1
00:00:01,490 --> 00:00:05,110
This lecture we're going to learn how to create a wordlist.

2
00:00:05,150 --> 00:00:11,060
This is a really handy skill to have under your belt if you want to be a penetration tester because

3
00:00:11,060 --> 00:00:17,270
you're going to face a lot of scenarios where a wordless attack can become very handy so you can actually

4
00:00:17,270 --> 00:00:19,870
go ahead and look for ready word lists on the Internet.

5
00:00:19,880 --> 00:00:24,920
And those are some really really good ones and you should probably use a lot of them because some of

6
00:00:24,920 --> 00:00:26,990
them just have the common passwords.

7
00:00:26,990 --> 00:00:31,130
But in many cases you might actually need to create your own wordlist.

8
00:00:31,340 --> 00:00:36,560
So in this picture we're going to learn how you create your own wordlist using a tool called Cranch

9
00:00:37,610 --> 00:00:39,200
So using the tool is very simple.

10
00:00:39,200 --> 00:00:46,280
All you have to do is just put the name of the tool and then you specify the minimum number of characters

11
00:00:46,280 --> 00:00:48,780
for the passwords to be generated.

12
00:00:48,860 --> 00:00:53,440
Then we're going to specify the maximum number of characters for the password.

13
00:00:53,690 --> 00:00:58,520
Then you specify the characters that you want to generate passwords from.

14
00:00:58,520 --> 00:01:04,160
For example you can put all lowercase characters all uppercase you can put numbers digits or you can

15
00:01:04,160 --> 00:01:09,470
just specify a small a smaller number to make the wordlist smaller.

16
00:01:09,470 --> 00:01:13,510
You can also use the option t which is an optional to give pattern.

17
00:01:13,520 --> 00:01:18,260
So for example let's say that you are looking at the person while they were typing their password and

18
00:01:18,260 --> 00:01:21,150
you've seen that the password will start with an A.

19
00:01:21,230 --> 00:01:26,960
So you can tell crunch that the password will start with an A and then give me all possible combination

20
00:01:27,410 --> 00:01:35,210
of passwords that start with an A and after that we use the minus 0 option to specify the file name.

21
00:01:35,240 --> 00:01:37,560
Where are the passwords are going to be stored.

22
00:01:38,330 --> 00:01:45,020
So we have a small little example here that will generate a list of passwords that contain that start

23
00:01:45,020 --> 00:01:51,710
from 6 characters to 8 characters and contain these characters right here so it's going to create combinations

24
00:01:51,710 --> 00:02:00,690
of 1 to 3 ABC and the dollar sign and it's going to store it in a file called that should be and oh

25
00:02:00,740 --> 00:02:08,360
I'll fix that in a file called wordlist and these passwords are going to start with an A and end with

26
00:02:08,360 --> 00:02:15,710
a B and it'll generate passwords based on all possible combinations between the A and B so all of the

27
00:02:16,190 --> 00:02:21,610
generated passwords will always start with a and with B.

28
00:02:21,660 --> 00:02:23,540
So let's have an example of the tool.

29
00:02:23,660 --> 00:02:27,180
Now that will actually have a lot of options other than what we've seen so far.

30
00:02:27,180 --> 00:02:35,860
So if you just type in Man Crunch you'll see all the options that you can set and you'll see detailed

31
00:02:36,160 --> 00:02:40,060
description about all of these options so it's actually a really really good.

32
00:02:40,150 --> 00:02:43,980
You can go ahead and spend some time to get familiar with the tool.

33
00:02:44,050 --> 00:02:48,420
Now I'm going to show you the example and based on the example you'll be able to run all of these commands.

34
00:02:48,610 --> 00:02:54,710
But if you want to run or create some advanced word lists then I highly recommend that you go over this

35
00:02:56,560 --> 00:03:03,070
one of the really cool options that I want to highlight is D-minus option the minus p option tells Cranch

36
00:03:03,070 --> 00:03:06,880
to generate passwords that don't have repeating characters.

37
00:03:06,910 --> 00:03:12,100
For example when you specify all lowercase characters you specify A B C D.

38
00:03:12,100 --> 00:03:20,080
It'll start by generating passwords made of a AAA and then a b and then a b b b b b and all of that.

