Re: Any Ethical Hackers?
If you're looking to develop an intelligent wordlist I'd recommend first finding your target password... for example windows passwords can be short, but WPA passwords have a min length of 8 characters.... so such a thing as a universal wordlist doesn't exist... but given that knowledge we can optimize wordlists for specific applications
Before I dive into this lets make a quick distinction. A wordlist is a list of words used as passwords... a dictionary file used in this context is just a list of words... so a wordlist might be
a dictionary file would just be
etc... Unmodified words
Lets take a look at WPA. As i have mentioned there is a minimum length of 8 characters. To build a pretty intelligent wordlist it wouldn't be too hard to take dictionary files (just words) and split it off into 2 lists.
"BigDic.txt" gets split into
"<8Dic.txt" and ">8Dic.txt"
Lets assume there's a 4th file called "existingwordlist.txt"
So to get a pretty intelligent 5th file "finalwordlist.txt" you'd want to take the dictionary file with less than 8 characters, and add combinations of numbers to flesh it out to 8 characters long. For example, you're password is "cows".... well say you setup your new fancy router and you need a password you'll remember... but "cows" won't fit. So you decide to add your address to it.... it now becomes "cows1234". That's realistically what alot of people with already weak passwords do when setting up devices / accounts that require more security or longer passwords than they previously used.
So if you build the list of "<8Dic.txt" into a useful combination of possible passwords you will have a pretty accurate list of weak, but improved to WPA standard passwords that wouldn't be unrealistic.
You'd then combine the "<8Dic.txt" ">8Dic.txt", "existingwordlist.txt" into a new wordlist....
As I outlined in the post above mine... I've been trying to crack my roomate's password without explicitely putting it in there... I'm still working on some type of algorithm that would generate his password in a realistica way without me plugging it into the wordlist... but it's helped expose alot of habits that people have.
Things to keep in mind when building a wordlist
Existing weak passwords + numbers //very common
words + dates //columbus1492 or something of the sort
memorable names //things such as Ganondorf or other video game or book related names are pretty strong... but possible
keys physically related //123456, or qwerty for example... you know some of your friends or atleast your parents are using weak ones like that
I'll leave it at that, but alot of it comes down social engineering. Good wordlists take care of that for you and then to build a really intelligent wordlist I'd suggest taking things relevant to your area (state, town) and building on top of it.
There really is an art to it, but it's a really exciting area to do research in.
Also... for those of you wondering about bruteforcing, atleast in the case of WPA, it's not possible.
lets look at the min character length password for example.
96 possible characters (upper, lower, special, numeric, space)
8 character length
that's 96^8 combinations.... or 7213895789838336 possibilities
Now assume my system.... it pushes through WPA passphrases at about 16,000 keys/sec... that means it'd only take 450868486864.896 seconds.... or 14,296.95 years.... So for the avergae user bruteforcing isn't an option, and picking a password that you wouldn't commonly find in a dictionary or intelligent wordlist is a huge help in securing your data.
Contrary to that.... it'd take roughly 2 hours with my system and have ~35% success rate to use a wordlist on a majority of passwords.... be smart with your data people, know what you're up against. A week password makes a hackers job a joke
Q6600 3.4ghz (378x9) - 1.5v
8gb (4x2gb) OCZ Gold DDR2-800 (5-4-4-12)
MSI+ASUS GTX 470 SLI
Dell u3011 IPS Display
HP 22" Auxiliary Monitor
256gb Western Digital Silicon Edge Blue SSD
5x2tb RAID-5 Array
750W PC P&C PSU
Windows 7 Pro 64-Bit & Ubuntu 10.04 64-bit
Core i7 740QM
Nvidia GTX 460m
1tb WD HDD
120gb Corsair SSD
Join the NvNews Folding @ Home Team