ATTACK OF THE PERMUTATION !
Today we're going to be looking at brute forcing. Why would we need to brute force? Well, let's pretend that we have examined a suspect's machine and found a *.rar file which a user has created but refused to give up the password. The file may contain indecent images and we need to get that rar file open and see what the suspect was hiding, or on the flipside, our client forgot the password and is being accused of IP theft, so we need to get this file cracked and prove his innocence.
Normally, you would use a program like JTR, Hydra etc and get hold of a wordlist, which could be 50gb+ and leave your computer to bruteforce the password. The thing is....having 50gb wordlists isn't always practical. It takes a long time and the password may not even be in there. Now, the latter is still an issue, no wordlist can promise to give you the password, but what you can do, is use RSMangler to help make your wordlist more unique and specific.
RSMangler was, I believe, written by Robin Wood (aka DigiNinja) for security company Random Storm. What RSMangler does, is create a wordlist based on words that you provide. So, in order to speed up the process, if you fire up Kali Linux and download my shell script here - I've automated some of the process for you.
Download my shell script above and fire up your terminal. Use: 'chmod a+x getRSM' without quotes and then type in: 'sh getRSM'. Your screen should look something like the one below:
then:
The script will download and unpack RSMangler for you. CD into the RSMangler folder and type in: 'nano si.txt' (call the text file whatever you wish). Type in around 4 words, each on a separate line that are related to the person in question.
hit ctrl+o and then enter to save your work, then ctrl+x to exit nano. So now, inside your rsmangler folder, you should have the txt file you have just created. Now for the fun part!
As rsmangler is written in Ruby, you'll need to type in the following: 'ruby rsmangler.rb --file si.txt > siDictionary.txt'
Essentially, what you're doing here is calling the ruby script to look at the --file si.txt, which we created earlier and redirect the output to siDictionary.txt. Give it a short while to generate all the combinations, and once done, you can open the file (if you have a slower PC, be wary of this, as it may crash or hang). See screenshot below:
So there you have it! Within just a few short, simple steps, you have created a wordlist which can be used for a permutation attack, which is essentially brute forcing with (potentially) more accurate passwords.
RSManger does support switches and unfortunately, they are all on by default. So this means you have to turn them off if you don't require them. So for example, you could use:
ruby rsmangler.rb --capital --ing --leet --upper -ed --perms --file si.txt > siDictionary.txt
Bear in mind your word list will dramatically vary in size depending on how many switches you do or don't use.
You can find RSMangler's source code here.
You can find the full list of switches at RandomStorm's website by clicking here.
Thanks for reading! I take no responsibility for how you use (or mis-use) this information! Please put your white-hat on :)
No comments:
Post a Comment