Crafting tailored wordlists with Wordsmith

Presented at BSidesLV 2016, Aug. 3, 2016, 10 a.m. (50 minutes).

Standard wordlists such as Uniq and Rockyou are great when used with a variety of hashcat rules and big hash sets. But what about the hashes that you aren't able to crack? And what about smaller hash sets from smaller targets?

Queue Wordsmith, a tool that creates wordlists that are tailored to the target. Based on the target's U.S. State, Wordsmith creates geo-location based wordlists that contains the names of cities, landmarks, roads, sports teams, zip codes, area codes, popular names and more. Generated wordlists can be used by themselves or as a supplement to other wordlists for brute force attacks or hash cracking.


Presenters:

  • Sanjiv Kawa - Sr. Penetration Tester - PSC/NCC Group
    I enjoy searching for creative ways to break into restricted networks and applications. I also like to write tools that automate things to make life a little easier. Something I'm trying to get better at is binary analysis and exploit development. When my laptop battery dies you can find me at breweries, on the ski hill or playing soccer.
  • Tom Porter - Penetration Tester - Payment Software Company
    Tom (@porterhau5) is a penetration tester by trade, however his roots are on the blue team writing netflow analytics and providing network situational awareness. Tom holds a handful of certifications from SANS (GPEN, GCIH, GCIA), as well as degrees in Mathematics and CS. When there's not a baseball game nearby, he can be found scripting, participating in CTFs, dissecting packets, tinkering in his homelab, performing password analysis, or chasing high IBUs.

Links:

Similar Presentations: