making a Wordlist (for bruteforcing)

hypn · 07-25-2008, 11:20 AM

I'm tired of downloading crappy wordlists, and having to merge them, and remove duplicates, only to end up not getting the password, so I've decided to make my own wordlist.

I'm starting with Wikipedia... taking a recent dump, stripping all the HTML code out, and separating on spaces - I figure that's a pretty good starting point (I'll have every word, name, surname, country, city, band name, etc that is currently in Wikipedia)... I'll also have a LOT of (pretty much useless) numbers. I'll obviously filter out all dupes.

My plan is to convert everything to lower case, and then start manipulating it, so I'd like to know if you have any suggestions (not just "things I can do" to the words, but what will make the list more effective). So far I'm thinking:

1. make letters uppercase 1 letter at a time, incrementally (so each word will have every possible combination it could be typed using upper or lower case letters)

2. convert words to "l33t" speak (swapping in 1s, 3s, etc) incrementally (so once again, it's every possible combination, using numbers in places of letters, for the word)

3. add 3 character repetitive numbers (eg: "111", "222", "333", etc) and letters ("aaa", "bbb", "xxx", etc) to the beginning and ending of each word

4. add a number (from 1-1000) to the beginning, and end, of each word

5. incrementally add a punctuation characters (.,!@#$%"') to each word (I'll probably strip all punctuation out of my starting list, so they don't get in the way).

All of the above steps would leave the original word in the list, and would create all the possible variations of that process.

Once that's done (and any other suggestions you guys might have), I'll filter out any duplicates that might've snuck in (adding "aaa" before "aa", and adding "aaa" after "aa" would produce a duplicate word), then start joining words - so every word will be put before/after every word in the list. I'm trying to decide how many words I want to join (obviously this makes my list exponentially longer). Because of the puncation I'll be adding, words will be joined with spaces, underscores, etc.

So apart of "strong" passwords (consisting of random characters and letters), it should appear in my wordlist.

Because the words "george", "w", and "bush" would appear in my starting list, at some point it would end up creating "George W. Bush" (upper casing, punctuation, and joining - assuming I was joining 3 words). It should also do a pretty good job providing the Most Common Passwords.

If you don't know what a "wordlist" or "brute forcing" is, please don't reply to this thread.

MasterOfChaos · 07-25-2008, 12:34 PM

you can't include all combinations of 1 to 5, because that are roughly several millions to a billion per word. If we go with the low estimates one million variations of a word and 100k words, your list would contain 10^11 entries. Which are several hundred GB. Even if you do the variations on the fly it will take very long for any good protection.

hypn · 07-25-2008, 01:37 PM

Someone made a wordlist from Wikipedia back in 2005 (Generating a word list from Wikipedia - Programming stuff) and it came to 1,035,166 (1 million+) words... which isn't even 10mb when extracted (his wordlist is available for download from that link).

You're right though, doing steps 1-5 would definitely generate a wordlist WAY too big... I should've done the maths. So then the question is... which are the best steps to do. Just pairing the words in the list, with the words in the list, 3 times (to make "catcatcat") would turn a 20mb wordlist into a 156gb wordlist. Sigh.

Would be cool if someone had a wordlist a couple of terrabytes big, and some serious processing power, that you could rent. If I were rich, I'd set something like that

Dyndrilliac · 07-25-2008, 04:14 PM

Umm, this has nothing to do with programming?

Shin666 · 07-25-2008, 04:31 PM

Instead of going the route of physical, i prefer psyche...Social Engineering ftw

hypn · 07-25-2008, 04:36 PM

Dyndrilliac: well it sorta does, more so than "game hacking" anyway, cos I'm going to be making a program to manipulate my wordlist? :|

Shin666: yes.... I'm going to socially engineer ZIP files, and encrypted strings...

Raistlin · 07-25-2008, 04:39 PM

This is going to sound like I'm being a dick but it's an honest thought. Why not try to get in without brute-forcing? Random example, a couple of years ago I was into an rpg and I ran into a guy who had an item I wanted. Instead of spending time trying to brute force my way into his account I befriended him. After knowing him for a few weeks I said I was thinking of buying the same item and asked if I could try it out. At which point I stole the **** out of it. Yea I know, I'm a creep. So what.

