For those of you who aren't aware, CeWL
is a utility that can assist in creating unique custom word lists by spidering web pages. CeWL is a ruby application that
will spider a given URL to a specified depth collecting words and
even email addresses. The returned word list can be used with
programs such as John The Ripper or any other application capable of
word list based brute force attacks. CeWL comes prepackaged on
BackTrack and Kali Linux installations, however if you are wanting to
set it up on a different Linux distribution, you can find the
download information at the following website:
Baisc Syntax:
The basic syntax of CeWL is very
straightforward, take for example the following:
# cewl --depth 7 --min_word_length 5
-write new_wordlist.lst --email --email_file found_emails.lst --verbose <TARGET
URL>
Lets examine this command in more
detail...
depth – this flag specifies the depth
of how far CeWL is going to go
min_word_length – this flag specifies
the minimum word length that CeWL will collect
write – this flag specifies the name
of the word list CeWL will generate
email – this flag tells CeWL that we
would like to collect emails
email_file – this flag specifies the
name of the file CeWL will dump emails into
verbose – verbose output to STDOUT
<TARGET URL> – the URL we are
telling CeWL to spider
If we ran this on a target URL, we
would obtain two output files, one containing potentially useful
emails and one containing a bunch of words that were scraped from the
target URL. The generated word list is relatively useless as is,
however, we can increase the chances of finding a valid credential by
mutating the word list.
Mutating Word Lists:
By mutating a word or lists of words,
we can permulate different variations of possibles that will aid in a
brute force attack. Take for example, the following scenario. We
are targeting a company and have managed to come across a list of
employees. We decide that we want to attempt to gain access into
bob.banter@targetcompany.com
's company email account. After digging into Bob Banter's
background, we have found that he was born in Hawaii in 1976. From
this we could derive a possible password of “aloha1976”. The
chances of this being a valid password for his email are slim.
However, chances increase when we mutate this possible password. By
mutating the password, we could get a list of mutations that could
contain the actual password, ie: @!0ha_1976.
There are numerous scripts and
utilities we can use to mutate word lists in different ways. I am
going to share a custom little program that I came across in some of
my research that mutates words into different variants of l33t speak.
Once you compile it, mutating a word list is as simple as piping
input into the program and redirecting output into a file.
Example:
# cat wordlist.lst | ./l33tmutate >
mutated.lst
You can clone the mutation script from
the following link
https://github.com/securityvoodoo/LeetMutation.git
No comments:
Post a Comment