Computer Based Social Engineering Tools: Who's Your Daddy Password Profiler (WYD)

From Learn to be a true Social Engineer

Wyd - The password profiler

Download: wyd-0.2.tar.gz
SHA-1: 45d8bceb158f0f0864be77b0869cc463f6813dc0
Author: Max Moser & Martin J. Muench

Background

In current IT security environments, files and services are often password protected. In certain situations it is required to get access to files and/or data even when they are protected and the password is unknown.

wyd.pl was born of those two of situations:
• A penetration test should be performed and the default wordlist does not contain a valid password
• During a forensic crime investigation a password protected file must be opened without knowing the the password.

The general idea is to personalize or profile the available data about a "target" person or system and generate a wordlist of possible passwords/passphrases out of the available information. Instead of just using the command 'strings' to extract all the printable characters out of all type of files, we wanted to eliminate as much false-positives as possible.

The goal was to exclude as much "unusable" data as possible to get an effective list of possible passwords/passphrases.

Generic Usage

Usage: wyd.pl [OPTIONS] [file(s)|directory]

Possible OPTIONS are:

-o [file] = The file where all extracted words will be written to. If omitted, all words gets printed to STDOUT.

-t = Create separate files for each type. This option required the -o [file] and creates single files for each type. E.g. when [file] = 'list.txt' and there are words found in MP3, plain-text and HTML files, 'list.txt.mp3', 'list.txt.plain' and 'list.txt.html' will be created.

-s [min-len] = When you have a lot of unsupported file formats, which are not ascii based, you can use this option to parse all unknown filetypes using the UNIX command 'strings'. The parameter [min-len] is a number which defines the minimum length of a printable sequence of characters. All shorter sequences will be ignored. The problem with 'strings' is, that it will detect a lot of useless "false-positives".

-b = Disable the removal of non-alpha chars at start of word. By default all non-alpha numeric characters at the beginning of a word are removed.

-e = Disable the removal of non-alpha chars at end of word. By default all non-alpha numeric characters at the end of a word are removed.

-f = Disable inclusion of filenames (without extensions) in wordlist. By default, the filenames itself are also included in the wordlist as they may contain product/project names, names of songs (which do not have an IDv1/IDv3 tag), e.g.

-v = Enable debugging/verbose mode

[file(s)|directory] can be either a single file or directory or a list of files/directories.

Screen Shot

Supported File Types

• plain
  
• html
  
• php (partially, as html)
  
• doc
  
• pdf
  
• mp3
  
• ppt
  
• jpeg
  
• odt / ods / odp
  

Additionally all unknown files with MIME type text/plain are processed using the plain module or the strings usage.

Changes

+ 0.2
- New Plugins for: JPEG, ODT
- '-n' switch to disable modules-abort check
- Fixed bug in HTML which resulted in no words being extracted

+ 0.1
- Initial Release


Examples usages:
See 'docs/example-usage.txt'.

Writing modules to support other filetypes natively:
See 'docs/writing_modules.txt'

Authors

Max Moser
WYD CO-AUTHOR
• Nick Name: _MAX_
• Home Page: www.remote-exploit.org
• Blog: remote-exploit.blogspot.com
• Twitter: twitter.com/rexploit
• E-Mail: mmo (-@-) remote-exploit.org

Martin J. Muench
WYD CO-AUTHOR
• Nick Name: MaJoMu
• Home Page: www.codito.de
• E-Mail: mjm (-@-) remote-exploit.org