Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
THE WORLD IS Y0UR$:
GEOLOCATION-BASED WORDLIST
GENERATION WITH WORDSMITH
SANJI V KAWA | TO M PO RTER
@ h a c k e r j i v |...
❯ whoami
2
Sanjiv Kawa
@hackerjiv
S R . P E N E T R A T I O N T E S T E R
P S C / N C C G R O U P
• Roots in dev and IT
• ...
❯ su porterhau5
3
Tom Porter
@porterhau5
S R . S E C U R I T Y C O N S U L T A N T
F U S I O N X R E D T E A M
• Flow data...
What is Wordsmith?
4
Custom wordlist generation
Crack hashes / password
attacks
Tailored for your target
Geo-location data...
Wordsmith v1
5
Wordsmith v1: Geo-location Data Collected
6
Major league sports teams
Colleges and universities
Common names
Area codesZip...
Wordsmith v1: Additional Features
7
CeWL Integration
Basic mangling
(whitespace, specials, split
on space)
Specify minimum...
Wordsmith v1: Things we learned
8
Feedback from the community was incredible. Thank you!
Top three requests:
1. More count...
Wordsmith v2
9
New CLI design
Multi-language
(13 so far! – UTF-8)
Introduced religions
Generate usernames
Modular framewor...
Data Sources
Coverage: World
Data types: Population, Religion,
Languages, etc
10
www.cia.gov/library/publications/the-worl...
Data Sources
11
Coverage: US
Data Types: Sports teams, colleges
Coverage: World
Data Types: Landmarks and archeological
si...
Data Sources
12
Coverage: World
Data Types: Roads, Cities, Counties
Coverage: US
Data Types: Popular first names. Last
nam...
How to get Wordsmith
13
❯ git clone https://github.com/skahwah/wordsmith.git
❯ cd wordsmith
❯ bundle install # (optional f...
Files
14
❯ ls -l
-rw-r--r-- 1 user staff 3159 Oct 1 22:57 CHANGELOG.md
drwxr-xr-x 2 user staff 4096 Oct 1 22:57 data
-rw-r...
Boundaries & Attributes
15
Boundaries (-I <input>)
• Areas of the world to get
words for
• 249 countries and
territories
•...
Structure
16
❯ ls data/
abw afg ago aia ala alb and are arg arm ... wlf wsm yem zaf zmb zwe
ISO ALPHA-3 Country Codes
❯ ls...
Boundaries and Input
17
❯ ruby wordsmith.rb –I usa [options]
❯ ruby wordsmith.rb –I usa-nc [options]
❯ ruby wordsmith.rb –...
Regions
18
❯ ruby wordsmith.rb –I europe [options]
❯ grep europe data/regions.csv
europe,"Continent of Europe",ala alb and...
Attributes
19
❯ ruby wordsmith.rb –I europe [options]
❯ ruby wordsmith.rb –h
Main Arguments:
-I, --input <input> Comma-del...
Attribute Examples
20
❯ ruby wordsmith.rb –I usa-sd -z
57001
57002
57003
57004
...
Grab all zip codes for South Dakota
❯ r...
Child Nodes
21
❯ ruby wordsmith.rb –I gbr –C
Format:
boundary-name : attribute1 attribute2 attribute3 etc.
gbr : cities co...
Country Metadata
22
❯ ls -l data/jpn/
-rw-r--r-- 1 user staff 32002 Aug 30 19:16 cia.txt
-rw-r--r-- 1 user staff 13184 Sep...
Religions
23
❯ wc -l data/religion/*
28168 douay-rheims-parsed.txt
97682 king-james-bible-book-verse.txt
20190 king-james-...
Languages
24
❯ head –n 5 language-frequency.txt
83:English
38:French
29:Spanish
26:Arabic
11:Russian
❯ wc -l data/language...
Modular Design
25
❯ ls data/usa/mn/
areacodes.txt colleges.txt fnames.txt landmarks.txt sports.txt
cities.txt counties.txt...
Output Options
26
❯ ruby wordsmith.rb –h
<Input options snipped>
Output Options:
-o, --output FILE The filename for writin...
Tweaking Output
27
❯ ruby wordsmith.rb –I usa-dc –r
Pennsylvania Ave.
Name of a road generated for D.C.
Mangle (-m): split...
Tweaking Output
28
❯ ruby wordsmith.rb –I usa-dc –r –m –D
Pennsylvania Ave.
Pennsylvania Ave
PennsylvaniaAve.
Windows Defa...
