Creating Hashcat Keymap Walking Password Wordlists

Hashcat’s latest keymap walking tool, “KwProcessor”, quickly and easily generates password lists based on keymap walking techniques. In this article, the first of several password cracking themed articles, we will take a quick look at how to use this tool.

Introduction

Keymap walking passwords are popular amongst many organizations as they are pretty easy to use and remember. Basically, you start with a specific key on the keyboard and then pick a direction (or multiple directions) and start hitting keys. Your password is entered as you “walk” across the keyboard.

You can create a complex password in this manner by using the shift key and including numbers in the pattern, as seen below:

 hashcat_wordlist

Starting with the letter “z”, we move North West, hitting the “a”,”q”, and “1” keys. We then move East a row, hitting the number “2”, and then move South East back down the keyboard hitting the “w” key and stopping on “s”.

This would create the password, “zaq12ws”. If we alternately used the shift key, we would get the password, “ZaQ1@wS” which is a little more complex.

What makes keymap walking so successful (until now) is that an attacker would need to know the starting key, direction, direction changes, if any special key is used and when, and of course the ending key.  Hashcat’s new KwProcessor tool makes creating keymap walking wordlists very easy to do.

Installing KwProcessor (kwp)

We will be using Kali Linux as the operating system. At the time of this writing kwp is not installed by default. So, we will need to download and install it.

From a Kali Terminal prompt:

As seen below:

hashcat_keymap_walking2

You can type, “./kwp -V” to check that it installed correctly and display the software version.

Keymaps and Routes

To crack keymap walking passwords you will need two things, a layout of the keyboard keys and a list of routes to take to create the wordlists. In the kwp program directory you will find the “keymaps” and “routes” folders:

hashcat_keymap_walking3

The Keymaps folder contains the keyboard layout for multiple languages:

hashcat_keymap_walking4

The routes folder has 7 preconfigured keymap walks or routes that can be used to generate passwords:

hashcat_keymap_walking5

We can use these preconfigured routes or create our own using command line switches.

Type, “./kwp –help” to see the available options:

hashcat_keymap_walking6

Creating a KWP Wordlist

To create a simple kwp wordlist, we will use the English keymap and the 2-10 max 3 directional change route file. This can be accomplished by running the command below:

./kwp basechars/full.base keymaps/en.keymap routes/2-to-10-max-3-direction-changes.route

This causes kwp to create multiple keymap walk combinations, of 2-11 characters with a maximum of 3 direction changes:

hashcat_keymap_walking7

The output of the command is sent directly to the screen, so to create the actual wordlist file, you would need to output the command to a text file.

./kwp basechars/full.base keymaps/en.keymap routes/2-to-10-max-3-direction-changes.route > basickwp.txt

You can then use the resultant text file as a wordlist in Hashcat.

To create a more complex wordlist, use one of the larger route files:

./kwp basechars/full.base keymaps/en.keymap routes/2-to-16-max-3-direction-changes.route > largekwp.txt

hashcat_keymap_walking8

Foreign Language Keywalks

If you need to crack foreign language keywalks, just use one of the foreign language keymap files.  So, to create a Russian keywalk wordlist:

./kwp basechars/full.base keymaps/ru.keymap routes/2-to-16-max-3-direction-changes.route > rukwp.txt

And the resultant file:

hashcat_keymap_walking9

If we have a password hashlist that contains any of the words that were generated, it will crack them. This is shown in the Hashcat result example below:

hashcat_keymap_walking10

Conclusion

In this article we covered how to use the new Hashcat kwp tool to quickly create keymap walking wordlists. We also saw how easy it is to change the keymap language, which can come in handy if you are cracking international passwords. For more information on KWP, check out the Hashcat Github page.

If you are interested in learning more about cracking password with Hashcat, more is on the way in upcoming articles. Also, check out my Basic Security Testing with Kali Linux book that covers a lot of basic password cracking topics, plus a whole lot more!

 

 

Advertisements

Kali Linux 2018 Released

Just a few months after the Kali 2017.3 release, Kali releases the new Kali 2018!

No immediately apparent cosmetic changes from the 2017 version, but some changes under the hood – A new Kernel (4.14.12) and several package updates:

  • Burpsuite
  • Dbeaver
  • Pixiewps
  • Reaver
  • Seclists
  • Secure-socket-funneling
  • Zaproxy

The new Kernel brings two important features:

  • AMD Secure Memory Encryption Support
  • Increased Memory Limits (for those who didn’t think 64 TB was enough)

Updating

Upgrade old version:

apt update && apt full-upgrade

But if it has been a long time, either download the new version or update the repository key (it expired) before updating:

wget -q -O – https://archive.kali.org/archive-key.asc | apt-key add

On a new Kali 2018 download, there are already quite a few updates available, so don’t forget to update. My virtual machine host anti-virus blocked one of the updates, I don’t recall ever having that happen before.

