Sunday, October 15, 2017

Password profiling with CEWL / Wordlist mangling with JOHN THE RIPPER


- Layout for this exercise:

1 - Password profiling with CEWL

- CEWL (Custom Word List generator) scans for a list of words and phrases taken from the web server of a targeted organization and returns a textfile with the corresponding wordlist.


- The option -m allows to specify the minimum length of the returned words:

- The option -w outputs the result to a textfile:

- Let's apply cewl to, setting the minimum number of letters to 6, and outputting the result to the file whitelist_wordlist.txt:

- The number of lines is 7011:

- Let's see some of the strings found:

- Another interesting option is to create an email list with all emails founded by cewl, using these options:

- Applying cewl again to the web server domain:

- The new text file contains just 3 lines:

- Finally, the option -c counts for how many times words appear at the wordlist:

2 - Wordlist mangling with John The Ripper

- There are certain practices that users tend to apply to passwords in order to mutate them. 

- For instance, adding numbers at the beginning and/or the end, swapping out to lower/uppercase letters, etc ...

- John The Ripper allows to modify a wordlist of passwords according to different criteria.

- For instance, let's add two numbers to the end of each password, just modifying the john.conf file:

- Now, the original whitelist1_wordlist.txt is modified to mutated_whitelist1_wordlist.txt

- The new file contains 1046909 strings, in comparison with the original one, containing 7011:

- Let's check how the last passwords of the wordlist have been modified: