LinuxQuestions.org - Generate specific wordlist

- Programming (https://www.linuxquestions.org/questions/programming-9/)

- - Generate specific wordlist (https://www.linuxquestions.org/questions/programming-9/generate-specific-wordlist-4175456623/)

Generate specific wordlist

Hello ! I'm new on Linux and I'm running Kali Linux.

I have issue to generate my wordlist because the problems is I want to generate a password with a lenght of 10 characters hexademcimal (0123456789ABCDEF) but the password have to always have 4 letters and 6 numeral and it should never have 2 consecutive characters side by side.

I hope someone can help me or coding a good script that can be running on Kali Linux.

Thank You.

This can certainly be done in any num of langs eg bash.
Please have a go and show us what you've got if you get stuck.
We prefer to help people towards a soln, rather than just doing their work for them.

If you choose bash, here's some links:
http://rute.2038bug.com/index.html.gz
http://tldp.org/LDP/Bash-Beginners-G...tml/index.html
http://www.tldp.org/LDP/abs/html/

Yeah you are right, I already tried a perl script like wg.pl with the option

perl wg.pl -c 2 -l 10 -o 4 -r 2 -u 10 0123456789ABCDEF -w Dico.txt

It is a good script but I still got a lot of keys that can be ignored to save time and space like:

0101214EF7
0101214EF8
0101214EF9
0101214EFA
0101214EFB
.....

Because they didn't have 4 letters and 6 numerals.

It's been 2 days I search for a solution in many english or french forums (I'm french tahitian by the way) to reduce my wordlist size and this is the best approch but it can be more accurate. If I can add the option to specify a number of letters and numeral per key that would be what I want :) but I don't have the skill for that and this is where I need your help guys.

Here is the script:

PHP Code:




#!/usr/bin/perl 
 
=head1 NAME 
 
wg.pl 
 
 
=head1 AUTHOR 
 
Matteo Redaelli 
E-MAIL: matteo.redaelli@libero.it 
WEB: http://digilander.iol.it/reda 
 
 
=head1 DESCRIPTION 
 
This is a Word Generator: you can apply some useful options to filter the 
words 
 
=head1 USAGE 
 
type perl wg.pl -h 
 
 
=head1 HISTORY 
 
 
2000-01-06: the first lines of this script 
 
2000-01-11 added getopt 
 
2000-01-21: adjusted default parameters 
 
2002-03-05: new option -n 
 
2002-03-06: new option -s 
 
2002-03-07: reorganization of all source code, more documentation 
 
2011-08-15: Modificado en el foro lampiweb.com/foro para poder guardar el diccionario con un nombre elegido. Opción -w 
 
 
=head1 LICENSE 
 
This package is free software; you can redistribute it and/or 
modify it under the same terms as Perl itself, i.e., under the 
terms of the "Artistic License" or the "GNU General Public License". 
 
 
=head1 DISCLAIMER 
 
This package is distributed in the hope that it will be useful, 
but WITHOUT ANY WARRANTY; without even the implied warranty of 
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 
 
See the "GNU General Public License" for more details. 
 
 
=cut 
 
use Getopt::Std; 
use strict; 
#use integer; 
 
sub char2string 
{ 
# string generator: if I pass 'a' and 5, I'll get 'aaaaa' 
sprintf "%s", @_[0] x @_[1]; 
} 
 
sub occurs 
{ 
my $pat = @_[0]; 
my $astring = @_[1]; 
 
my $tot = $astring =~ s/$pat//g; 
 
# print "tot $tot\n"; 
# 
return $tot; 
} 
 
sub few_repeatitions 
{ 
my $astring = @_[0]; 
my $max = @_[1]; 
my $len = length( $astring ); 
my $tot = 0; 
 
my $mid = int( $len / 2); 
 
 
for ( my $step = 2; $step <= $mid; $step++) { 
for ( 0 .. $len - $step ) { 
my $letters = substr( $astring, $_, $step); 
# print "$letters\n"; 
$tot = occurs( $letters, $astring); 
return $tot if $tot > $max; 
} 
} 
return 0; 
} 
 
sub nple 
{ 
my $astring = @_[0]; 
my $len = length( $astring ); 
my $tot = 0; 
my $in = 0; 
my $last = ' '; 
 
 
 
for ( 0 .. $len - 1) { 
my $letter = substr( $astring, $_, 1); 
 
# print "$astring $letter $last\n"; 
if ( ($letter cmp $last) == 0) { 
# print "$letter = $last, $in, $tot"; 
if ($in == 0) { 
$in = 1; 
$tot++; 
} 
 
} else { 
$in = 0; 
} 
 
$last = $letter; 
} 
return $tot; 
 
} 
 
sub substring 
{ 
my $string1 = @_[0]; 
my $string2 = @_[1]; 
 
$_ = $string2; 
 
if ( /$string1/ ) { 
return 0; 
} 
else { 
return 1; 
} 
} 
 
 
 
my %opts; 
 
getopts('a:c:ehl:n:o:r:tu:v:w:z:', \%opts); 
 
 
usage(0) if $opts{'h'}; 
$opts{'u'} and $opts{'v'} or usage(1); 
 
my $nome = $opts{'w'}; 
# setup parameters 
open (Basededatos,">$nome"); 
my $va_list = $opts{'v'}; 
my @va_list = split( //, $va_list ); # convert string to an array 
 
my $min_depth = $opts{'l'} ? int($opts{'l'}) : 1; 
my $max_depth = $opts{'u'} ? int($opts{'u'}) : 1; 
 
usage(2) if $min_depth > $max_depth; 
 
my $prefix = $opts{'a'} ? $opts{'a'} : ''; 
my $postfix = $opts{'z'} ? $opts{'z'} : ''; 
my $max_occurs = $opts{'o'} ? int($opts{'o'}) : $opts{'u'}; 
my $max_cons = $opts{'c'} ? int($opts{'c'}) : $opts{'u'}; 
my $max_nple = $opts{'n'}; 
my $max_reps = $opts{'r'}; 
 
usage(3) if $min_depth < 1 || 
$max_depth < 1 || 
$max_occurs < 1 || 
$max_cons < 1 || 
$max_nple < 0 || 
$max_reps < 0; 
 
if ($opts{'t'}) { 
print "Options:\n "; 
foreach my $key (sort keys %opts) 
{ print "$key -> $opts{$key}\n "; } 
print "Global vars:\n"; 
print_vars(); 
} 
 
 
for ($min_depth..$max_depth) { 
wg( $_, ""); 
} 
 
sub print_vars 
{ 
print "min_depth = $min_depth\n"; 
print "max_depth = $max_depth\n"; 
print "max_occurs = $max_occurs\n"; 
print "max_cons = $max_cons\n"; 
print "max_nple = $max_nple\n"; 
print "max_reps = $max_reps\n"; 
} 
 
# 
# word generator 
# 
sub wg 
{ 
my $max_depth = @_[0]; 
my $myprefix = @_[1]; 
my $elem; 
if ($max_depth == 0 ) { 
print "$prefix$myprefix$postfix\n"; 
print Basededatos "$prefix$myprefix$postfix\n"; 
if ( $opts{e} == 1) { 
system "$prefix$myprefix$postfix\n"; 
} 
} 
else { 
# print " n = $opts{'n'} r = $opts{'r'} \n"; 
# 
 
 
# suggestion: the generation of the words is more variuos if 
# I change the order of the list of the letters (@va_list) 
 
foreach $elem (@va_list) { 
 
my $newstring = "$myprefix$elem"; 
 
return if ( $opts{'c'} && 
substring(char2string( $elem , $max_cons), $myprefix ) == 0); 
return if( $opts{'n'} && nple( $newstring ) > $max_nple); 
return if( $opts{'r'} && 
few_repeatitions( $newstring, $max_reps) != 0 ); 
return if ( $opts{'o'} && occurs( "$elem", $newstring) > $max_occurs ); 
 
wg( $max_depth -1, "$myprefix$elem"); 
} 
} 
} 
 
sub usage 
{ 
my $rc = @_[0]; 
 
die <<END_USAGE 
 
USAGE: perl $0 options 
 
options are: 
-a string: prefix 
-c number: max consecutive letters (how many consecutive 'a' do you want?) 
-e : submit the output string to the operating system 
-h : help 
-l number: min length of the word 
-o number: max number of occurrencies of a letter 
-n number: max number of n-ple (AA, BBB, CCC, DDDD) 
-r number: max number of repeatitions (ABCABABBCDBCD has 5 repeatitions: 3 reps of AB and 2 of BCD) 
-t : trace on 
-u number: max length of the word 
-v string: list of valid characters (es, "01" "abcdef") 
-w Filename 
-z string: postfix 
 
possible return code are: 
0, ok 
1, not all parameters 
2, min length (-l) is greater than max lenght (-u) 
3, at least one parameter is lower than 1 
Return code: $rc 
END_USAGE 
 
}

Quote:

Originally Posted by GOD_of_LORD (Post 4923977)

I want to generate a password with a lenght of 10 characters hexademcimal (0123456789ABCDEF) but the password have to always have 4 letters and 6 numeral and it should never have 2 consecutive characters side by side.

If you are looking for an algorithm then the following non-language-specific PDL should do the trick.

Code:

FOR i = 1 to 10

    REPEAT

        IF num_letters = 4 THEN

            password[i] = random(0-9 DIGIT)

        ELSE IF num_numbers = 6 THEN

            password[i] = random(A-F DIGIT)

        ELSE

            password[i] = random(0-F DIGIT)

        ENDIF

    UNTIL (i = 1) OR non_consecutive(password[i-1], password[i])

    IF password[i] IN {0 .. 9} THEN

        num_numbers = num_numbers + 1

    ELSE

        num_letters = num_letters + 1

    ENDIF

NEXT i

Ohh men thank very much for your code/script/algorithm or whatever but lol I don't know how and where to execute your code...how to generate as a file the wordlist.

Thank you in advance

Quote:

Originally Posted by GOD_of_LORD (Post 4924068)

Ohh men thank very much for your code/script/algorithm or whatever but lol I don't know how and where to execute your code...how to generate as a file the wordlist.

It's just psuedo-code which is an alternative to using a flow chart.

The implementation details (including how you output the data) depend on which language you are using. I notice that you have given a sample perl script so I presume you know how to implement control structures and functions in perl.

The idea is that you know have an algorithm which to write in any language you like (Perl if that is your choice).

So work out how you would reproduce each line in a Perl script and go from there :)

It looks like your code does a lot more (or tries to) than your original qn.
Given that you have tried some stuff, here's a simple version that does only the basics as requested in OP: 6 digits (0-9) + 4 from A-F; no repeats, using random selections.
Once the chars/nums have been generated, obviously you could randomly shuffle them.

Code:

#!/usr/bin/perl -w

use strict;



my ( $var1, $var2, %hash1 );



# pseudo random passwd gen: 6 digits+4chars in hex range ie

# 0-9A-F

while ( 1 )

{

    $var1 = int(rand(10));

    if( !exists $hash1{$var1} )

    {

        $hash1{$var1}=1;

    }

    if( scalar(keys %hash1) == 6)

    {

        last;

    }

}

for $var1 (keys %hash1)

{

    print "$var1\n";

}

%hash1 = ();

while ( 1 )

{

    $var1 = int(rand(6)) + 65;  # ASCII dec codes for A-F

    $var2 = chr($var1); # cvt to char A-F

    if( !exists $hash1{$var2} )

    {

        $hash1{$var2} = 1;

    }

    if( scalar(keys %hash1) == 4)

    {

        last;

    }

}

for $var1 (keys %hash1)

{

    print "$var1\n";

}

I thought this looked quite slick :)

Code:

#!/usr/bin/env ruby



n = (0..9).to_a

cn = n.combination(6).to_a

rnd_n = rand(cn.count)



a = ('A'..'F').to_a

ca = a.combination(4).to_a

rnd_a = rand(ca.count)



puts (cn[rnd_n] + ca[rnd_a]).join

This code ...

Code:

# Create a file of 10-character candidates.

# Toss those which have same characters adjacent.

# Toss those which have other than 4 alphabetics.

 tr -dc '123456789ABCDEF' < /dev/urandom  \

|head -c1000                              \

|sed -r 's/(.{10})/\1\n/g'                \

|grep -vE  "(.)\1"                        \

|awk '{t=$0; if (4==gsub(/[A-F]/,"")) print t}' >$OutFile

echo; echo "OutFile ..."; cat $OutFile

... generates a file of passwords, as shown ...

