Dictionaries and Wordlist

I have cracked many passwords and the key to doing so is having a good word list or dictionaries and the skill to use the right word list at the given time. I think most people see word lists and dictionaries as the same thing, I tend to look at them as being word lists which are just a list of words that can be mixed with numbers and other symbols, where as a dictionary is words you would find in an English dictionary with no numbers or other symbols appended to them. I have seen a lot of word lists that are a mixture of both so I can see why people would think they are the same thing.

I create a lot of my own word lists depending on what I am trying to crack. I want to try to gain access as quickly as I can, so I don’t waste my time just running a big word list at given hashes. I try and get a more custom word list thinking about the company locations and the employers in the company. A example of this would be that company A is located in Manchester, so I would then make a word list based on this. So I might have football teams,players names, local attractions, any dates in history and so on. The aim would be to try and gain access to an account as soon as I can, if this failed I would then try a bigger word list like an English dictionary. If I still had no luck I would move onto a really big word list of common passwords like rockyou.txt If after all this I still did not have a login I would then try to use some kore logic rules with John the Ripper to try and mangle the password list. I would hope after doing this I should have gained access to at least one account and then from this I can make progress.

Tips for creating a word list/Dictionary

  • Merged each ‘collection’ into one file (minus the ‘readmes’ files)
  • Removed leading & trailing spaces & tabs
  • Converted all ‘new lines’ to ‘Unix’ format
  • Removed non-printable characters
  • Removed HTML tags (Complete and common incomplete tags)
  • Removed (common domains) email addresses
  • Removed duplicate entries
  • Split into two parts – ‘Single or two words’ and ‘multiple spaces’.
  • Sorted by the amount of times the word was duplicated – Therefore higher up the list, the more common the word is.
  • Sorted again by ‘in-case sensitive A-Z’.
  • Joined back together – Single or two words at the start.

Links to word list/Dictionary
skullsecurity
kismac wordlist
hashcrack
packetstormsecurity
0x80
dictionary-thesaurus
outpost9
openwall JTR
word list on Wikipedia
isdpodcast

John the Ripper Rules
Korelogic rules

Tips and links from g0tmi1k website

Leave a Reply