PASSWORDS

tailoring a password list reduces the search space and represents a significant boost in efficiency for any subsequent password cracking attempts. A smaller, targeted list translates to a faster and more focused attack, optimizing the use of computational resources and increasing the likelihood of a successful breach.

If a web application enforces a password policy, ensure that the wordlist only contains passwords that match the implemented password policy. Otherwise, you'll be wasting valuable time with passwords that users cannot use on the web application, as the password policy does not allow them.

PW POLICY EXAMPLE

Minimum length: 8 characters
Must include:
- At least one uppercase letter
- At least one lowercase letter
- At least one number

CUSTOM PW LIST: METHOD 1

#retrieve a wordlist
root@oco:$ wget https://raw.githubusercontent.com/danielmiessler/SecLists/refs/heads/master/Passwords/darkweb2017-top10000.txt

#match the wordlist to the password policy of minimum 8 characters
root@oco:~$ grep -E '^.{8,}$' darkweb2017-top10000.txt > darkweb2017-minlength.txt
 * the regex filter '^.{8,}$' is used to grab only contents that has at least 8 characters

#match the wordlist to the password policy of at least one uppercase letter
root@oco:~$ grep -E '[A-Z]' darkweb2017-minlength.txt > darkweb2017-uppercase.txt
 * the regex '[A-Z]' will discard passwords that lacks at least one uppercase letter
 
#match the wordlist to the password policy of at least one lowercase letter
root@oco:~$ grep -E '[a-z]' darkweb2017-uppercase.txt > darkweb2017-lowercase.txt
 * the regex '[a-z]' will discard passwords that lacks at least one lowercase letter 

#match the wordlist to the password policy of at least one number
root@oco:~$ grep -E '[0-9]' darkweb2017-lowercase.txt > darkweb2017-number.txt
 * the regex '[0-9]' will discard password that lacks at least one number
 
#count
root@oco:~$ wc darkweb2017-number.txt
 89 darkweb2017-number.txt

CUSTOM PW LIST: METHOD 2 (ONE-LINER)

#tailor the password to the organization's password list (if known)
 Minimum Length: 6 characters
 Must Include:
  At least one uppercase letter
  At least one lowercase letter
  At least one number
  At least two special characters (from the set !@#$%^&*)    
            
#
root@oco:~$ grep -E '^.{6,}$' jane.txt | grep -E '[A-Z]' | grep -E '[a-z]' | grep -E '[0-9]' | grep -E '([!@#$%^&*].*){2,}' > jane-filtered.txt
 * the '^.{6,}$' is a filter for at least 6 character passwords
 * the '[A-Z]' is a filter for at least one uppercase letter
 * the '[a-z]' is a filter for at least one lowercase letter
 * the '[0-9]' is a filter for at least one number
 * the '([!@#$%^&*].*){2,}' is a filter for at least two special characters from the set !@#$%^&*)

CUSTOM PW LIST: METHOD 3 (ONE-LINER)

#tailor the password to the organization's password list (if known)
 Minimum Length: 10 characters
 Must Include:
  At least one uppercase letter
  At least one lowercase letter
  At least one digit
 
#
root@oco:~$ cp /opt/useful/seclists/Passwords/Leaked-Databases/rockyou.txt .
root@oco:~$ wc -l rockyou.txt
 * 14344391
root@oco:~$ grep '[[:upper:]]' rockyou.txt | grep '[[:lower:]]' | grep '[[:digit:]]' | grep -E '.{10}' > customPWList.txt
 * the grep '[[:upper:]]' rockyou.txt searches for lines in rockyou.txt that contain at least one uppercase letter.
    - The [[:upper:]] is a POSIX character class that matches any uppercase letter (A-Z).
 * the grep '[[:lower:]]' filters the lines to include only those containing at least one lowercase letter (matched by [[:lower:]]).
 * the grep '[[:digit:]]' filters the output further to include only lines that contain at least one digit (0-9).
    - the [[:digit:]] POSIX character class matches any numeric digit.
 * the grep -E '.{10}' uses the -E option (extended regular expressions) to match lines with 10 or more characters.
    - the pattern .{10} matches any line with at least 10 characters, where . represents any character and {10} specifies at least 10 repetitions.
root@oco:~$ wc -l customPWList.txt
 * 151647

CUSTOM PW LIST: CUPP

#create the custom target password
root@oco:~$ sudo apt search cupp
root@oco:~$ sudo apt install cupp
root@oco:~$ cupp -i
 * the -i option runs cupp in interactive mode
    - in this mode, CUPP will guide you through a series of questions about your target
 > First Name: Jane
 > Surname: Smith
 [+] Saving dictionary to jane.txt, counting 46790 words. 
 ...

PreviousUSERNAMES NextTROJANS

Last updated 12 months ago