A brute-force attack on passwords/usernames using a custom generated wordlist can be way more efficient than to use some standard wordfiles like for example the famous “rockyou.txt”. In the following I will share a technique to generate your own custom wordlist.
First of all, you should gather some information about your target and analyze it. You are looking for most used words, hobbies and anything that your target could use in his password. Write all these words down into a file whereas each word is separated by a new line. For example:
John
Smith
December
Sunny
Motorcycle
Coke
BMW
Then you can add a year into each option. The following will print each word itself and the word concatenated with the year “2020” back to the file (just add/replace 2020 in the following line with whatever you want to add e.g. a question mark “?"):
for i in $(cat wordlist.txt); do echo $i; echo $(i)2020; done > wordlist.txt
Now we want to use hashcat to generate some more options based on a
configured rule. We will use “best64.rule”, but you can use anything you want
(go on and experiment). Generally, these rules (in Kali) are located at
/usr/share/hashcat/rules.
hashcat --force --stdout wordlist.txt -r /usr/share/hashcat/rules/best64.rule
So this line mutates all lines, reverses, rotates, plays with character cases, appends
numbers etc..
Note, that you can use several rules in once just append another
-r/path/to/rule.
Of course, testing the same password several times doesn’t make any sense, so go on and filter all duplicates:
cat wordlist | sort -u > wordlist.txt
In case we also know that the password is at least x characters long (e.g. 6), we don’t need to test any password that is less than 6 characters long, so we can also remove those:
cat wordlist | awk 'length($0) > 6' > wordlist.txt
And here you go! You just generated your custom wordlist which is probably (hopefully?) shorter than rockyou.txt :).
-EOF-