Saturday, February 09, 2008

Wordlist Manipulation

Today I wanted to append and/or prefix a brute force wordlist with some numbers, to generate some likely passwords. I couldn't find a good program to do this, so I tried my hand at some shell scripting. I got too ambitious and tried to add functions to remove duplicates (using the 'uniq' Unix command), sort the list (using the 'sort' Unix command) and do replacement (using the 'sed' Unix command). But all of these proved too time consuming to do right. I didn't want to force the list to be sorted alphabetically in case it was already sorted in a different way (likelihood of use, for example), so the 'uniq' command was useless. And the 'sort' command is so easy you might as well just use it alone. I didn't feel like putting the time into developing the "replace" function since I don't use it all that often (except for capitalizing the first letter, but Brutus has a tool to do that). So here's my script. Don't laugh, it's the first coding I've done since Dr. Scheme, about 5 years ago.

#!/bin/sh

## listperm.sh - Takes a wordlist and performs permutations on it
## Copyright (C) 2008 Beau Woods (beauwoods.com)
##
## This program is free software: you can redistribute it and/or modify
## it under the terms of the GNU General Public License as published by
## the Free Software Foundation, either version 3 of the License, or
## (at your option) any later version.
##
## This program is distributed in the hope that it will be useful,
## but WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
## GNU General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with this program. If not, see http://www.gnu.org/licenses/.

## This script will take a wordlist and either prefix (-p) or append (-P)
## each line with each line of the file it is to be combined with. For
## modularity, it will generate new lists rather than overwriting the
## old ones.

## Command line options:
## -in [filename] - This is the wordlist you want to permutate.
## -out [filename] - This is the list of characters to add.
## -p [filename] - This will prefix the wordlist with another list.
## -P [filename] - This will append the wordlist with another list.

vflag=on
ops=0
while [ $# -gt 0 ]
do
case "$1" in
-in) infile=$2; shift;;
-out) outfile=$2; shift;;
-p) prefile=$2; shift;;
-P) postfile=$2; shift;;
*) echo "Error: Unexpected Argument: "$1; error=1; break;;
esac
shift
done

## This if block will check to see if the input file is given and will
## throw an error if not.
if [ -z $infile ]; then
echo "Error: No input file specified."
error=1;
fi

## This if block will check to see if the output file is given and will
## throw an error if not.
if [ -z $outfile ]; then
echo "Error: No output file specified."
error=1;
else
## This checks to see if the output file exists and if it does, throws
## an error and exits the program. I don't want to clobber the file.
if [ -f $outfile ]; then
echo "Error: The output file already exists. Please delete it"
echo " and rerun the script."
error=1;
fi
## OK, now that we know the file doesn't exist, let's create it!
touch $outfile
fi

## This if block checks to see if more than one permeutation operation
## is called and if so, throws an error message.
if [ $ops -gt 1 ]; then
echo "Error: Only one permeutation option may be run at once."
error=1;
fi

if [ $error ]; then
echo >&2
echo "Options: -in [filename] -out [filename] -p [filename] -P [filename]"
echo ""
echo " This script will take a wordlist and either prefix (-p) or append (-P)"
echo " each line with each line of the file it is to be combined with. For"
echo " modularity, it will generate new lists rather than overwriting the"
echo " old ones."
echo ""
echo " Command line options:"
echo " -in [filename] - This is the wordlist you want to permutate."
echo " -out [filename] - This is the output file."
echo " -p [filename] - This will prefix the wordlist with another list."
echo " -P [filename] - This will append the wordlist with another list."
echo ""
exit 1;
fi

## This will determine if we are doing a prefix or append operation and will
## set the input file correctly. We could do this at the beginning, but if
## the arguments are out of order then something might get clobbered.
if [ $prefile ]; then
postfile=$infile;
else
if [ $postfile ]; then
prefile=$infile;
fi
fi

#####
## OK, time to start doing work!
#####

## This checks to see if the operation is a concatenation and combines the files.
for word in $(cat $prefile); do
for i in $(cat $postfile); do
echo "$word""$i" >> $outfile
done
done

2 comments:

hashhack said...

Im loving this article, im constantly generating wordlists for my online md5 cracker -its amazing how stupid people can be when it comes to password choice, especially system administators because they have no excuse.

Great article - keep up the good work

Beau Woods said...

Great to hear you like it! I checked out your online hash cracking site and it looks promising. Hopefully you'll keep improving it!