Generating Custom Wordlists For Targeted Attacks

Men dress up lifestyle hold smartphone screen Premium Photo

Rockyou.txt will only get you so far. When doing targeted attacks you might need something more specific to that user or site. This is when you want to generate your own wordlists to increase the chances of success.

cupp and CeWL are tools that allow you to generate a wordlist based on the profile of the person or site that you are trying to hack.

Common user password profiler (CuPP): https://github.com/Mebus/cupp

apt-get install cupp

To start, use cupp -i

This will give you a list of questions that you can fill in about your target.
To get this information you can use certain tools and techniques:
https://ctrlaltdel.blog/2019/04/19/how-exposed-are-you-on-the-internet/

CuPP requires you to know details about the target which may be hidden or unkown to you. This is when tools like CeWL come in. If the person has their own blog or sociel media site, key details may be on there.

CeWL can help pick these out: https://digi.ninja/projects/cewl.php

apt-get install cewl

Once installed, you can target a site using the command below. These are just examples. Your target might not be well known to the public so will have less information published about them. This is when good reconnaissance techniques come into play.

-w Write to file
-d 5: The depth (in this case, 4) that CeWL will crawl to website.
-m 4: The minimum word length.

CeWL may take a while depending on what attributes you have used. What you are trying to find are words that may be included in their password. Peoples social media sites and profiles includes things like favorite foods, animals, past pets, family members and sports team. All keywords that the person could have used in their password.

If you wanted to potentially increase your chances even further, you could look into using a tool called Mentalist: https://github.com/sc0tfree/mentalist

“Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat and John the Ripper.”

Once you have you wordlists, it is up to you if you use them on their own or combine them. Kali and Parrot come with wordlists which are stored here: /usr/share/wordlists

Remember that the longer the wordlist, the more time and resource it will take.
For instance, if you combine rockyou.txt and the CuPP worldlist we created above, the likely hood of cracking the password may go up but so will the length of time needed to run through all the potential passwords. That is why it’s important to spend time investigating your target user and seeing how they act online. This may give you clues on how to best approach. You might get lucky with just the one you have manually generated.

If you did want to combine, you can use this simple command:
Cat [wordlist1] [wordlist2] > [output file]

4 Replies to “Generating Custom Wordlists For Targeted Attacks”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s