How to generate dictionary for a dictionary attack?

Question

I need to crack my own password. Advantage is that I know possible characters and maximum length.

What I need is to create a dictionary. The dictionary should contain all the combos of characters that I choose (for example I don't need word list which contain character T, because I didn't used T in my password).

How can I do that?

Answer 1

So you could use python to generate all possible combinations using itertools.permutation

import itertools
res = itertools.permutations('abc',3) # 3 is the length of your result.
for i in res: 
   print ''.join(i)

where 'abc' is a string of possible characters. Note that a and A are not the same!

This will output:

abc
acb
bac
bca
cab
cba

Edit (thanks to @buherator):

If you want repeated letters (e.g. aaa, etc), you need to use itertools.product instead. For instance,

import itertools
res = itertools.product('abc', repeat=3) # 3 is the length of your result.
for i in res: 
    print ''.join(i)

This will output:

aaa
aab
aac
aba
abb
abc
aca
acb
acc
baa
bab
bac
bba
bbb
bbc
bca
bcb
bcc
caa
cab
cac
cba
cbb
cbc
cca
ccb
ccc

Answer 2

Password cracking tools, such as John the Ripper or hashcat, can be used this way. They have various "mangling" rules that will take a dictionary (in your case a one word dictionary) and then apply a number of transformations on it. You can then specify the rules based on the kinds of things you may have done with your password.

Learning how to specify these sorts of rules isn't trivial, and unfortunately you aren't in a position to ask for detailed help without revealing too much about the password.

Here are some sample, annotated, john CONFIGs, which might be of some help:

https://sites.google.com/site/reusablesec/Home/john-the-ripper-files/john-the-ripper-sample-configs-1

And here is a list of john tutorials, but I haven't actually looked at any myself, so again, I can only point you in the general direction:

http://openwall.info/wiki/john/tutorials

Answer 3

You should use crunch or john the ripper. If you know the length and possible combinations of your password you can make a pretty good dictionary. For example you know your password was something like

p@$$w0rd123

or maybe

P@s$word1@3

etc.. you can do

crunch 8 11 pPa@s$wW0oOrd123 -o list.txt

This will make a list with a minimum length of 8 max 11 containing any of the given characters. Note this could be a huge list.

Answer 4

You need to use a wordlist to create dictionary attack. You can write your own wordlist generator or use an exisisting one.

Here are some existing wordlist generators:

• http://www.wordlistgenerator.net/Default.aspx

• http://sourceforge.net/projects/wlistgenerator

• http://sourceforge.net/projects/crunch-wordlist/

You can find more. After generating a wordlist, you need to try every combination of those words until you find a matching one with your password.

Answer 5

You will also need a tool to run through the dictionary.

For a website try:

• https://addons.mozilla.org/en-us/firefox/addon/fireforce/

or generally:

• http://securityxploded.com/password-recovery-tools.php

If it is a desktop application using the password for behaviour instead of data confidentiality, you may be able to simply delete setting files or hack its memory while running.

I am assuming you are not a script kiddie ;-)