Академический Документы
Профессиональный Документы
Культура Документы
http://adaywithtape.blogspot.com/2011/07/wordlist-manipulation-revisited.html
Si desea una lista contrasea de 4 caracteres con nmeros slo el cdigo es; / pentest /
CONTRASEA / crunch 4 4 0123456789> pass1.txt Si desea una lista contrasea de 6
caracteres con minsculas y nmeros, el cdigo es; / pentest / password / crunch 6 6
ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789> pass2.txt Tambin puede fijar las partes de las
contraseas, si por ejemplo usted es que la contrasea siempre comenzar con, por ejemplo,
"pasar", seguido de un nmero, puede utilizar crisis para hacer el trabajo para usted. /
pentest / password / crunch 8 8 0123456789-t pass @ @ @ @> password.txt que an
resultados en un archivo con 10000 combinaciones posibles, aunque .. Puede comprobar el
nmero de lneas con, gato password.txt | wc-l . La sintaxis de crisis se pone un poco ms
complicado cuando se trata de caracteres especiales Si por ejemplo usted quera hacer una
lista de palabras de cinco caracteres con todos los caracteres especiales posibles, usted
tendra que para "escapar" ciertos caracteres especiales usando backslash \ si quera arreglar
ciertos personajes, usando la opcin-t funcin, una vez ms, que tendra que escapar ciertos
caracteres, es decir, / pentest / password / crunch 5 5 " \ ` \ ~ \ @ # $% ^ & * ()-_ = + [{]};:
' \ "| <.>? \, /"-t "@ @ \ " \ \ @ " SED Uso ==== ==== Sed es la abreviatura de StreamEditor, y
aunque muy potente .. no es fcil de usar y sin duda demasiado complicado para m .. Por lo
tanto la presente slo un ejemplo; usted puede copiar el contenido de una pgina web con un
simple "seleccionar todo" y "copia", pega esto en un archivo txt, guardar el archivo txt
(web.txt); Transformar un espacio en una nueva lnea;sed 'se [[: space:]] e \ neg'-i
web.txt Quitar lneas vacas; sed '/ ^ $ / d'-i web.txt Entonces ordenar por orden alfabtico y
excluir duplicados; gato web.txt | sort | uniq> web_sorted_uniq.txt As, con slo un Ctrl + A
Copiar y pegar y 3 lneas de cdigo que usted tiene una lista de palabras de todas las palabras
en una pgina web especfica. Obviamente, algunos sitios web son ms adecuados para esto
que otros, sin embargo, es todava una rpida y la manera sucia para obtener una lista de
P U B L I C A D O P O R C I N TA E N 1 4 : 4 5
N O H AY C O M E N TAR I O S :
P U B L I C A R U N C O M E N TAR I O
http://adaywithtape.blogspot.com/2011/07/wordlist-manipulation-revisited.html
If you want a 4 character password list with just numbers the code is;
/pentest/passward/crunch 4 4 0123456789 > pass1.txt
If you want a 6 character password list with lowercase and numbers, the code is;
/pentest/password/crunch 6 6 abcdefghijklmnopqrstuvwxyz0123456789 > pass2.txt
You can also fix parts of the passwords; if for instance you are think the password will always
start off with for instance "pass" followed by numbers, you can use crunch to do the work for
you.
/pentest/password/crunch 8 8 0123456789 -t pass@@@@ > password.txt
That still results in a file with 10000 possible combinations though.. can check the number of
lines with ;
cat password.txt | wc -l
The syntax for crunch gets slightly more complicated when dealing with special characters.
If for instance you wanted to make a five character wordlist with all possible special
characters, you would need to 'escape' certain special characters using backslash \
If you wanted to fix certain characters, using the -t function, then again, you would need to
escape certain characters, ie ;
Using SED
========
Sed is short for StreamEditor, and although extremely powerful.. not easy to use and
definately too complicated for me.. So herewith just an example;
You can copy the contents of a webpage with a simple 'select all' and 'copy', paste this into a
txt file, save txt file (web.txt) ;
So with just a Ctrl + A, Copy & Paste and 3 lines of code you have a wordlist of all words on
a specific webpage.
Obviously some websites are better suited for this than others, however it is still a quick and
dirty way to get a decently focussed wordlist and you can then clean it up further with sed
commands and password inspector (see lower down in the post).
TR
==
The 'tr' command is handy as well, for instance to change upper to lower case or vice versa;
tr [:upper:] [:lower:] <> wordlist_lower.txt
Then we start wget to grap all from a site, specifying how deep we want to go (-l)
wget -r -l 1 -nd http://www.theregister.co.uk
Then to go to wyd and use it to extract all words from the downloaded files.
cd /pentest/password/wyd
perl wyd.pl -n -o ~/wordlistTR.txt ~/TR/
So now we have a txt file with all words from the 1st level of theregister.co.uk in alphabetical
order without duplicates.
Its handy to remember that the 'sort' function bases the sorting on the order as defined in the
ASCII table and so will sort ABCabc instead of AaBbCc.
To get a real alphabetical sorting order, use the -f command;
Password Inspector
===============You can use Password inspector to tidy up wordlist files based on minimum
and maximum password length and which character set you want it to contain.
So the above some ways to get wordlists and how to manipulate them to your liking !
P O S T E D B Y TAP E AT 1 4 : 4 5
NO COMMENTS:
POST A COMMENT