All HowTo's Cybersecurity Linux Redhat, Fedora and CentOS Linux Ubuntu, Mint & Debian Linux

Creating your own Password list

If you want to create a customised password list for a specific target (client, I hope), this article is for you. It’s basically just a re-write of “https://karimlalji.wordpress.com/2018/04/26/password-guessing-mangle-a-custom-wordlist-with-cewl-and-hashcat/” which I’ll probably forget later so I’m documenting here.

We don’t just want a list of passwords, we want a list of targeted passwords. Actually, we want a list of targeted passwords with variations such as adding numbers and capitals to make them more likely to match.

We’re using Ubuntu 20.04.

Install the packages we need:

apt install hashcat cewl 

Let’s create the password list based on words used on their website:

cewl -d 2 -m 5 -w example-clean.txt https://www.example.com

Note: Where -d means depth of searching the target website for words. -m means minimum password length. -w is the file we’re storing the passwords in. And then there’s the website we want to search for interesting words.

But the above password list is just words from the target website. We need to “mangle” them… get more variations. For example. the word “hello” might become: hello1, Hello, Hello123, etc.

hashcat --stdout --rules-file /usr/share/hashcat/rules/best64.rule example-clean.txt | uniq -u >> example-mangled.txt

Now we can use our cracking tool with our new and targeted “example-mangled.txt” password file.

Leave a Reply

Your email address will not be published. Required fields are marked *