PDA

granger53

Olrad

granger53

Remote Exploit Forums

>

BackTrack v2.0 Final

>

Tutorials & Guides

> Word List Generator

View Full Version :

Word List Generator

12-01-2006, 03:58 AM

After getting WEP cracking down, I decided to give WPA a try. After some reading about coWPAtty and
Rainbow Tables, it seems that the better dictionary or word list you have, the better chances of success.

What if the target WPA passphrase is not in your word list? What if its just a random string of characters like
you can get from grc.com password generator? Then your SOL!

Sooooo....
I wanted to find a word list generator for every possible combination of characters and I found this...

http://freshmeat.net/projects/wg/

After a bit I came up with the following.....

$ perl ./wg.pl -l 8 -u 64 -v abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWX YZ0123456789\`
\~\!\@\#\$\%\^\&\*\(\)\-\_\+\=\[\]\;\'\,\.\/\<\>\?\:\"\{\}\|\ > words.txt

This will generate a list of "words" (actually character strings) between 8 and 64 characters long (-l 8 -u 64)
and output it to a text file named "words.txt"
(> words.txt).
All the / characters are there because I was getting errors from not escaping bash command characters.

I tested it with -l 2 -u 4 and lowercase alphas...then grepped it for dirty words ;>
(c'mon...we all had a laugh in gradeschool doing that with the dictionary)

$ grep (insert 4 letter word) words.txt
It worked!

Then I started it with the above parameters and it's been running for 45 minutes...up to 900 meg!!! This is
going to be enormous!!! I think this might be a bit too much.

Can someone check to make sure I didn't leave any characters out?

I did not write the script and know very little about scripting so I cant answer anything about how it works.

12-01-2006, 09:52 PM

I think you can use John the Ripper to do something similar. If you've never used it it's under /pentest
/password/john-1.7.2/run. You can do something on the lines of
john -incremental=All --stdout > all.lst
That produces a list of all combinations of the 95 printable ASCII characters of lengths 1 to 8. You can replace
"All" with say "Alpha" or "Digit" to get just alpha or numeric passwords. It's also worth having a look at the
john.conf file, you can change the min and max length of the generated passwords.
To be honest though I think a password file like this would take forever to get through.

**Edit**
A list of all printable characters from Wikipedia (starting with a space)
!"#$%&'()*+,-./0123456789:;<=>?
@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_
`abcdefghijklmnopqrstuvwxyz{|}~

12-02-2006, 03:07 AM

Thanks for the tip about John! I've never used it, so I'll have to give that a try....definitely a good idea.

You're right about a list that large...I left the script running and it created a file over 9 gig! It wanted to keep
running but I ran out of disk space.

My Idea was to use this huge list with coWPAtty and precompute it against the "Church of Wifi" top 1000
ssid's. That would generate a good lookup table for faster cracking. The problem is list size.....it's HUGE!! I
need to get a new hd.

The CoWf precomputed tables is 8 gig in size using 170,000 actual words...I wanted to be able to include
random strings.

I think this might be a bit too large a project for me. It would be better suited as a distributed project.
For example:

Word List Generator [Archive] - Remote Exploit Forums

1 z 5

granger53

Mr.Octopus

Olrad

Aricshow

godfather

kaaslander

CurioCT

Using all characters...
First person generates and precomputes length 8-10...
Second does the same for length 11-12...
repeat...to 64...
as it goes up, it will have to be reduced to one length.

Then consolidate.

Damn, this might be unworkable because of sheer size. I'm not a coder but a "SETI@home" type of program
would do this nicely.

12-02-2006, 03:27 AM

Oh, man!
John ROCKS!!!

12-02-2006, 02:10 PM

Yep it sure does.
Happy birthday have a pound sign (most US K.boards dont have one so when cracking pass's you may never
get it)

£

Same is true of other (alt) keyboard

12-02-2006, 02:18 PM

Missed that one (and I'm from the UK so I have no excuse...).
I suppose we had better add € too...

12-07-2006, 03:10 PM

oh, don't forget ñ its in allot of Spanish passwords! The list sounds cool, when i get my new server I might
make it a project to do.

12-18-2006, 08:53 PM

hi

when i tried to run this command

perl ./wg.pl -l 4 -u 6 -v abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWX YZ0123456789\`
\~\!\@\#\$\%\^\&\*\(\)\-\_\+\=\[\]\;\'\,\.\/\<\>\?\:\"\{\}\|\ > words.txt

i have this message error

File size limit exceeded

what is my pb? i have large hard (80 Gigabytes free)

01-19-2007, 10:11 PM

I'm making a 26 digitaal wpa code dictionary.... I want to crack my wpa code, look like this
" fs8903uied238nv01dh3890wlp "

$ perl ./wg.pl -l 26 -u 26 -v abcdefghijklmnopqrstuvwxyz0123456789 > words.txt

i was wondering, how long does it take to crack it, with aircrack?

01-21-2007, 02:10 PM

What exactly did you expect? why do you think bruteforce attacks take so long? what you are trying to do is
make a brute force dictionary

so lets say for argument sake you look at the 128 characters in the standard ascii table and a password is only
4 characters long

128x128x128x128= 268,435,456 bytes for a 4 character password=268mb

6 chars 4,398,046,511,104 bytes 4.5TB if i got my factors right in my head and its a sunday afternoon so i
might not have

Word List Generator [Archive] - Remote Exploit Forums

2 z 5

zxcvb_test

zxcvb_test

eifersucht

OK so 128 is extreme so try 70 characters (or so) on a standard key board with out any extra effort and not
counting case sensitivity

4 chars = 24,010,000 bytes
6 chars = 117,649,000,000 bytes

how much data do you think you'd need for 26 chars? that alone how long it would take to generate.

generators are cool if you know its:-
a. a small password
b. you have a partial match
c. you saw key strokes (shoulder surf) but you are not 100% certain.
d. you can otherwise narrow the parameters
e. erm thats all off the top of my head

hope this helps

Thanks for the tip about John! I've never used it, so I'll have to give that a try....definitely a good idea.

You're right about a list that large...I left the script running and it created a file over 9 gig! It wanted to keep
running but I ran out of disk space.

My Idea was to use this huge list with coWPAtty and precompute it against the "Church of Wifi" top 1000
ssid's. That would generate a good lookup table for faster cracking. The problem is list size.....it's HUGE!! I
need to get a new hd.

The CoWf precomputed tables is 8 gig in size using 170,000 actual words...I wanted to be able to include
random strings.

I think this might be a bit too large a project for me. It would be better suited as a distributed project.
For example:
Using all characters...
First person generates and precomputes length 8-10...
Second does the same for length 11-12...
repeat...to 64...
as it goes up, it will have to be reduced to one length.

Then consolidate.

Damn, this might be unworkable because of sheer size. I'm not a coder but a "SETI@home" type of program
would do this nicely.

03-15-2008, 12:36 PM

Hello, I am having a similiar problem. Is there a way using this script (or any other way), to generate a full
list of strings in the following format:
First 3 characters are any three random lowercase letters, and the last three characters are any three random
numbers. like so: abc123

so I would need to generate
aaa111 - zzz999
and everything inbetween.:confused:

thanks in advanced!
:D
zxcvb_test:cool:

03-16-2008, 08:23 PM

i just noticed i had a typo in my previous post.

i need aaa000-zzz999
not aaa111-zzz999

(PS:oh and i know ill probablly get yelled at for not simply editting my other post, but i looked for an 'Edit'
button, but could not seem to find one, sorry)

06-09-2008, 05:22 PM

Thanks for the program

i did perl ./wg.pl -l 4 -u 4 -v 0123456789 >words.txt and i got a txt file from 0000 to 9999.

Word List Generator [Archive] - Remote Exploit Forums

3 z 5

Schtekarn

Copycat

slak.

how i can do the same thing with john -incremental?
i have tried john -incremental=digits --stdout=4 > words.lst

but this generate from 0 to 9999

cya

06-17-2008, 03:16 AM

i just noticed i had a typo in my previous post.

i need aaa000-zzz999
not aaa111-zzz999

(PS:oh and i know ill probablly get yelled at for not simply editting my other post, but i looked for an 'Edit'
button, but could not seem to find one, sorry)

Im also looking for a similar generator. I need a generator that u can specify a word and then generate letter
and digits in front and after, like this: ***password***
*=a random dumber/digit

Another sweet function would be i you could switch the letters of a word into big, small and "leet" letters.
Exampel: If u have the word "password" u could transform it to PaSsWorD, P4ssW0RD and so on.

EDIT: I found a thread with this exact script, but the link to the actual script is broken :(.

forums.remote-exploit.org/showthread.php?p=87300#post87300

06-23-2008, 08:15 AM

yea so anyone know what the finished john file size is :)? might be worth taking out the old external drive for
this

07-21-2008, 03:18 PM

yea so anyone know what the finished john file size is :)? might be worth taking out the old external drive for
this

started running this, realised this is getting way to big...
Made a java program to calculate this, check it out for correctness,
but 0.3 EB (Exbi bytes) should be the final size of the wordlist

class WordList {

public static void main(String[] args) {

int bits = 8;
int binary = 1024;

int characters = 95;
int word_length = 8;

double total_words = 0;
double total_bytes = 0;

for (int power=1; power<=word_length; power++) {
double words = Math.pow(characters, power);
double bytes = (words*power)*bits;

System.out.print(words);
System.out.println(" - " + (bytes));

total_words += words;
total_bytes += bytes;
}

System.out.println(total_words + " words");

System.out.println(total_bytes + " bytes");

double total_B = 0;

Word List Generator [Archive] - Remote Exploit Forums

4 z 5

Acester

m1cha3l

total_B = total_bytes / (Math.pow(binary, 2));
System.out.println(total_B + " KiB kibi-byte");

total_B = total_bytes / (Math.pow(binary, 3));
System.out.println(total_B + " GiB gibi-byte");

total_B = total_bytes / (Math.pow(binary, 4));
System.out.println(total_B + " TiB tebi-byte");

total_B = total_bytes / (Math.pow(binary, 5));
System.out.println(total_B + " PiB pebi-byte");

total_B = total_bytes / (Math.pow(binary, 6));
System.out.println(total_B + " EiB exbi-byte");

total_B = total_bytes / (Math.pow(binary, 7));
System.out.println(total_B + " ZiB zebi-byte");

total_B = total_bytes / (Math.pow(binary, 8));
System.out.println(total_B + " YiB yobi-byte");
}
}

08-13-2008, 12:44 PM

This is very interesting, but it's a shame the wordlist has to be so big. I have a 500 GB harddrive at home
(it's half full right now) but I still think it's a shame the wordlist has to be so big. Perhaps there is a way to
convince John and Aircrack to work together? John could feed it random words, and aircrack could munch
away on all the random words. After the words are used, they won't be saved, just thrown out to save on HDD
space..

The downside is you cannot precompute it with airolib.. But still, it'd be neat to see.

08-13-2008, 04:55 PM

Perhaps there is a way to convince John and Aircrack to work together? John could feed it random words, and
aircrack could munch away on all the random words. After the words are used, they won't be saved, just
thrown out to save on HDD space..

you can pipe the output of john into the aircrack command.

john -incremental=All --stdout | aircrack-ng -b 00:11:22:33:44:55 -w - test.cap

vBulletin® v3.8.1, Copyright ©2000-2009, Jelsoft Enterprises Ltd.

Word List Generator [Archive] - Remote Exploit Forums

5 z 5