Thursday, April 2, 2020

How Professional Hackers Make Custom Password List for Password Cracking

How Professional Hackers Make Custom Password List for Password Cracking

 

Photo by Arian Darvishi on Unsplash

 

Hello guys, today we will see how professional hackers make them custom password list for password cracking. According to me, there are 3 different ways to crack the password.


      1)  Many hackers are using the rockyou.txt password list for password cracking mostly when they solving any machine.


      2)   Some Hackers using a password list from GitHub like SecLists. SecList is a bundle of all types of passwords and mostly you can have succeeded to crack the password. Check it -: SecListPassword list.

 

     3)  Many professional hackers like to make the password on their own. They using GitHub tools like Cupp or using Bash Scripting and using Social Engineering they find out the guessable passwords and make password wordlist using those words.

 

I am going to show you the 3rd method that you can make your own password list using Bash Scripting.   

 

 

Make Custom Password Wordlist Using Bash Scripting

 

         1)  To make custom password wordlist you need to use social engineering and collect that person’s information or anything you think interesting. Collect them and make a file and save all words in that file.

 

For example, I making wordlist name as password.txt & in that file I saved words like January, February etc.

 

 

 

     

   2)  Using bash scripting you can add any word you want. I adding 2019 and 2021 words at the end in password list. It will display like -: January, January2019, January2021.

In every good password, there is ! present so using a script we can add ! at the end too.

 

#  for i in $(cat password.txt); do echo $i; echo ${i}2019; echo ${i}2021  ; done

 

# for i in $(cat password.txt); do echo $i; echo ${i}2019; echo ${i}\! ; done


 


        

         3)  After adding random words at last we need to expand our words. To do that we can use Base64.rule. It helps to add random words and letters in the word password list. 

            

# hashcat --force --stdout password.txt –r /usr/share/hashcat/rules/best64.rule


 


 

         4)  You can check the number of total words is there. Using this command and you can see specific letters using grep command at the last.

To see at the end ! total words use this command -:

# hashcat --force --stdout password.txt -r /usr/share/hashcat/rules/best64.rule | grep '\!'

 

To see all words, you can use wc –l command at last.




    

          5)  After making the password list save it. Generally minimum password length is 8 so we need to remove the passwords which password length lower than 8.

You can use –r for chain & can use multiple rules. Toggle1.rule making password list in capital letter.  




 

      6)  Save the list and check how much words available in password list.

 

After making a password list you can use that password list for password cracking.