Today we will talk about tool that also allows you to collect your own dictionary, but having a number of distinctive features, namely:
- The script interactively and sequentially asks questions about the target of the attack and then creates a dictionary by replacing letters from the words given to it with symbols and numbers.
- The tool also allows you to exclude words from the dictionary, which, for example, has already been used for the attack, so that there are no repetitions and to save time.
- The “lyric pass” module allows you to include phrases and lyrics of artists in the dictionary.
Let’s talk about everything in order. It’s about bopscrk, written in python and available at https://github.com/r3nt0n/bopscrk
To install on Kali Linux, type in the terminal:
git clone https://github.com/r3nt0n/bopscrk.git
Then go to the directory with bopscrk and run the script:
python3 bopscrk.py -i
After that, we answer the questions of the system, for an academic example, we will take the same system administrator from Tomsk, Vladimir Yagodchkin, as the goal, set the following parameters offered to our attention:
-Minimum length – 8.
-Maximum length – 16.
-Name – Vladimir.
-Surname – Yagodichkin.
-Date of birth – December 20, 1987.
-Additional words associated with the target, separated by commas – honda, zenit, warcraft.
-Set the parameters for replacing letters with numbers, as well as the substitution of special characters at the beginning and end of the password – we answer “y”.
-How many words we go to combine – indicate 2.
-The name of the artist whose lyrics we want to add – let’s skip, more on that below.
-Exclude words from another dictionary – here we can indicate the path to the dictionary that has already been in battle – skip.
-Select the file with the result, by default tmp.txt in the current directory – leave it as it is.
The output is 260449 possible password values
Let’s view the contents of the file in the nano editor
We can use the specified file to attack
Now we will consider the most interesting function, namely the use of phrases from the lyrics of artists’ songs, for this we will re-enter
python3 bopscrk.py -i
We skip all the suggested values, except for the minimum and maximum length – put 20 characters each (for clarity) and stop at “Artist names to search song lyrics (comma-separated)”, in the specified line, enter, for example, 2pac (known killed benchmark). We see that the instrument has found 1244 songs of the specified artist and starts working with them.
As a result, we get the result, of course it is better to mix with special characters and numbers, but again, for clarity, we get a turnip dictionary), how wonderful
We remind you that this article was written for the purpose of familiarization with the tool, ensuring information security and training, it should not be used on systems for which you do not have permission to test or attack.