View Single Post
Old 02-19-10, 03:56 PM   #6
snowmanwithahat
Snowy
 
snowmanwithahat's Avatar
 
Join Date: Jul 2004
Location: Michigan
Posts: 974
Default Re: Any Ethical Hackers?

If you're looking to develop an intelligent wordlist I'd recommend first finding your target password... for example windows passwords can be short, but WPA passwords have a min length of 8 characters.... so such a thing as a universal wordlist doesn't exist... but given that knowledge we can optimize wordlists for specific applications

Before I dive into this lets make a quick distinction. A wordlist is a list of words used as passwords... a dictionary file used in this context is just a list of words... so a wordlist might be

apples01
apples02

etc....

a dictionary file would just be

apples
bananas
cows
pears

etc... Unmodified words

Lets take a look at WPA. As i have mentioned there is a minimum length of 8 characters. To build a pretty intelligent wordlist it wouldn't be too hard to take dictionary files (just words) and split it off into 2 lists.

"BigDic.txt" gets split into

"<8Dic.txt" and ">8Dic.txt"

Lets assume there's a 4th file called "existingwordlist.txt"

So to get a pretty intelligent 5th file "finalwordlist.txt" you'd want to take the dictionary file with less than 8 characters, and add combinations of numbers to flesh it out to 8 characters long. For example, you're password is "cows".... well say you setup your new fancy router and you need a password you'll remember... but "cows" won't fit. So you decide to add your address to it.... it now becomes "cows1234". That's realistically what alot of people with already weak passwords do when setting up devices / accounts that require more security or longer passwords than they previously used.

So if you build the list of "<8Dic.txt" into a useful combination of possible passwords you will have a pretty accurate list of weak, but improved to WPA standard passwords that wouldn't be unrealistic.

You'd then combine the "<8Dic.txt" ">8Dic.txt", "existingwordlist.txt" into a new wordlist....

As I outlined in the post above mine... I've been trying to crack my roomate's password without explicitely putting it in there... I'm still working on some type of algorithm that would generate his password in a realistica way without me plugging it into the wordlist... but it's helped expose alot of habits that people have.

Things to keep in mind when building a wordlist

Existing weak passwords + numbers //very common
words + dates //columbus1492 or something of the sort
memorable names //things such as Ganondorf or other video game or book related names are pretty strong... but possible
keys physically related //123456, or qwerty for example... you know some of your friends or atleast your parents are using weak ones like that

I'll leave it at that, but alot of it comes down social engineering. Good wordlists take care of that for you and then to build a really intelligent wordlist I'd suggest taking things relevant to your area (state, town) and building on top of it.

There really is an art to it, but it's a really exciting area to do research in.




Also... for those of you wondering about bruteforcing, atleast in the case of WPA, it's not possible.

lets look at the min character length password for example.

96 possible characters (upper, lower, special, numeric, space)
8 character length

that's 96^8 combinations.... or 7213895789838336 possibilities

Now assume my system.... it pushes through WPA passphrases at about 16,000 keys/sec... that means it'd only take 450868486864.896 seconds.... or 14,296.95 years.... So for the avergae user bruteforcing isn't an option, and picking a password that you wouldn't commonly find in a dictionary or intelligent wordlist is a huge help in securing your data.

Contrary to that.... it'd take roughly 2 hours with my system and have ~35% success rate to use a wordlist on a majority of passwords.... be smart with your data people, know what you're up against. A week password makes a hackers job a joke
__________________
---Gaming Rig---
Q6600 3.4ghz (378x9) - 1.5v
Gigabyte EP45-UD3P
8gb (4x2gb) OCZ Gold DDR2-800 (5-4-4-12)
MSI+ASUS GTX 470 SLI
Dell u3011 IPS Display
HP 22" Auxiliary Monitor
256gb Western Digital Silicon Edge Blue SSD
5x2tb RAID-5 Array
750W PC P&C PSU
Windows 7 Pro 64-Bit & Ubuntu 10.04 64-bit

---Gaming Laptop---
ASUS G53JW
Core i7 740QM
16gb DDR3
Nvidia GTX 460m
1tb WD HDD
120gb Corsair SSD

Join the NvNews Folding @ Home Team
snowmanwithahat is offline   Reply With Quote