Printable View
Hi
Let's consider this scenario.
I go into a company to pentest their network, inc wireless.
Through passive monitoring I find out the company name or internal domain name, and maybe even a few usernames.
Is there a way I can generate a custom targeted wordlist to incorportate the infomation I know about?
I.E Company name is company
So the wordlist will automatically include passwords like:
company
Company
C0mpany
c0mpany
company1
etc..
As well as the usual bunch of most common passwords?
Read up on crunch, the wordlist generator included with Backtrack 5.
At one point there was a OffSec script for this. I did a really quick search but couldn't find it. It was in one of the annoncement forums over the past number of years. I tried it at one point and it was fairly functional, though I do believe I reported a crash issue with it that never got a reply (IIRC).
You might want to checkout: CeWL http://www.digininja.org/projects/cewl.php
There are any number of tools that can perform the manipulations you're talking about if you have the base wordlist.
Crunch, hashcat maskprocessor, WLM etc.
Tape has lots of good blogs about wordlist prep and manipulation:
http://adaywithtape.blogspot.ca/
I think I actually blushed when I read that ;)
Thanks guys I will check them out!