Of course if you have grand schemes for what you are going to do with this, that won't work. But if that is the case, I can also suggest that you pursue what you want legitimately instead of taking what seems like the easy road. If it costs money, use your brain to figure out a way to make that money. It may be easier in the long run.

hypn · 07-25-2008, 04:49 PM

Raistlin: nice nick (I think we've had that talk quite some time back), but like I said to Shin666 dealing with people isn't really an option (such as cracking ZIPs that you don't know who made, breaking encryption, etc), plus I figured I'd make the world's best wordlist and save everyone countless hours... or something.

LOL @ you befriending the guy and stealing his stuff though ;)

Dyndrilliac · 07-25-2008, 04:55 PM

Quote:

Originally Posted by hypn

Dyndrilliac: well it sorta does

No, it doesn't...

Quote:

Originally Posted by hypn

more so than "game hacking" anyway

How so? I don't see any discussion regarding the program to manipulate the list, just the list itself. At least with gamehacking, you have to find a why to implement ytour own code within the game, which requires a programmatic means.

Shin666 · 07-25-2008, 05:32 PM

Quote:

Originally Posted by hypn

Dyndrilliac: well it sorta does, more so than "game hacking" anyway, cos I'm going to be making a program to manipulate my wordlist? :|

Shin666: yes.... I'm going to socially engineer ZIP files, and encrypted strings...

you could ask the maker of the zip files for the password?

Raistlin · 07-25-2008, 05:51 PM

Quote:

but like I said to Shin666 dealing with people isn't really an option (such as cracking ZIPs that you don't know who made, breaking encryption, etc),

Yea, I read the thread before you posted that and was writing a reply already.

Jakor · 09-05-2008, 10:12 AM

Go ahead, throw the rules at me for this one....

As you found out, making a word list as big as you first described in order to brute-force would have been worse than brute-forcing no words. However I have a few things I would suggest, and I have a project that I am going to use some of this on.

Let's keep in mind that we are "hopefully" not going to run through the whole list and will end up with the correct password at somepoint. First, order the words from small to big, smaller words will most likely makeup the password than giant words. We can then also pass a minimum/maximum password length to our engine so we know when to stop in our list. Add all the extra crap on the fly after searching for the basic words, they don't need to be in the wordlist. Offer adding the extra crap for smaller words that don't meet the minimum size requirements. Offer combining words on the fly so long as you don't go over the maximum size. Offer filling in with extra even on the combined words. If you do this all on the fly, you can set the order you check things in easier and try to get a match sooner than going through the entire wordlist. Make sure the list is either only lowercase or only uppercase (make two copies of the wordlist if you want). If you need all the different possibilities of capitalization, do it on the fly.

Always assume that the password is going to be the simplest first (lowercase/oneword). The fact that you get to use a wordlist in the beginning means that there is a lack of security in choosing the password.

hypn · 09-05-2008, 01:40 PM

Thanks Jakor, some good points in there.

I guess most cracking programs these days support word manipulation (numbers/caps/combining) so a smaller list will do.

Can't wait for the day when CPU's will be so powerful that we'll be able to brute force up to 100 characters in a single day... :P heh.

HARD_ON · 09-05-2008, 03:07 PM

How about grid network processing? I use Xgrid, Qmaster, 3Delight and things of that nature for rendering graphic clips over my internal home network, as well as over the Internet to a few friends with dedicated CPU's.

hypn · 09-05-2008, 03:17 PM

hmmm.... I suppose with something like Hamachi you could easily create quite a nice cluster :D