Prepending & Appending
29
• Prepend or Append:
• Zip codes (-X,-Z)
• Area codes (-P,-A)
• User-supplied wordlist (-W,-Y)
h...
Prepending & Appending
30
❯ cat years.txt
17
17!
2017
2017!
years.txt: file I created with words I want to append
❯ ruby w...
Names
31
❯ cat data/usa/fnames.txt
James
John
Robert
Michael
Mary
...
❯ cat data/usa/lnames.txt
Smith
Johnson
Williams
Bro...
Username Generation
32
❯ ruby wordsmith.rb –h
<other options snipped>
Username Generation Options:
--filn FirstInitialLast...
Username Generation
33
❯ ruby wordsmith.rb –I usa --fnln
JamesSmith
JamesJohnson
JamesWilliams
JamesBrown
JamesJones
James...
Username Generation
34
❯ ruby wordsmith.rb –I usa –filn –-truncate 8
...
aDavis
aRodrigu
aMartine
aHernand
aGonzale
aWilso...
Ireland – Interesting Password Recoveries
36
• Cork1234
• Carlow123
• Dublin1234
• Seapoint1916
• Artane2016
• Templeroan2...
Multinational Organization Results
37
• Organization has offices in USA, Australia and Canada
• Unable to disclose total n...
Multinational – Interesting Password Recoveries
38
Australia:
• Bayswater2017
• Primavera001
• Padstow123!
• Queenslander2...
KrbGuess using USA Usernames
39
❯ ruby wordsmith.rb -I usa --filn --name-depth 10000 -q -o filn-usa-
260k.txt
usernames in...
• Collecting and collating this data required the
development of some parsers
Parsers
40
❯ git clone https://github.com/sk...
Future Work
41
• Data!
– Diving deeper into OpenStreetMap
– Popular song lyrics (h/t @pfizzell)
– Got ideas? We’d love to ...
Thank you!
42
Sanjiv Kawa
@hackerjiv
S R . P E N E T R A T I O N T E S T E R
P S C / N C C G R O U P
Tom Porter
@porterhau...
The world is y0ur$: Geolocation-based wordlist generation with wordsmith
Upcoming SlideShare
Loading in …5
×

The world is y0ur$: Geolocation-based wordlist generation with wordsmith

331 views

Published on

Wild West Hackin' Fest 2017 Presentation - Sanjiv Kawa and Tom Porter

Published in: Software
  • Be the first to comment

  • Be the first to like this

The world is y0ur$: Geolocation-based wordlist generation with wordsmith

  1. 1. THE WORLD IS Y0UR$: GEOLOCATION-BASED WORDLIST GENERATION WITH WORDSMITH SANJI V KAWA | TO M PO RTER @ h a c k e r j i v | @ p o r t e r h a u 5
  2. 2. ❯ whoami 2 Sanjiv Kawa @hackerjiv S R . P E N E T R A T I O N T E S T E R P S C / N C C G R O U P • Roots in dev and IT • Penetration testing • Binary analysis and exploit dev • Canadian
  3. 3. ❯ su porterhau5 3 Tom Porter @porterhau5 S R . S E C U R I T Y C O N S U L T A N T F U S I O N X R E D T E A M • Flow data analytics • Penetration testing • Red teaming • BloodHound extensions
  4. 4. What is Wordsmith? 4 Custom wordlist generation Crack hashes / password attacks Tailored for your target Geo-location data Modular and extensible Username generation
  5. 5. Wordsmith v1 5
  6. 6. Wordsmith v1: Geo-location Data Collected 6 Major league sports teams Colleges and universities Common names Area codesZip codes Streets and roads Landmarks Cities, towns, etc
  7. 7. Wordsmith v1: Additional Features 7 CeWL Integration Basic mangling (whitespace, specials, split on space) Specify minimum character length To lowercase[a-z]
  8. 8. Wordsmith v1: Things we learned 8 Feedback from the community was incredible. Thank you! Top three requests: 1. More countries need to be available (v1 was US only) 2. Needs to be a way to introduce more/your own data 3. Limited to the English language
  9. 9. Wordsmith v2 9 New CLI design Multi-language (13 so far! – UTF-8) Introduced religions Generate usernames Modular framework allows for user contribution and extensibility Geo-location data sets for over 230 countries!
  10. 10. Data Sources Coverage: World Data types: Population, Religion, Languages, etc 10 www.cia.gov/library/publications/the-world- factbook/geos/print_[aa-zz].html Coverage: 13 languages (hunspell)
  11. 11. Data Sources 11 Coverage: US Data Types: Sports teams, colleges Coverage: World Data Types: Landmarks and archeological sites Coverage: World Data Types: Religious texts
  12. 12. Data Sources 12 Coverage: World Data Types: Roads, Cities, Counties Coverage: US Data Types: Popular first names. Last names Coverage: US Data Types: Area Codes, Zip Codes
  13. 13. How to get Wordsmith 13 ❯ git clone https://github.com/skahwah/wordsmith.git ❯ cd wordsmith ❯ bundle install # (optional for CeWL integration) ❯ ruby wordsmith.rb wordsmith v2.0.7 Written by: Sanjiv "Trashcan Head" Kawa & Tom "Pain Train" Porter Twitter: @hackerjiv & @porterhau5 [*] Hello new wordsmither! [*] This script will remove the data/ directory in the current working directory. Enter 'y' to continue: y [*] Just need to unpack some files (Running: tar -xf data.tar.xz) [*] Unpack completed! [*] CeWL found: /usr/bin/cewl
  14. 14. Files 14 ❯ ls -l -rw-r--r-- 1 user staff 3159 Oct 1 22:57 CHANGELOG.md drwxr-xr-x 2 user staff 4096 Oct 1 22:57 data -rw-r--r-- 1 user staff 50602888 Oct 1 22:57 data.tar.xz -rw-r--r-- 1 user staff 116 Oct 1 22:57 Gemfile -rw-r--r-- 1 user staff 1393 Oct 1 22:57 LICENSE -rw-r--r-- 1 user staff 7514 Oct 1 22:57 README.md -rwxr-xr-x 1 user staff 31081 Oct 1 22:57 wordsmith.rb • View README first, or check out –E option (examples) • wordsmith.rb: primary ruby script • data.tar.xz (~50 MB): compressed archive of data • data/ (~250 MB): data arranged in hierarchy
  15. 15. Boundaries & Attributes 15 Boundaries (-I <input>) • Areas of the world to get words for • 249 countries and territories • States/Provinces • Cities • Custom regions Attributes (ex: -r -l) • Types of words to grab: • Cities • Colleges • Landmarks • Languages • Names • Roads • Religions • and more… ❯ ruby wordsmith.rb –I usa –r –l
  16. 16. Structure 16 ❯ ls data/ abw afg ago aia ala alb and are arg arm ... wlf wsm yem zaf zmb zwe ISO ALPHA-3 Country Codes ❯ ls data/usa ak al ar az ca cia.txt co ct dc ... tx usa.yaml ut va vt wa wi wv wy States, Provinces, Counties, Municipalities ❯ ls data/usa/nc areacodes.txt charlotte cities.txt colleges.txt counties.txt ... Cities, Counties ❯ ls data/usa/nc/charlotte sports.txt Attributes (sports, colleges, roads, etc.) are .txt files
  17. 17. Boundaries and Input 17 ❯ ruby wordsmith.rb –I usa [options] ❯ ruby wordsmith.rb –I usa-nc [options] ❯ ruby wordsmith.rb –I usa-nc-charlotte [options] ❯ ruby wordsmith.rb –I usa,can [options] ❯ ruby wordsmith.rb –I usa-sd,usa-nd,usa-co [options] -I for specifying input boundaries Can supply one or many boundaries ❯ ruby wordsmith.rb –I 10 [options] Providing a number (ex: 10) will select N most populous countries
  18. 18. Regions 18 ❯ ruby wordsmith.rb –I europe [options] ❯ grep europe data/regions.csv europe,"Continent of Europe",ala alb and arm aut aze bel bgr bih blr che cyp cze deu dnk esp est fin fra fro gbr geo ggy gib grc hrv hun imn irl isl ita jey kaz lie ltu lux lva mco mda mkd mlt mne nld nor pol prt rou rus sjm smr srb svk svn swe tur ukr vat regions.csv contains custom grouping of boundaries Can see regions with -R option: ❯ ruby wordsmith.rb –R Alias: newengland Description: US - New England Members: usa-ct usa-me usa-ma usa-nh usa-ri usa-vt Alias: plains Description: US - Plains Members: usa-ia usa-ks usa-mn usa-mo usa-ne usa-nd usa-sd Alias: greatlakes Description: US - Great Lakes Members: usa-il usa-in usa-mi usa-oh usa-wi
  19. 19. Attributes 19 ❯ ruby wordsmith.rb –I europe [options] ❯ ruby wordsmith.rb –h Main Arguments: -I, --input <input> Comma-delimited list of inputs Input Options: -a, --all Grab all options -b, --other Grab other miscellaneous attributes -e, --cia Grab demographics compiled by the CIA -c, --cities Grab all city names -f, --colleges Grab all college sports -l, --landmarks Grab all landmarks -v, --language Grab the most popular language(s) -N, --all-names Grab all first names and last names -G, --first-names Grab all first names -L, --last-names Grab all last names -F, --female-fnames Grab all female first names -M, --male-fnames Grab all male first names -p, --phone Grab all area codes -r, --roads Grab all road names -g, --religion Grab the most popular relgious text(s) -t, --teams Grab all major sports teams -u, --counties Grab all counties -z, --zip Grab all zip codes
  20. 20. Attribute Examples 20 ❯ ruby wordsmith.rb –I usa-sd -z 57001 57002 57003 57004 ... Grab all zip codes for South Dakota ❯ ruby wordsmith.rb –I gbr-eng –r –c -l Ab Kettleby Abberley Abberton Abbess Roding ... Grab all roads, cities, and landmarks for England, GBR ❯ ruby wordsmith.rb –I asia -a Abas Abatan Abbeg Abejao ... Grab all attributes for Asia
  21. 21. Child Nodes 21 ❯ ruby wordsmith.rb –I gbr –C Format: boundary-name : attribute1 attribute2 attribute3 etc. gbr : cities counties landmarks roads cia |-- gbr-sco : cities counties roads |-- gbr-wal : cities counties roads |-- gbr-eng : cities counties roads | |-- gbr-eng-su : cities counties roads | |-- gbr-eng-ch : cities counties roads | |-- gbr-eng-ex : cities roads | |-- gbr-eng-nt : cities counties roads | |-- gbr-eng-sk : cities roads | |-- gbr-eng-ca : cities counties roads | |-- gbr-eng-bu : cities counties roads | |-- gbr-eng-sx | | |-- gbr-eng-sx-east_sussex : cities counties roads | | |-- gbr-eng-sx-west_sussex : cities counties roads ... See the child nodes (-C) and their attributes of a given boundary
  22. 22. Country Metadata 22 ❯ ls -l data/jpn/ -rw-r--r-- 1 user staff 32002 Aug 30 19:16 cia.txt -rw-r--r-- 1 user staff 13184 Sep 9 2016 cities.txt -rw-r--r-- 1 user staff 5608 Sep 9 2016 counties.txt -rw-r--r-- 1 user staff 107 Aug 30 19:36 jpn.yaml -rw-r--r-- 1 user staff 113672 Oct 1 21:10 landmarks.txt -rw-r--r-- 1 user staff 871994 Sep 9 2016 roads.txt ❯ cat data/jpn/jpn.yaml config: population: 126,702,133 language_1: Japanese religion_1: Shintoism religion_2: Buddhism The World Factbook: Population Official languages Most popular religions Most populous countries (ex: -I 25) Official languages (-v, --language) Most popular religions (-g, --religion)
  23. 23. Religions 23 ❯ wc -l data/religion/* 28168 douay-rheims-parsed.txt 97682 king-james-bible-book-verse.txt 20190 king-james-bible-parsed.txt 42876 niv-bible-parsed-spanish.txt 34202 niv-bible-parsed.txt 7872 quran-parsed-eng.txt ❯ cat king-james-bible-book-verse.txt The First Book of Moses: Called Genesis Genesis1:1 1:1Genesis John3:16 3:16John ... ❯ cat king-james-bible-parsed.txt ... Jesuite Jesus Jether Jetheth Jethro ... (-g, --religion) Identified the most common religions • KJV Bible • NIV Bible • Douay Rheims • Quran ~ 200 countries are covered
  24. 24. Languages 24 ❯ head –n 5 language-frequency.txt 83:English 38:French 29:Spanish 26:Arabic 11:Russian ❯ wc -l data/languages/*.txt 457097 arabic.txt 47866 bahasa.txt 110750 bengali.txt 115485 cedict.txt 466544 english.txt 72038 french.txt 585844 german.txt 338534 hebrew.txt 15990 hindi.txt 95152 italian.txt 47866 malay.txt 340235 portuguese.txt 379324 russian.txt 798915 spanish.txt 371169 turkish.txt (-v, --language) Identified the most common languages ~ 195 countries are covered
  25. 25. Modular Design 25 ❯ ls data/usa/mn/ areacodes.txt colleges.txt fnames.txt landmarks.txt sports.txt cities.txt counties.txt lakes.txt roads.txt zipcodes.txt ❯ cat data/usa/mn/lakes.txt Aaron Abbey Acorn Adelman's Pond ... ❯ ruby wordsmith.rb –I usa-mn –b Aaron Abbey Acorn Adelman's Pond ... Modular design: - Easily extensible - Introduce your own .txt files (grab with –b option) - Contribute and help build the project
  26. 26. Output Options 26 ❯ ruby wordsmith.rb –h <Input options snipped> Output Options: -o, --output FILE The filename for writing output -q, --quiet Don't show words, use with -o option -k, --min-length LEN Minimum length of word to include -n, --max-length LEN Maximum length of word to include -D, --complexity Words meet Windows default complexity -j, --lowercase Convert all words to lowercase -w, --specials Add words with special chars removed -x, --spaces Add words with spaces removed -y, --split Split words by space and add -m, --mangle Add all permutations (-w, -x, -y) -P, --prepend-phones Prepend state area codes to each word -A, --append-phones Append state area codes to each word -X, --prepend-zips Prepend zip codes to each word -Z, --append-zips Append zip codes to each word -W, --prepend-wordlist FILE Prepend words in FILE to each word -Y, --append-wordlist FILE Append words in FILE to each word
  27. 27. Tweaking Output 27 ❯ ruby wordsmith.rb –I usa-dc –r Pennsylvania Ave. Name of a road generated for D.C. Mangle (-m): split words, remove specials, remove spaces ❯ ruby wordsmith.rb –I usa-dc –r -m Pennsylvania Ave. Pennsylvania Ave Pennsylvania Ave. Ave PennsylvaniaAve. PennsylvaniaAve ❯ ruby wordsmith.rb –I usa-dc –r –m –k 8 Pennsylvania Ave. Pennsylvania Ave Pennsylvania PennsylvaniaAve. PennsylvaniaAve Min Length (-k): specify minimum char length
  28. 28. Tweaking Output 28 ❯ ruby wordsmith.rb –I usa-dc –r –m –D Pennsylvania Ave. Pennsylvania Ave PennsylvaniaAve. Windows Default complexity (-D): 8 char min, 3/4 cases ❯ ruby wordsmith.rb –I usa-sd –a –q –o SD.txt cities in ./data/usa/sd: 390 colleges in ./data/usa/sd: 37 counties in ./data/usa/sd: 66 landmarks in ./data/usa/sd: 16 fnames in ./data/usa/sd: 2319 areacodes in ./data/usa/sd: 1 roads in ./data/usa/sd: 15569 zipcodes in ./data/usa/sd: 394 religions: 145786 languages: 1107300 [*] 1252939 words written to: /opt/wordsmith/SD.txt Quiet output (-q), write results to file (-o sd.txt)
  29. 29. Prepending & Appending 29 • Prepend or Append: • Zip codes (-X,-Z) • Area codes (-P,-A) • User-supplied wordlist (-W,-Y) https://arstechnica.com/tech-policy/2016/08/if-youre-an-alleged-drug-dealer-dont-use-asshole209-as-a-password/
  30. 30. Prepending & Appending 30 ❯ cat years.txt 17 17! 2017 2017! years.txt: file I created with words I want to append ❯ ruby wordsmith.rb –I usa-sd –f -m –Y years.txt ... Augustana Augustana17 Augustana17! Augustana2017 Augustana2017! BlackHills BlackHills17 BlackHills17! BlackHills2017 BlackHills2017! ... Grab colleges (-f), mangle (-m), then append custom wordlist (-Y)
  31. 31. Names 31 ❯ cat data/usa/fnames.txt James John Robert Michael Mary ... ❯ cat data/usa/lnames.txt Smith Johnson Williams Brown Jones ... • Most common baby names in each state since 1910 • -G: most common first names • -L: most common last names • -N: all names
  32. 32. Username Generation 32 ❯ ruby wordsmith.rb –h <other options snipped> Username Generation Options: --filn FirstInitialLastName (bsmith) --fnln FirstNameLastName (bobsmith) --fnli FirstNameLastInitial (bobs) --lnfi LastNameFirstInitial (smithb) --lnfn LastNameFirstName (smithbob) --fidln FirstInitial.LastName (b.smith) --fndln FirstName.LastName (bob.smith) --truncate LEN Truncate username at LEN number of chars (bobsmi) --max-users LEN Max number of usernames to generate --name-depth LEN Num of first/last names to iterate over (default:100, 0 will get all) • Generate different username formats • Use --max-users and --name-depth to handle speed & volume
  33. 33. Username Generation 33 ❯ ruby wordsmith.rb –I usa --fnln JamesSmith JamesJohnson JamesWilliams JamesBrown JamesJones JamesGarcia JamesMiller ... First name Last Name ❯ ruby wordsmith.rb –I usa --fndln James.Smith James.Johnson James.Williams James.Brown James.Jones James.Garcia James.Miller ... First name (dot) Last Name
  34. 34. Username Generation 34 ❯ ruby wordsmith.rb –I usa –filn –-truncate 8 ... aDavis aRodrigu aMartine aHernand aGonzale aWilson aAnderso ... Truncate down to 8 characters ❯ ruby wordsmith.rb –I usa –lnfn –q usernames in ./data/usa: 10000 ❯ ruby wordsmith.rb –I usa –lnfn –q --name-depth 250 usernames in ./data/usa: 62500 ❯ ruby wordsmith.rb –I usa –lnfn –q --name-depth 1000 usernames in ./data/usa: 1000000 Adjust --name-depth to generate more usernames
  35. 35. Ireland – Interesting Password Recoveries 36 • Cork1234 • Carlow123 • Dublin1234 • Seapoint1916 • Artane2016 • Templeroan2009 • Donegal56 • ParkLodge30! • Portishead01 • Tipperary2 • Larkfield18 • Wolseley2014 • Farriers40 • 5RotheAbbey
  36. 36. Multinational Organization Results 37 • Organization has offices in USA, Australia and Canada • Unable to disclose total number of hashes Wordlist Hashcat run time Number of passwords recovered Top 10k (10k words) 4 sec Rockyou (14.4m words) 30 mins AUS, CAN, USA Wordlist (7.3m words) 13 mins 256 476 241 ruby wordsmith.rb -I aus,can,usa -a -j -q -m -o aus-can-usa-all-lowercase-q-m.txt
  37. 37. Multinational – Interesting Password Recoveries 38 Australia: • Bayswater2017 • Primavera001 • Padstow123! • Queenslander2015 • Razorback1965 • Parramatta16 • Sydney201% Canada • !Matthew2222 • Canada1984 • Vancouver186 USA • Bernie424! • ColoradoSprings3! • ChicagoCubs2016 • BostonCeltics29 • Anakin2005s • Denean1973 • Cubbie221! • Metrocenter11
  38. 38. KrbGuess using USA Usernames 39 ❯ ruby wordsmith.rb -I usa --filn --name-depth 10000 -q -o filn-usa- 260k.txt usernames in ./data/usa: 260000 ❯ java -jar krbguess.jar --realm corp.trevorforget.com --dict filn-usa- 260k.txt --server 10.10.10.10 --output corp-krbguess-1.log KrbGuess v0.21 by Patrik Karlsson <patrik@cqure.net> ==================================================== [INF] Found user: aAbraham@corp.trevorforget.com [INF] Found user: aAhmad@corp.trevorforget.com [INF] Found user: aAlam@corp.trevorforget.com [INF] Found user: aAli@corp.trevorforget.com [INF] Found user: aArcher@corp.trevorforget.com [INF] Found user: aBaker@corp.trevorforget.com [INF] Found user: aBeck@corp.trevorforget.com [INF] Found (locked/disabled) user: aBrown@corp.trevorforget.com ... <snipped> ... [INF] Finished guessing 260000 usernames in 469 seconds ❯ cat corp-krbguess-1.log | grep -i found | grep -v disabled | wc -l 505
  39. 39. • Collecting and collating this data required the development of some parsers Parsers 40 ❯ git clone https://github.com/skahwah/wordsmith_parsers.git ❯ ls LICENSE cia-parsers landmark-parser osm-parsers README.md census-parsers names-parsers religion-parsers https://github.com/skahwah/wordsmith_parsers
  40. 40. Future Work 41 • Data! – Diving deeper into OpenStreetMap – Popular song lyrics (h/t @pfizzell) – Got ideas? We’d love to hear them! • Skills – GIS – Multiple language speakers – Obscure website hunting & scraping • Design – Lookups based on coordinates – API? (h/t @pfizzell)
  41. 41. Thank you! 42 Sanjiv Kawa @hackerjiv S R . P E N E T R A T I O N T E S T E R P S C / N C C G R O U P Tom Porter @porterhau5 S R . S E C U R I T Y C O N S U L T A N T F U S I O N X R E D T E A M https://github.com/skahwah/wordsmith

×