A brute-force attack on passwords/usernames using a custom generated wordlist can be way more efficient than to use some standard wordfiles like for example the famous “rockyou.txt”. In the following I will share a technique to generate your own custom wordlist.

First of all, you should gather some information about your target and analyze it. You are looking for most used words, hobbies and anything that your target could use in his password. Write all these words down into a file whereas each word is separated by a new line. For example:

John
Smith
December
Sunny
Motorcycle
Coke
BMW

Then you can add a year into each option. The following will print each word itself and the word concatenated with the year “2020” back to the file (just add/replace 2020 in the following line with whatever you want to add e.g. a question mark “?"):

for i in $(cat wordlist.txt); do echo $i; echo $(i)2020; done > wordlist.txt

Now we want to use hashcat to generate some more options based on a configured rule. We will use “best64.rule”, but you can use anything you want (go on and experiment). Generally, these rules (in Kali) are located at /usr/share/hashcat/rules.

hashcat --force --stdout wordlist.txt -r /usr/share/hashcat/rules/best64.rule

So this line mutates all lines, reverses, rotates, plays with character cases, appends numbers etc.. Note, that you can use several rules in once just append another -r/path/to/rule.

Of course, testing the same password several times doesn’t make any sense, so go on and filter all duplicates:

cat wordlist | sort -u > wordlist.txt

In case we also know that the password is at least x characters long (e.g. 6), we don’t need to test any password that is less than 6 characters long, so we can also remove those:

cat wordlist | awk 'length($0) > 6' > wordlist.txt

And here you go! You just generated your custom wordlist which is probably (hopefully?) shorter than rockyou.txt :).

-EOF-