07-25-2008, 11:20 AM	#1 (permalink)
hypn inactive Gold Member Disciple Join Date: Sep 2005 Location: South Africa Posts: 511	making a Wordlist (for bruteforcing) I'm tired of downloading crappy wordlists, and having to merge them, and remove duplicates, only to end up not getting the password, so I've decided to make my own wordlist. I'm starting with Wikipedia... taking a recent dump, stripping all the HTML code out, and separating on spaces - I figure that's a pretty good starting point (I'll have every word, name, surname, country, city, band name, etc that is currently in Wikipedia)... I'll also have a LOT of (pretty much useless) numbers. I'll obviously filter out all dupes. My plan is to convert everything to lower case, and then start manipulating it, so I'd like to know if you have any suggestions (not just "things I can do" to the words, but what will make the list more effective). So far I'm thinking: 1. make letters uppercase 1 letter at a time, incrementally (so each word will have every possible combination it could be typed using upper or lower case letters) 2. convert words to "l33t" speak (swapping in 1s, 3s, etc) incrementally (so once again, it's every possible combination, using numbers in places of letters, for the word) 3. add 3 character repetitive numbers (eg: "111", "222", "333", etc) and letters ("aaa", "bbb", "xxx", etc) to the beginning and ending of each word 4. add a number (from 1-1000) to the beginning, and end, of each word 5. incrementally add a punctuation characters (.,!@#$%"') to each word (I'll probably strip all punctuation out of my starting list, so they don't get in the way). All of the above steps would leave the original word in the list, and would create all the possible variations of that process. Once that's done (and any other suggestions you guys might have), I'll filter out any duplicates that might've snuck in (adding "aaa" before "aa", and adding "aaa" after "aa" would produce a duplicate word), then start joining words - so every word will be put before/after every word in the list. I'm trying to decide how many words I want to join (obviously this makes my list exponentially longer). Because of the puncation I'll be adding, words will be joined with spaces, underscores, etc. So apart of "strong" passwords (consisting of random characters and letters), it should appear in my wordlist. Because the words "george", "w", and "bush" would appear in my starting list, at some point it would end up creating "George W. Bush" (upper casing, punctuation, and joining - assuming I was joining 3 words). It should also do a pretty good job providing the Most Common Passwords. If you don't know what a "wordlist" or "brute forcing" is, please don't reply to this thread. __________________ http://www.hypn.za.net Last edited by hypn : 07-25-2008 at 11:27 AM.
$hypn 15 0FF11\|\\|3$

07-25-2008, 12:34 PM	#2 (permalink)
MasterOfChaos Deviant Join Date: Oct 2007 Posts: 48	you can't include all combinations of 1 to 5, because that are roughly several millions to a billion per word. If we go with the low estimates one million variations of a word and 100k words, your list would contain 10^11 entries. Which are several hundred GB. Even if you do the variations on the fly it will take very long for any good protection. __________________ We are the Others. We serve different forces, but in the Twilight there is no difference between the absence of darkness and the absence of light.
$MasterOfChaos 15 0FF11\|\\|3$

07-25-2008, 01:37 PM	#3 (permalink)
hypn inactive Gold Member Disciple Join Date: Sep 2005 Location: South Africa Posts: 511	Someone made a wordlist from Wikipedia back in 2005 (Generating a word list from Wikipedia - Programming stuff) and it came to 1,035,166 (1 million+) words... which isn't even 10mb when extracted (his wordlist is available for download from that link). You're right though, doing steps 1-5 would definitely generate a wordlist WAY too big... I should've done the maths. So then the question is... which are the best steps to do. Just pairing the words in the list, with the words in the list, 3 times (to make "catcatcat") would turn a 20mb wordlist into a 156gb wordlist. Sigh. Would be cool if someone had a wordlist a couple of terrabytes big, and some serious processing power, that you could rent. If I were rich, I'd set something like that __________________ http://www.hypn.za.net Last edited by hypn : 07-25-2008 at 01:43 PM.
$hypn 15 0FF11\|\\|3$

07-25-2008, 04:36 PM	#6 (permalink)
hypn inactive Gold Member Disciple Join Date: Sep 2005 Location: South Africa Posts: 511	Dyndrilliac: well it sorta does, more so than "game hacking" anyway, cos I'm going to be making a program to manipulate my wordlist? :\| Shin666: yes.... I'm going to socially engineer ZIP files, and encrypted strings... __________________ http://www.hypn.za.net
$hypn 15 0FF11\|\\|3$

