Re: Fwd: password list generation

[Miguel Dilaj <miguel.dilaj () oissg org>]

Or generate a .txt file with your "base" word, and then process it with
John the Ripper mangling rules:

     john --rules --wordlist=basedict.txt --stdout > bigdict.txt

Double check John's syntax, I wrote the above from the top of my head.
Regards,

Miguel


whip () netspace net au escribió:
> I'd agree. Write you own script to take a string and generate a list of
> permutations, based on your own variation. Will come in very handy for
> future pen tests.
>
>
> Scott
>
> -----Original Message-----
> From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
> Behalf Of Radu Oprisan
> Sent: Wednesday, 15 August 2007 6:33 AM
> To: sami seclist
> Cc: security-basics () securityfocus com
> Subject: Re: Fwd: password list generation
>
> sami seclist wrote:
>   
> > Hi list,
> >
> > I am pentesting the backbone of an ISP. There are several ssh and
> > telnet ports open, and I would like to launch a brute force password
> > attack. However, i want to lower the number of possibilities to try to
> > those common combinations we all use in our company (ACME2007,
> > AcmE2OO7, AcMe123, etc.).
> > is anybody aware of a tool that can generate a list of passwords from
> > a root word, the company name for example, or is there any source that
> > lists all the trivial combination of words commonly used as passwords.
> >
> > Thanks guys.
> >     
>
> You can probably find password lists by using google.
> Modifying a password list by adding numbers should be very simple,
> however, modifying case should be a job for a perl script and should not
> be used because it would generate a huge list. For example:
>
> base: acme
> 1: Acme
> 2: ACme
> 3: ACMe
> 4: ACME
> 5: aCme
> & so on
>
>
>
>
>