If you need to do a brute force attack against a particular service, you’ll need a couple of things. A good wordlist containing possible passwords, and a list of user names to try. It’s easy to get a password list on the Internet, but user lists often have to be customized for the target. You’ll need to do some research to find email addresses and employee names. Once you do have a list of names however, you’ll need to guess what the format of the login ID is for that user. John Doe could be johndoe, or john.doe, or jdoe, and so on.
Since having a proper user name list is just as important as having a good password list for a brute force attack, I’ve created a short script that will create a list of possible login IDs based on a person’s first and last name.
First gather the names of people you’ve found who might have a login account for the service you’re targetting. Each name should be on a line of it’s own:
1
2
3
Cloud Strife
Brian O'Connor
Sonic The Hedgehog
Now here’s the script that will create the possible login IDs:
1234567891011121314151617181920212223242526
#!/usr/bin/env python
import sys
 
if __name__ == "__main__":
if len(sys.argv) != 2:
print "usage: %s names.txt" % (sys.argv[0])
sys.exit(0)
 
for line in open(sys.argv[1]):
name = ''.join([c for c in line if c == " " or c.isalpha()])
 
tokens = name.lower().split()
fname = tokens[0]
lname = tokens[-1]
 
print fname + lname # johndoe
print lname + fname # doejohn
print fname + "." + lname # john.doe
print lname + "." + fname # doe.john
print lname + fname[0] # doej
print fname[0] + lname # jdoe
print lname[0] + fname # djoe
print fname[0] + "." + lname # j.doe
print lname[0] + "." + fname # d.john
print fname # john
print lname # joe
view rawnamemash.pyhosted with ❤ by GitHub
Run the script by passing the file containing the first name and last name and you’ll get an output that looks like this:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
cloudstrife
strifecloud
cloud.strife
strife.cloud
cstrife
scloud
c.strife
s.cloud
brianoconnor
oconnorbrian
brian.oconnor
oconnor.brian
boconnor
obrian
b.oconnor
o.brian
sonichedgehog
hedgehogsonic
sonic.hedgehog
hedgehog.sonic
shedgehog
hsonic
s.hedgehog
h.sonic
Now you have a user name list that can be passed as input to cracking tools like hydra, medusa, ncrack, and Metasploit. Using a good user name list is just as important as having a good password list. If a user’s password is in your password list but your user name list doesn’t contain the proper format of the user name, then you’re not going anywhere fast. The script is easily customizable, so if you think up of any other possible formats, feel free to add it in.

1 comments Blogger 1 Facebook

  1. Are you desperately in need of a hacker in any area of your life??? then you can contact; ( www.hackintechnology.com services like; -hack into your cheating partner's phone(whatsapp,bbm.gmail,icloud,facebook, twitter,snap chat and others) -Sales of Blank ATM cards. -hack into email accounts and trace email location -all social media accounts, -school database to clear or change grades, -Retrieval of lost file/documents -DUIs -company records and systems, -Bank accounts,Paypal accounts -Credit cards hacker -Credit score hack -Monitor any phone and email address -Websites hacking, pentesting. -IP addresses and people tracking. -Hacking courses and classes CONTACT THEM= hackintechnologyatgmaildotcom or whatsapp +12132951376 their services are the best on the market and 100% security and discreet work is guarante

    ReplyDelete

 
LEARN HACKING TIPS AND TRICKS © 2013. All Rights Reserved.
Top