To perform a good pentest, nothing better than a custom wordlist to crack passwords. We may be able to generate a custom wordlist that reflects our knowledge of the target or the organization’s password policy (For example : 10chars min, Special chars …)
To build a good wordlist, you’ve to know the company you target (for your legal pentest :)). The first step is to collect usefull informations like :
- Geographical area(s) of the company : Collect all Countries / Areas & Cities where the company is located
- Industry classification : Depending of the industry classification, you will customize your wordlist. If your target produce fruits for example, dump a fruit name list, and adapt the language following the company geographical area :)
- Name & Surname : Governments offer Names & Surnames lists in open-data, for example, for france : Liste de prénoms et patronymes
- LinkedIn : The best Database. You can use a scraper as ScrapedIn to dump company profiles and extract keywords.
- Company Website : You can dump some keywords from the company website, You can use CeWL to dump the keywords.
Customizing the wordlist
Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat and John the Ripper.
Install Mentalist on Centos (GUI mandatory /!\)
# yum install python3 git python3-tkinter # git clone https://github.com/sc0tfree/mentalist.git # cd mentalist # python3 setup.py install # mentalist
Install Mentalist on Windows
I used Chocolately to install the last Python on my computer, it’s very simple : chocolately
Once it’s done, enter the following commands in a powershell console :
python -m pip install -U pip python -m pip install -U tk
Download the latest version of Mentalist with git, install it & run it
git clone https://github.com/sc0tfree/mentalist.git cd mentalist python setup.py install mentalist
Once we’ve mentalist Installed & Running, we’ll load our custom wordlist, and continue to customize it
When you start Mentalist, you’ve the “Base Words”, click the + button, to add your custom wordlist
Now you’ve your wordlist added, lets play, Click the + button, in the upper right corner, then choose :
- Case : If you want to change Uppercase to Lowercase etc .. My advice is to choose the option : Upper First, Lower rest
- Substitution : You can substitute letter to special chars, like a to @ …
- Prepend : Add Words / Numbers … before your words
- Append : Add words / numbers … after your words
When you finished, click on “Process” in the menu, Select “Full wordlist” and choose a file to save your new wordlist.
Building a custom wordlist is very simple, and it will take you only a couple of hours, to have a better result than just using some wordlist dumped on internet, even if they still work fine :).
A last advice, and I’ll writte a blog post about that, you’ve to combine your wordlist with a bruteforce attack. It’s really powerfull & simple with Hashcast.