How to Crack Passwords, Part-2 (making wordlist)
As we had seen in the previous part that, to hack any passwords we should make a good wordlist, for that we can use social engineering or any guessing method, but offcourse guessing works in very few cases or even if it works it can take weeks or months to get the passwords. So here we will see how to make a wordlist to crack passwords.
In many of our password cracking methods, we often need to use a wordlist that will essentially attempt thousands of potential passwords per second. This is often referred to as a dictionary attack.
Despite of the fact that it is slow, you have to learn brute-force attack if you want to be a hacker as in many stages it will help you a lot and for that you need a good wordlist.
Using Pre-build Dictionary
The good thing about kali linux is – it will give you some pre build wordlists which can help you at tough times. One of the main such wordlist is rockyou.txt , you can find this wordlist inside cd /usr/share/wordlists/ .
Rockyou.txt is a wordlist that consist of real life passwords which are from the accounts that are being compromised at some stage of time. So it contains word that are used by people in real time. you can see passwords inside this wordlist by nano rockyou.txt.
But always keep a fact in mind that it contains a large amount of passwords so in real life it can take you a lot of time to complete it, and also you have less chance of success as passwords depend on your victim and rockyou contain some general passwords only. So next 2 methods will be more useful for you.
Crunch is a pre-build tool inside kali linux and it’s easy to use tool. You can open it by typing crunch inside your terminal.
To see the usage of crunch you can type man crunch inside your terminal which will show you how to use crunch effectively where man means manual.
Let’s see how to make wordlist from crunch.
You can see from the above image that we use crunch 2 5 -o wordlist.txt , here 2 shows minimum length and 5 shows maximum length. Here -o is used to save it in a file so that we can use it further for brute-forcing.
Similarly we can use crunch 4 6 1234567 -o wordlist.txt , here 1234567 indicate that our wordlist will contain only these digits. So yes crunch is a good tool, mainly if you social engineer your target or collect his/her information from social media which will help you to create a good wordlist.
This is my favourite tool for making wordlist. You can download this tool from github by typing cupp github inside your browser and then copy the github link inside your terminal as git clone <url>.git and this will download your tool.
It is a very easy to use tool just go inside your cupp directory and type ./cupp.py -i as shown below-
The best thing of cupp is that it will ask many personal informations about victim and make a wordlist according to that and if you don’t want to give any specific information then press enter as you can see in above image. Again, for collecting information you can use various social media.
So yes i will suggest you to use cupp as it will make more specific wordlist according to the victim. Also you can use ./cupp.py -help to see some more options.
So i hope that this help you in making wordlist. Just practice to make wordlist by your own as it will give you more confidence. And never try to brute force on any machine/website/application that you do not own as it will cause you trouble. You can try these attack on some machines like owasp, metasploitable, etc as these are made for such purpose only.
In my post how to hack facebook you can see the easier method – phishing which can give you passwords much easier but it also requires good social engineering. But offcourse brute-forcing is also equally important.