Friday, May 7, 2010

Installing CeWL in BT4

A great way to build custom password lists to feed into password crackers is by profiling the target’s websites using CeWL. More information on CeWL can be found here: CeWL - DigiNinja

Getting CeWL installed on BT4 takes a little bit of work. Since I just got done doing this very thing, i figured I'd share the steps needed to do the trick. The first thing to do is download the latest version of Ruby Gems (BT4 comes with 1.2.0, I believe).

tar -xvf rubygems-1.3.6.tgz
rm rubygems-1.3.6.tgz
cd rubygems-1.3.6/
ruby setup.rb
gem –v (verifying the version is 1.3.6)

Once this is complete, download the latest version of CeWL from the project's website.

cd /pentest/passwords
tar –xvjf cewl_3.0.tar.bz2
rm cewl_3.0.tar.bz2
cd cewl

Now there are some dependencies needed to run the program.

apt-get install libxml2-dev libxslt-dev libimage-exiftool-perl
gem install mime-types archive-tar-minitar nokogiri echoe hoe rcov zip rubyzip mini_exiftool http_configuration spider hpricot
export RUBYOPT=rubygems

Once we’re at this point, test it out and make sure it is functional.

./cewl.rb -d 2 -v VICTIM_URL

Assuming it works you can now begin creating custom password lists based on our target of choice.

No comments:

Post a Comment