Sunday, October 15, 2017
Password profiling with CEWL / Wordlist mangling with JOHN THE RIPPER
PASSWORD PROFILING WITH CEWL / WORDLIST MANGLING WITH JOHN THE RIPPER
- Layout for this exercise:
1 - Password profiling with CEWL
- CEWL (Custom Word List generator) scans for a list of words and phrases taken from the web server of a targeted organization and returns a textfile with the corresponding wordlist.
- The option -m allows to specify the minimum length of the returned words:
- The option -w outputs the result to a textfile:
- Let's apply cewl to www.whitelist1.com, setting the minimum number of letters to 6, and outputting the result to the file whitelist_wordlist.txt:
- The number of lines is 7011:
- Let's see some of the strings found:
- Another interesting option is to create an email list with all emails founded by cewl, using these options:
- Applying cewl again to the web server domain:
- The new text file contains just 3 lines:
- Finally, the option -c counts for how many times words appear at the wordlist:
2 - Wordlist mangling with John The Ripper
- There are certain practices that users tend to apply to passwords in order to mutate them.
- For instance, adding numbers at the beginning and/or the end, swapping out to lower/uppercase letters, etc ...
- John The Ripper allows to modify a wordlist of passwords according to different criteria.
- For instance, let's add two numbers to the end of each password, just modifying the john.conf file:
- Now, the original whitelist1_wordlist.txt is modified to mutated_whitelist1_wordlist.txt
- The new file contains 1046909 strings, in comparison with the original one, containing 7011:
- Let's check how the last passwords of the wordlist have been modified: