Jump to content

Search the Community

Showing results for tags 'john'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Occupation


Interests


Biography


Location

Found 1 result

  1. Password profiling is an important aspect of information gathering, where customized wordlists are created based on target, which intern can reduce the load of cyber warriors in performing password attacks.Tools such as CeWL, Wyd.pl, CRUNCH and CUPP can be used to gather / create custom word lists. I will discuss about CeWL and Wyd.pl. Wyd: Wyd supports plain, html, doc, ppt, mp3, jpeg, odt/ods and pdf files. Download wyd.pl from http://www.remote-exploit.org/content/wyd-0.2.tar.gz. After downloading we extract and install wyd.pl. Its time for us to start password profiling of clients/targets/victims. Create a folder under the name of target. (Consider target is xyz.com) (Mkdir /XYZ) Now go to XYZ folder (cd XYZ) Use wget –r http://www.xyz.com/ (This dumps the target website contents to the XYZ folder) Fire up the terminal with wyd.pl (Wyd.pl –o xyz-wordlist.txt –t –b –e ‘/root/XYZ/’) The arguments –o specifies wyd.pl to send captured words on to specified file; -tspecifies wyd.pl to create separate wordlist files based on the input files available from the target; -b tells wyd.pl to remove of non-alpha characters from word start; -e tells wyd.pl to remove of non-alpha characters from word end; of course we need to specify the source directory at last. This is not it you can find more options by trying out wyd.pl. CeWL: CeWL is by default available in kali linux, it is a custom word list generator where it takes the target URL and a specified depth. Digininja wrote it. Fire up terminal. cewl –w ‘/root/customwordlist.txt’ –d 4 –m 7 –v http://www.XYZ.com/ -w writes captured words to file. -d <num> specifies the spider the depth it can search by default it is 2. -m <num> specifies the minimum character in words it can start. -v runs in verbose mode. Mutating the custom word lists Mutating the word list crated highly increases the chance of successful password attacks now a days. We can use John for this purpose, john has few built in rules for mutation, we can also add our own rules, but we will look into using built in rules. John is already available in kali linux. We can also use RSMangler. John --wordlist=‘/root/customwordlist.txt’ --rules --stdout> ‘/root/newcustomwordlist.txt’
×
×
  • Create New...