Wordlist Generation

Generate with cewl to scrape words from a site or page, also has specific parameters to keep special characters and numbers.

Pay close attention to a specific pattern identified through previous challenges. What the the local sports teams? Known high schools or other popular items in the local area?

Add mangling rules to put special characters at the front and end of the word.

.\hashcat.exe -a 0 -m 500 -O -w 4 -r .\rules\dive.rule c5.hashes

Tips and Tricks for Custom Wordlists

Create all as lowercase, then can move to toggle capitalization with rules

• Identify at least three separate wordlists with theme

• Modify results

  • Create all lowercase

  • Remove all spaces

  • Remove special-encoded characters

  • Create pluralization of all words

  • Run through toggle ruleset

Run the following in lines

• Worlists:

  • Rockyou

  • Rockyou + ruleset (small ruleset)

    • Best64

    • Toggle

  • Weakpass

• Masking attacks

  • wordlist + ?a?a (incremental)

  • ?a?a + wordlist (incremental)

  • ?a + wordlist + ?a

  • wordlist + ?d?d?d

  • ?d?d?d + wordlist

Create hashcat wordlist

We can create wordlists using the hashcat rules to accelerate some analysis or use to push on some additional attack methods

 .\hashcat.exe  D:\ctfs\fruits.txt -r .\rules\d3ad0ne.rule --stdout > deadlist.txt