perl script and should not
be used because it would generate a huge list. For example:

base: acme
1: Acme
2: ACme
3: ACMe
4: ACME
5: aCme
& so on




  


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]