Word List Generator

[granger53]

After getting WEP cracking down, I decided to give WPA a try. After some reading about coWPAtty and Rainbow Tables, it seems that the better dictionary or word list you have, the better chances of success.

What if the target WPA passphrase is not in your word list? What if its just a random string of characters like you can get from grc.com password generator? Then your SOL!

Sooooo....
I wanted to find a word list generator for every possible combination of characters and I found this...

http://freshmeat.net/projects/wg/

After a bit I came up with the following.....

$ perl ./wg.pl -l 8 -u 64 -v abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWX YZ0123456789\`\~\!\@\#\$\%\^\&\*\(\)\-\_\+\=\[\]\;\'\,\.\/\<\>\?\:\"\{\}\|\ > words.txt

This will generate a list of "words" (actually character strings) between 8 and 64 characters long (-l 8 -u 64) and output it to a text file named "words.txt"
(> words.txt).
All the / characters are there because I was getting errors from not escaping bash command characters.

I tested it with -l 2 -u 4 and lowercase alphas...then grepped it for dirty words ;>
(c'mon...we all had a laugh in gradeschool doing that with the dictionary)

$ grep (insert 4 letter word) words.txt
It worked!

Then I started it with the above parameters and it's been running for 45 minutes...up to 900 meg!!! This is going to be enormous!!! I think this might be a bit too much.

Can someone check to make sure I didn't leave any characters out?

I did not write the script and know very little about scripting so I cant answer anything about how it works.

[Olrad]

I think you can use John the Ripper to do something similar. If you've never used it it's under /pentest/password/john-1.7.2/run. You can do something on the lines of
john -incremental=All --stdout > all.lst
That produces a list of all combinations of the 95 printable ASCII characters of lengths 1 to 8. You can replace "All" with say "Alpha" or "Digit" to get just alpha or numeric passwords. It's also worth having a look at the john.conf file, you can change the min and max length of the generated passwords.
To be honest though I think a password file like this would take forever to get through.

**Edit**
A list of all printable characters from Wikipedia (starting with a space)
!"#$%&'()*+,-./0123456789:;<=>?
@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_
`abcdefghijklmnopqrstuvwxyz{|}~

[granger53]

Thanks for the tip about John! I've never used it, so I'll have to give that a try....definitely a good idea.

You're right about a list that large...I left the script running and it created a file over 9 gig! It wanted to keep running but I ran out of disk space.

My Idea was to use this huge list with coWPAtty and precompute it against the "Church of Wifi" top 1000 ssid's. That would generate a good lookup table for faster cracking. The problem is list size.....it's HUGE!! I need to get a new hd.

The CoWf precomputed tables is 8 gig in size using 170,000 actual words...I wanted to be able to include random strings.

I think this might be a bit too large a project for me. It would be better suited as a distributed project.
For example:
Using all characters...
First person generates and precomputes length 8-10...
Second does the same for length 11-12...
repeat...to 64...
as it goes up, it will have to be reduced to one length.

Then consolidate.

Damn, this might be unworkable because of sheer size. I'm not a coder but a "SETI@home" type of program would do this nicely.

[granger53]

Oh, man!
John ROCKS!!!

[Mr.Octopus]

Yep it sure does.
Happy birthday have a pound sign (most US K.boards dont have one so when cracking pass's you may never get it)

£

Same is true of other (alt) keyboard

[Olrad]

Missed that one (and I'm from the UK so I have no excuse...).
I suppose we had better add € too...

[Aricshow]

oh, don't forget ñ its in allot of Spanish passwords! The list sounds cool, when i get my new server I might make it a project to do.

[godfather]

hi

when i tried to run this command

perl ./wg.pl -l 4 -u 6 -v abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWX YZ0123456789\`\~\!\@\#\$\%\^\&\*\(\)\-\_\+\=\[\]\;\'\,\.\/\<\>\?\:\"\{\}\|\ > words.txt

i have this message error

File size limit exceeded

what is my pb? i have large hard (80 Gigabytes free)

[kaaslander]

I'm making a 26 digitaal wpa code dictionary.... I want to crack my wpa code, look like this
" fs8903uied238nv01dh3890wlp "

$ perl ./wg.pl -l 26 -u 26 -v abcdefghijklmnopqrstuvwxyz0123456789 > words.txt

i was wondering, how long does it take to crack it, with aircrack?

[CurioCT]

What exactly did you expect? why do you think bruteforce attacks take so long? what you are trying to do is make a brute force dictionary

so lets say for argument sake you look at the 128 characters in the standard ascii table and a password is only 4 characters long

128x128x128x128= 268,435,456 bytes for a 4 character password=268mb

6 chars 4,398,046,511,104 bytes 4.5TB if i got my factors right in my head and its a sunday afternoon so i might not have

OK so 128 is extreme so try 70 characters (or so) on a standard key board with out any extra effort and not counting case sensitivity

4 chars = 24,010,000 bytes
6 chars = 117,649,000,000 bytes

how much data do you think you'd need for 26 chars? that alone how long it would take to generate.

generators are cool if you know its:-
a. a small password
b. you have a partial match
c. you saw key strokes (shoulder surf) but you are not 100% certain.
d. you can otherwise narrow the parameters
e. erm thats all off the top of my head

hope this helps

Thanks for the tip about John! I've never used it, so I'll have to give that a try....definitely a good idea.

You're right about a list that large...I left the script running and it created a file over 9 gig! It wanted to keep running but I ran out of disk space.

My Idea was to use this huge list with coWPAtty and precompute it against the "Church of Wifi" top 1000 ssid's. That would generate a good lookup table for faster cracking. The problem is list size.....it's HUGE!! I need to get a new hd.

The CoWf precomputed tables is 8 gig in size using 170,000 actual words...I wanted to be able to include random strings.

I think this might be a bit too large a project for me. It would be better suited as a distributed project.
For example:
Using all characters...
First person generates and precomputes length 8-10...
Second does the same for length 11-12...
repeat...to 64...
as it goes up, it will have to be reduced to one length.

Then consolidate.

Damn, this might be unworkable because of sheer size. I'm not a coder but a "SETI@home" type of program would do this nicely.