Code:

OutFile ...

5A2C74CD74

518ACBF631

97921DAD2F

8235DF9B7F

9C9697FE9F

C47A8C823C

5A4BA1825F

3C6EA6A835

C374A219DF

E7A1E8C697

ED1F71279A

582BA35AF8

F27B851AB4

F37FE9149D

A59BA45B48

E8A47B58C9

E9174A1BE5

If a larger file of passwords is desired, change the 1000 in head -c1000 to a larger multiple of 10.

Daniel B. Martin

Quote:

Originally Posted by grail (Post 4925088)

I thought this looked quite slick :)

I tested your ruby with these results ...

Code:

daniel@daniel-desktop:~$ ruby /home/daniel/Desktop/LQfiles/dbm728.ruby

235679ADEF

daniel@daniel-desktop:~$ ruby /home/daniel/Desktop/LQfiles/dbm728.ruby

012367BCDF

daniel@daniel-desktop:~$ ruby /home/daniel/Desktop/LQfiles/dbm728.ruby

134578CDEF

daniel@daniel-desktop:~$ ruby /home/daniel/Desktop/LQfiles/dbm728.ruby

023468ACEF

daniel@daniel-desktop:~$ ruby /home/daniel/Desktop/LQfiles/dbm728.ruby

125789ABEF

daniel@daniel-desktop:~$ ruby /home/daniel/Desktop/LQfiles/dbm728.ruby

345679ACDF

daniel@daniel-desktop:~$ ruby /home/daniel/Desktop/LQfiles/dbm728.ruby

123459BCDF

daniel@daniel-desktop:~$ ruby /home/daniel/Desktop/LQfiles/dbm728.ruby

015678ACDE

daniel@daniel-desktop:~$ ruby /home/daniel/Desktop/LQfiles/dbm728.ruby

026789CDEF

daniel@daniel-desktop:~$ ruby /home/daniel/Desktop/LQfiles/dbm728.ruby

023467ABDF

The generated passwords meet the OP's spec but they all have ...
- the requisite 6 numerics at the beginning of the password, and always in sorted order.
- the requisite 4 letters at the end of the password, and always in sorted order.

IMHO this lacks the randomness which is expected in secure passwords. If a hacker knew of these characteristics it would help him "crack" the password because there are fewer possibilities to try.

Daniel B. Martin

hmmm ... I was wondering if anyone would comment on that point :$

Interestingly, only takes the addition of a single command in the last line to help out :)

Code:

#!/usr/bin/env ruby



n = (0..9).to_a

cn = n.combination(6).to_a

rnd_n = rand(cn.count)



a = ('A'..'F').to_a

ca = a.combination(4).to_a

rnd_a = rand(ca.count)



puts (cn[rnd_n] + ca[rnd_a]).shuffle.join

Not at home at the mo so this untested, but I believe it should work ;)

Quote:

Originally Posted by grail (Post 4925492)

Not at home at the mo so this untested, but I believe it should work ;)

Tested. Works. Good!

Daniel B. Martin

Quote:

Originally Posted by grail (Post 4925492)

Code:

puts (cn[rnd_n] + ca[rnd_a]).shuffle.join

Not at home at the mo so this untested, but I believe it should work ;)

Not sure it meets the criterion of 'non-consecutiveness'.

Quote:

Originally Posted by psionl0 (Post 4925703)

Not sure it meets the criterion of 'non-consecutiveness'.

I tested the improved ruby solution 20 times and found no instances of any character appearing twice in succession. Furthermore, none of the passwords used any character more than once. This might be considered a minor weakness. The solution in post #10 does produce passwords with re-used characters.
Examples:
5A2C74CD74 has two Cs, two 7s, and two 4s
518ACBF631 has two 1s
97921DAD2F has two 9s, two 2s, and two Ds
9C9697FE9F has four 9s and two Fs

An ideal password is truly random. There is no characteristic which could guide a hacker in an attempt at cracking.

Daniel B. Martin