Go Back   Xisp.org Forums > Porn Password Cracking > Cracking Tutorials

Creating Word Lists ..., (c) by Just1ce. - Fl00dA!

Reply
Views: 1748 - Replies: 5  
Thread Tools Display Modes

Creating Word Lists ..., (c) by Just1ce. - Fl00dA!
Old 01-05-2005, 07:01 PM   #1
§.WiZmAn.§
The.WiS3
 
§.WiZmAn.§'s Avatar
 
§.WiZmAn.§ is offline Offline
Join Date: Jan 2005
Location: Mexico
Posts: 903
Threads: 83
§.WiZmAn.§ is on a distinguished road
Default Creating Word Lists ..., (c) by Just1ce. - Fl00dA!

*This text has been written for younger crackers in order to help them to make effective
wordlists**

You were interested in security and hacking so have started to read various texts on the subject.
Then,
you have downloaded the lastest versions of the best crack engines and after toying with it for
some time,you decide to give it a try on a pass board.You have downloaded all wordlists available
and make you own attack lists and ... you miserably failed to crack request after request.Then
you talk with other crackers and they tell you : "use a leecher!!" Suddenly,you start to have
success so you stick on that approach.After a few months,you start to have reputation as a
skilled cracker but , inside yourself, you know that you're nothing much than a button pusher.
You have no REAL KNOWLEDGE, no deep understanding.

"Ce qui se conçoit bien s'énonce clairement et les mots pour le dire viennent aisément."
Boileau

So let's start with the basics: the wordlist.

Creating your own wordlist is very important.Why? Because each individual has his own
experiences, culture, interests etc. So each cracker add something to the cracking community by
doing this exercise.
Furthermore, it builds patience, reflexion and the right attitude needed to become an
accomplished hacker.

How people choose their passes?That's a good question you have to answer in order to
build your lists.

Personaly, I have created my own concepts that I describe below.They represent my understanding
of the customers' habits.You can use them or create your own classes,it does not matter.What
matter is that you adopt what fits your understanding.

Tip: RESD YOUR LEECHED COMBOS MANY,MANY TIMES.Ask youself how someone could have chosen these
particular combos? What drove them in their choice? Note the most commons patterns.Then decide
which classes you will create.


Personaly, I use these 5 basic classes

1.Related to the subject:

Many login/password are from a vocabulary closely related to the subject or the name of the site.

Examples: great:sex
cock:sucker
hand:job
blow:job
anal:sex

etc.

Note that a specific wordlist designed to attack a BDSM site will likely have words like bondage,
whip,gag,slave,master,trampled ... while a general wordlist will should stick to more common
words like pussy,porn,cock,dick boob,boobs,breast ... The same is also true if you attack an
accounting
site,words like assets,liability,profit,losses ... will fit well. Does it make sense to you?

2.Related to the user:

first names,last names,daughters,sons,center of interests ...

joe99:joe
mikes:msmith
mikes:smike
mike:ekim
mike:smith
mike:analsex

etc.

Note: combos in the form name + 2 digits:name are 15 times more common than name:name+ 2 digits
combos name+2 digits: 2digits+name appears almost equally to name:name+2 digits
it means that tony69:tony will appear much more often than tony:tony69
tony69:69tony will appear as often as tony:tony69

3.Visual associations / visual oppositions

sun:moon
qaz:wsx
qwert:poiuy
qwert:asdf
screen:saver
laser:printer
check:mate

etc.

4.Social associations /social oppositions

bill:clinton (politics,celebrities)
benson:hedges (company)
miami:dolphins (sports)
black:white (racial)

etc.

5.Logical associations /logical oppositions

1234:12345
1234:5678
123:456
abc:123
abc:def
true:false
in:out

etc.

It is common to see combos where the login as been chosen in the related to user and the pasword
in the related to the subject classe or in the logical association class.
example: mike:123 joe:123456 joe:sex etc.

Search where are the good sources of informations.Example: the site of the U.S. census bureau
hosts the male,female and last names lists in order of frequency in the U.S.A. Do you think it
can help? Well do your search. Have you already make the link: if it exists in the U.S.A. maybe
it exists in other countries ...

Broadening the field of study:

Creating wordlists is not by itself hacking.However, gaining an account name can sometime be
done only through brute attack. Don't reject this as lame. Checking for weak l/p is not more of
less lame than using a port scanner to map a server or using JtR to decrypt a stolen .htpasswd
file.It is part of a hacking process or any serious security audition exercise.

Now that you got some tips how to create effective wordlists,time to work!! But start reading on
HTML, ports, TCP IP protocol,
exploits ... Install a version of Linux on your computer and gain some experience with it and
remember: there is NO theoretical hacking.You have to do and try what you read.Only practical
experiences will give you REAL KNOWLEDGE
!!Now it's time to work!!!!

Good luck, Just1ce.
__________________
®*.¸¸.*´¯`*( XxXCrackers, Xisp CreW PoWeR of The XxX WORLD )*´¯`*.¸¸.*©
  Reply With Quote

Old 01-20-2005, 08:34 PM   #2
Wickerman
Special Friend
 
Wickerman's Avatar
 
Wickerman is offline Offline
Join Date: Jan 2005
Location: 22 Acacia Avenue Ohio, USA
Posts: 2,228
Threads: 324
Wickerman is on a distinguished road
Default

I don't agree with this tutorial. Creating your own combos is a colossal waste of time in my opinion, no matter how you go about doing it. If you don't know how to get passfiles or if you have not been lucky enough to have one or two given to you by some kind soul my advice is to leech, leech, and leech some more.
__________________
"Hand of fate is moving and the finger points to you. He knocks you to your feet and so what are you gonna' do? Your tongue has frozen now, you've got something to say. The piper at the gates of dawn is calling you his way."

-The Wicker Man, Iron Maiden

Last edited by Wickerman; 03-17-2005 at 06:20 AM..
  Reply With Quote

Old 01-21-2005, 05:41 AM   #3
lazo
Guest
 
Posts: n/a
Threads: 5107
Default

thankz alot m8 for this
  Reply With Quote

Old 03-17-2005, 06:01 AM   #4
agajan_m
Guest
 
Posts: n/a
Threads: 5107
Wink

Quote:
I don't agree with this tutorial. Creating your own combolists is a colossal waste of time in my opinion, no matter how you go about doing it.
i absolutely agree with u.some sites can have 16 character usernames and passwords.wordlist will be 9999999999.... GB. i cant imagine that huge list. it impossible to get passes with own list.
Quote:
leech, leech, and leech some more.
LEECH...LEECH....LEECH.
  Reply With Quote

Old 04-01-2005, 03:08 AM   #5
Jayman
Site Cracker
 
Jayman is offline Offline
Join Date: Jan 2005
Posts: 1,004
Threads: 104
Jayman is on a distinguished road
Default

The Essay is old, done at a time when Jean was charging for AccessDiver, Raptor was a twinkle in Madmax's eye :)

The methodology of creating your own wordlists is an attempt to have Bruteforcers' question why you can access a site. The basic principles the Essay implies will never change on any type of System where a User gets to choose a Name and Password.

An example of such thinking is the "Making E-mail Wordlists" where you're using "large and free" e-mail Servers as the E-mail part of the address in a standard combo list.

While Servers improve security measures, the constant which has and will always remain is the natural laziness of humans, the main reason why Webmasters choose to generate combinations.

I agree, most will leech thier wordlists as its an effective way to build them, and to gather words for JTR. But I personally wouldn't dismiss the Essay, considering its a method I constantly use as an initial "test" on a site with a Browser. And probably the reason why it's been posted.

Last edited by Jayman; 04-01-2005 at 03:15 AM..
  Reply With Quote

Old 07-17-2006, 02:08 PM   #6
kawchak
Guest
 
Posts: n/a
Threads: 5107
Default

Very interesting read, thanks for the info
  Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump



All times are GMT -4. The time now is 09:27 AM.


vBulletin skin developed by: Xisp.org Crew
Powered by vBulletin®
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.
2005 © Copyright Xisp.org