in Cyber Security

Make a wordlist for brute-force from artist lyrics

1.3k Views 26 Votes

Today we will talk about tool that also allows you to collect your own dictionary, but having a number of distinctive features, namely: 

  1. The script interactively and sequentially asks questions about the target of the attack and then creates a dictionary by replacing letters from the words given to it with symbols and numbers.
  2. The tool also allows you to exclude words from the dictionary, which, for example, has already been used for the attack, so that there are no repetitions and to save time.
  3. The “lyric pass” module allows you to include phrases and lyrics of artists in the dictionary. 

Let’s talk about everything in order. It’s about bopscrk, written in python and available at https://github.com/r3nt0n/bopscrk 

To install on Kali Linux, type in the terminal: 

git clone https://github.com/r3nt0n/bopscrk.git 

Then go to the directory with bopscrk and run the script: 

python3 bopscrk.py -i 

After that, we answer the questions of the system, for an academic example, we will take the same system administrator from Tomsk, Vladimir Yagodchkin, as the goal, set the following parameters offered to our attention: 

-Minimum length – 8. 

-Maximum length – 16. 

-Name – Vladimir. 

-Surname – Yagodichkin. 

-Date of birth – December 20, 1987. 

-Additional words associated with the target, separated by commas – honda, zenit, warcraft. 

-Set the parameters for replacing letters with numbers, as well as the substitution of special characters at the beginning and end of the password – we answer “y”. 

-How many words we go to combine – indicate 2. 

-The name of the artist whose lyrics we want to add – let’s skip, more on that below. 

-Exclude words from another dictionary – here we can indicate the path to the dictionary that has already been in battle – skip. 

-Select the file with the result, by default tmp.txt in the current directory – leave it as it is. 

The output is 260449 possible password values

Let’s view the contents of the file in the nano editor

We can use the specified file to attack 

Now we will consider the most interesting function, namely the use of phrases from the lyrics of artists’ songs, for this we will re-enter 

python3 bopscrk.py -i

We skip all the suggested values, except for the minimum and maximum length – put 20 characters each (for clarity) and stop at “Artist names to search song lyrics (comma-separated)”, in the specified line, enter, for example, 2pac (known killed benchmark). We see that the instrument has found 1244 songs of the specified artist and starts working with them.

As a result, we get the result, of course it is better to mix with special characters and numbers, but again, for clarity, we get a turnip dictionary), how wonderful

We remind you that this article was written for the purpose of familiarization with the tool, ensuring information security and training, it should not be used on systems for which you do not have permission to test or attack. 

HackingPentest

What do you think?

26 Points
Upvote Downvote
Red Hat Professional

Written by Admin

NewbieAvatar uploadFirst contentFirst commentPublishing content 3 times

Comments

Leave a Reply

Loading…

0

WinApps – Run Windows apps in Linux

Reverse Engineering — Hacking Tools