07-25-2008, 04:39 PM	#7 (permalink)
Raistlin Zealot Join Date: Nov 2006 Location: Hiding in your closet Posts: 741	This is going to sound like I'm being a dick but it's an honest thought. Why not try to get in without brute-forcing? Random example, a couple of years ago I was into an rpg and I ran into a guy who had an item I wanted. Instead of spending time trying to brute force my way into his account I befriended him. After knowing him for a few weeks I said I was thinking of buying the same item and asked if I could try it out. At which point I stole the **** out of it. Yea I know, I'm a creep. So what. Of course if you have grand schemes for what you are going to do with this, that won't work. But if that is the case, I can also suggest that you pursue what you want legitimately instead of taking what seems like the easy road. If it costs money, use your brain to figure out a way to make that money. It may be easier in the long run. __________________ Barack Obama's allies - http://www.theslippingmask.com/
$Raistlin 15 0FF11\|\\|3$

Remove advertisements
BWHacks Advertisement	Sponsored links

07-25-2008, 04:49 PM	#8 (permalink)
hypn inactive Gold Member Disciple Join Date: Sep 2005 Location: South Africa Posts: 511	Raistlin: nice nick (I think we've had that talk quite some time back), but like I said to Shin666 dealing with people isn't really an option (such as cracking ZIPs that you don't know who made, breaking encryption, etc), plus I figured I'd make the world's best wordlist and save everyone countless hours... or something. LOL @ you befriending the guy and stealing his stuff though ;) __________________ http://www.hypn.za.net
$hypn 15 0FF11\|\\|3$

09-05-2008, 10:12 AM	#12 (permalink)
Jakor Trance Addict Senior Member Retired Staff Member Evangelist Join Date: Jan 2005 Location: NorCal-Eureka Posts: 1,025	Go ahead, throw the rules at me for this one.... As you found out, making a word list as big as you first described in order to brute-force would have been worse than brute-forcing no words. However I have a few things I would suggest, and I have a project that I am going to use some of this on. Let's keep in mind that we are "hopefully" not going to run through the whole list and will end up with the correct password at somepoint. First, order the words from small to big, smaller words will most likely makeup the password than giant words. We can then also pass a minimum/maximum password length to our engine so we know when to stop in our list. Add all the extra crap on the fly after searching for the basic words, they don't need to be in the wordlist. Offer adding the extra crap for smaller words that don't meet the minimum size requirements. Offer combining words on the fly so long as you don't go over the maximum size. Offer filling in with extra even on the combined words. If you do this all on the fly, you can set the order you check things in easier and try to get a match sooner than going through the entire wordlist. Make sure the list is either only lowercase or only uppercase (make two copies of the wordlist if you want). If you need all the different possibilities of capitalization, do it on the fly. Always assume that the password is going to be the simplest first (lowercase/oneword). The fact that you get to use a wordlist in the beginning means that there is a lack of security in choosing the password. __________________ Yes, I still still listen to trance! Learn Assembly and Game Hacking Jakor's Game Hacking School: http://www.bwhacks.com/forums/progra...ng-school.html contact me: website: www.cybercitadel.net email: Jakor@CyberCitadel.net xfire: Jakorf msn: Jakorf@hotmail.com
$Jakor 15 0FF11\|\\|3$

09-05-2008, 01:40 PM	#13 (permalink)
hypn inactive Gold Member Disciple Join Date: Sep 2005 Location: South Africa Posts: 511	Thanks Jakor, some good points in there. I guess most cracking programs these days support word manipulation (numbers/caps/combining) so a smaller list will do. Can't wait for the day when CPU's will be so powerful that we'll be able to brute force up to 100 characters in a single day... :P heh. __________________ http://www.hypn.za.net
$hypn 15 0FF11\|\\|3$

09-05-2008, 03:17 PM	#15 (permalink)
hypn inactive Gold Member Disciple Join Date: Sep 2005 Location: South Africa Posts: 511	hmmm.... I suppose with something like Hamachi you could easily create quite a nice cluster :D __________________ http://www.hypn.za.net
$hypn 15 0FF11\|\\|3$