39
00:03:20,080 --> 00:03:25,840
So when you do this crunch will actually ignore these type of passwords and it'll only create passwords

40
00:03:25,840 --> 00:03:31,810
that don't have any repeating characters and that reduce the size of the wordlist from the number of

41
00:03:31,810 --> 00:03:37,500
characters to the power of the length to the number of characters factorial.

42
00:03:37,560 --> 00:03:44,130
If you scroll down you'll actually see more examples of commands and the type of word lists that will

43
00:03:44,130 --> 00:03:44,990
be created.

44
00:03:45,830 --> 00:03:50,210
So again you can have a look on these and get yourself for me familiar with.

45
00:03:50,210 --> 00:03:55,160
Once you're done looking at the man you can just press Q And you'll be out of it and we're going to

46
00:03:55,160 --> 00:04:01,950
run our command here so we're going to use crunch and I want to generate passwords of minimum of six

47
00:04:01,950 --> 00:04:11,370
characters a maximum of eight characters and I want them to contain combinations of ABC and let's say

48
00:04:12,000 --> 00:04:17,760
the digits 1 2 now and here you can actually keep lists and things you can list characters you can list

49
00:04:17,760 --> 00:04:20,470
uppercase characters or even symbols if you wanted to.

50
00:04:21,340 --> 00:04:25,500
Once you're done with listing the characters we're going to specify the file to save it to.

51
00:04:25,630 --> 00:04:32,240
And we're going to save it in a file called test that takes the.

52
00:04:32,320 --> 00:04:34,000
So the command is very simple.

53
00:04:34,000 --> 00:04:39,940
It's crunch minimum on length of the password the maximum length of the password followed by the characters

54
00:04:39,940 --> 00:04:46,030
that we want to use to generate passwords from and then 0 to the file that the passwords are going to

55
00:04:46,030 --> 00:04:47,330
be stored in.

56
00:04:47,340 --> 00:04:49,840
And then hit enter.

57
00:04:50,070 --> 00:04:55,890
And as you can see now telling us that it generated four hundred and forty eight thousand passwords

58
00:04:56,040 --> 00:05:02,250
approximately and they're all stored in a file called Test ATX takes you know the size of the file is

59
00:05:02,250 --> 00:05:03,620
four megabytes.

60
00:05:03,840 --> 00:05:06,150
And now I can open this file by doing cat

61
00:05:09,910 --> 00:05:11,620
30 XTi.

62
00:05:11,840 --> 00:05:15,880
And as you can see now we can see all the passwords that have been generated.

63
00:05:15,950 --> 00:05:18,910
I'm going to Control-C out of it because it's a huge file.

64
00:05:19,100 --> 00:05:26,980
And as you can see it actually contains all possible combinations of ABC 1 to.

65
00:05:27,040 --> 00:05:30,550
I also want to show you an example of using the minority option.

66
00:05:30,550 --> 00:05:36,490
So I'm going to set this to only 6 2 6 so it's only six characters and we're going to use them minus

67
00:05:36,490 --> 00:05:41,770
the option which is the pattern option and I'm going to tell it that I want the password to always start

68
00:05:41,770 --> 00:05:50,340
with any and then I want you to fill all possible combinations of characters between the A and B.

69
00:05:50,340 --> 00:05:56,820
So I want passwords that start with an A and end with a B and in the middle of the outside you can fill

70
00:05:56,820 --> 00:06:04,380
all possible combinations of ABC want to go ahead and turn as you can see now the number of passwords

71
00:06:04,380 --> 00:06:05,490
is much less.

72
00:06:05,490 --> 00:06:12,120
It's only six hundred and twenty five passwords because I've narrowed down the possibilities of passwords.

73
00:06:12,240 --> 00:06:22,290
Again if I do cat test dirty D you'll see that I have all the passwords right here.

74
00:06:22,340 --> 00:06:26,530
So this is it is really useful can be used in many scenarios.

75
00:06:26,540 --> 00:06:31,610
I highly recommend that you spend some time with it and also have have a look on some of the existing

76
00:06:31,730 --> 00:06:33,580
wordlist out there on the Internet.