For more information and all download links check out the official release article:

https://www.kali.org/news/kali-linux-2018-1-release/

“Security Testing with Kali NetHunter” Book Overview

nethunter-front-coverMy latest book, “Security Testing with Kali NetHunter” is out! NetHunter brings the power of Kali Linux to supported Android devices.

In this blog post I will cover a quick overview of the book and why I wrote it. This book is the latest in my “Security Testing with Kali” series. If you like my Basic & Intermediate books, I think you will love this one!

I was working on writing a non-Kali based security book, when a good friend approached me and asked if I would create a 50-page quick guide to Kali NetHunter. Being a huge Kali Linux fan, I set my current writing project aside and immediately began on the NetHunter book.

I soon realized that even with trying to make this a quick coverage guide, 50 pages would not even begin to cover the capabilities of this exceptional platform. The ability to use it with wireless and USB based attacks, along with a complement of the normal Kali Linux tools, really makes NetHunter a robust and feature rich device. Add in the fact that it all runs on a small mobile platform and you really have a winner.

To spend the most book time on usage tutorials, with the thought of new devices and platforms at some point being added to the NetHunter supported list, I start the book from the point of a fully installed NetHunter device. Though, I do give an overview of the install process.

This book uses the exact same lab setup as the other books in my Kali series. So, if you already have the lab setup from these books, you just need to connect your NetHunter device to your wireless router.

The book assumes that you already have a level of comfortability with using Kali Linux and have experience connecting to your mobile device using Linux or Windows. From a difficulty level, I would say that this book would fit between my Basic & Intermediate Kali books.

NetHunter includes a couple Android based security tools and a graphical “NetHunter” menu. The book steps you through the Android based attack tools and then goes through each NetHunter menu item as they appear.

Several menu items have an entire chapter devoted to itself.  With the step-by-step tutorials, you can see how the tools work, many times using the tool against our test lab systems.

Along with the NetHunter menu, more experienced users will probably prefer to use many of the Kali tools directly from the terminal prompt. NetHunter uses a slightly reduced install of Kali Linux. You can however install other Kali Metapackages if you wish.

The book topics include:

  • Kali NetHunter Introduction and Overview
  • Shodan App (the “Hacker’s Google”)
  • Using cSploit & DriveDroid
  • Using NetHunter in Human Interface Device Attacks
  • Man-in-the-Middle Attacks
  • Wi-Fi Attacks
  • Metasploit Payload Generator
  • Using NetHunter with a WiFi Pineapple Nano

For the book tutorials, you will need a supported device with NetHunter installed, a host system to run VMWare images, and a supported USB WiFi adapter (I used a TP-Link TL-WN722N).  If you want to follow through the Pineapple Connector chapter you will also need a Hak5 Pineapple Nano.

If you enjoyed my previous books, I think you will really like this one.

Check it out on Amazon.com

 

 

 

 

 

Book Review: Basic Security Testing with Kali Linux 2

Basic Kali 2

A fully updated version of the very popular “Basic Security Testing with Kali Linux” is now available! Now totally re-written from the ground up to cover the new Kali Linux “2016-Rolling” with the latest pentesting tools and Ethical Hacking techniques.

I was honestly shocked how well received the first Basic Security Testing book was received by the security community. But all in all, it was my first book attempt and definitely had room for improvement. I was flooded with requests and advice from students, instructors and even military personnel on recommended changes and ways the book could be improved.

I took every comment to heart and with the help of an amazing editorial and reviewer team, that included a computer security professor and a CTF player, created Basic Security Testing 2!

What’s new:

  • Completely re-written to cover topics more logically
  • Better lab layout that is used consistently throughout the book
  • Written for the latest version of Kali (Kali 2.0 “Sana” & Kali “2016-Rolling”)
  • Includes an introduction chapter for the new Kali 2016-Rolling
  • All tools sections have been updated – old tools removed, new tools updated
  • Now uses PowerShell for most of the remote Windows Shells
  • XP removed, Windows 7 used as the main Windows target (though Windows 10 is mentioned a couple times  🙂  )
  • More tool explanations and techniques included
  • 70 pages longer than original book

What’s the same:

  • Learn by doing
  • Hands on, Step-by-Step tutorials
  • Plenty of pictures to make steps more understandable
  • Covers the same major topics as the original, but using the latest tools
  • The front cover, well, except for the “2”!

My goal was to provide a common sense Ethical Hacking how-to manual that would be useful to both new and veteran security professionals. And hopefully I have accomplished that task. Thank you to everyone for your continuous support and feedback, it is greatly appreciated!

So what are you waiting for, check it out!

Basic Security Testing with Kali Linux 2