Infrastructure penetration testing notes
  • Initial page
  • Table Of Content
  • Infrastructure testing
    • Enumeration
      • Packet Capture
      • Host Discovery
      • Services / Ports
        • 21 - FTP
        • 22 - SSH
        • 25 - SMTP
        • 53 - DNS
        • 67 - DHCP
        • 69 - TFTP
        • 79 - Finger
        • 88 - Kerberos
        • 111 - RPC
        • 113 - ident
        • 135 - MSRPC
        • 137 - Netbios
        • 139/445 - SMB
        • 161 - SNMP
        • 177 - XDMCP
        • 363 - LDAP
        • 443 - HTTPS
        • 500 - IKE (IPSEC)
        • 512/513/514 - R Services
        • 623 - IPMI
        • 873 - RSYNC
        • 1099 - Java RMI
        • 1433 - Microsoft SQL
        • 1521 - Oracle DB
        • 2049 - NFS
        • 3306 - MySQL
        • 3389 - RDP
        • 5432 - PostgresSQL
        • 5900 - VNC
        • 5985 - WinRM
        • 6000 - X11
        • 6379 - Redis
        • 8080 - Jenkins
        • 11211 - Memcached
        • RDS
        • SQLite
        • Docker
      • IPV6
        • Scanning
        • Enumeration
        • Transfering files
        • Pivoting and routes
        • THC IPv6
    • Gaining Access
      • IP Forwarding
      • VLAN Information
      • Psexec
      • Upgrading shell
      • Reverse Shells One-Liners
      • Bruteforce
      • MITM cleartext protocols
      • Null session
      • LLMNR / NBT NS Spoofing
      • Port knocking
      • Downloading/Transfer files
      • Remote Desktop
      • NAC Bypass
      • Pass-The-Hash
    • Exploitation
      • Solaris
      • IPv6
      • Windows
        • Compiling Code
        • SMB Vulnerabilities
        • Kerberos Attacks
    • Privilege Escalation
      • Situational Awareness
        • Linux
        • Windows
          • Registry
          • PowerView
          • FSMO Roles
      • Windows
        • Disable Apps and Firewall
        • Add user script
        • UAC Bypass
        • icacls
        • Running services
        • Common Exploits
      • Linux
        • SUID Shell script
        • CVE-2019-14287
        • Kernel exploit
      • Solaris
      • FreeBSD
      • Automated tools
      • Metasploit Modules
      • Password Dumping
    • Breakout
      • LOLBas
      • powershell constrained language byass
      • Alternatives to command prompt
      • Windows utilities
      • Applocker
      • Restricted shells
      • Environmental Variables / Bypassing Path Restrictions
      • Docker escape
      • Just Enough Administration (JEA)
    • Presistance
      • Windows
    • Pivoting
      • Adding routes
    • Password Cracking
      • Hashcat
      • John
      • Cisco Passwords
      • Passwords Lists
      • Generating wordlist
    • Tools
      • Nishang
      • UACME
      • Bypass-UAC
      • MSBuildAPICaller
      • Impacket
      • SharpPersist
      • Terminals
      • IP Calculation
      • pwsh
      • psTools / Sysinternals
      • Unlock applocker
      • enum4linux
      • Bloodhound
        • aclpwn
      • mitm6
      • Enyx
      • nfsshell
      • PowerUpSQL
      • Metasploit
        • msfvenom
    • Others
Powered by GitBook
On this page
  • Types of wordlist
  • CeWL
  • Weak Passwords
  • Crunch
  • kwprcessor
  • weakpass generator

Was this helpful?

  1. Infrastructure testing
  2. Password Cracking

Generating wordlist

PreviousPasswords ListsNextTools

Last updated 4 years ago

Was this helpful?

Types of wordlist

There 5 types of wordlists

  1. Weak common Password (e.g. rockyou.txt, and etc)

  2. Scrapped wordlist - scrape a website for words that can be used as password (tool - CeWL)

  3. Generated words - generate a common pattern words (e.g. aaaa, bbbb , cccc) (tool - crunch)

  4. Generate keyboard walks (tool - kwprocessor)

  5. Wordlists based on current year / season (e.g. Summer2020 , Winter2019 and etc) (tool - weakpass_generator)

CeWL

CeWL - Custom Word List generator

Creating custom word lists spidering a targets website and collecting unique words.

GitHub:

Usage:

└─$ cewl https://digi.ninja/
CeWL 5.4.8 (Inclusion) Robin Wood (robin@digi.ninja) (https://digi.ninja/)
the
and
you
with
this
for
that
Share
The
but
close
can
ninja
get
are
was
from
have
all
site
they
[--sniped--]

Weak Passwords

Crunch

crunch enables us to create a custom password-cracking wordlist that we can use with such tools like Hashcat, Cain and Abel, John the Ripper, Aircrack-ng, and others. This custom wordlist might be able to save us hours or days in password cracking if we can craft it properly.

Syntax:

kali > crunch <min> max<max> <characterset> -t <pattern> -o <output filename>

Example:

crunch 4 4 -f /usr/share/crunch/charset.lst lalpha-numeric -o wordlist.txt

We could generate all the possibilities of ten-character passwords that end with 0728 and send the output to a file in the root user's directory named birthdaywordlist.lst, by typing:

crunch 10 10 -t @@@@@@0728 -o /root/birthdaywordlist.lst

kwprcessor

Advanced keyboard-walk generator with configureable basechars, keymap and routes

Example:

./kwp basechars/full.base keymaps/en-us.keymap routes/2-to-16-max-3-direction-changes.route > wordlist.txt

weakpass generator

Usage:

─$ python3 weakpass_generator.py 
Here are the results:
Christmas1
Christmas123
Christmas20
Christmas20!
Christmas2020
Christmas2020!
Christmas@20
Christmas@2020
December1
December123
December20
December20!
December2020
December2020!
December@20
December@2020
February1
February123
February2021
February2021!
February21
February21!
February@2021
February@21
January1

SecList-

Link:

script: or online version

darkweb2017-top100.txt
https://github.com/digininja/CeWL
https://github.com/danielmiessler/SecLists/tree/master/Passwords
https://github.com/hashcat/kwprocessor
https://github.com/nyxgeek/weakpass_generator
http://www.weakpasswords.net/