Extracting Gold: Creating Wordlists from AXIOM Cases to Crack Passwords
Happy New Year everyone! Wishing you all a great 2018 full of successful investigations, RAID arrays that never fail, and passwords that are easy to crack. ?
Cracking passwords is an unfortunate necessity of “the job” that has only increased over the past years. With better encryption, security, and more people using stronger passwords (or passwords at all!), it’s become increasingly difficult to get to the data. There are some fantastic tools out there (both open source and commercial) to assist with password cracking, but the complexity of the password hashing and encryption continues to increase, exemplified by the recent Apple increase to 10,000,000 hash iterations from 10,000, and other data points outlined here.
In my travels throughout 2017 (and prior), one of the recurring requests I’ve heard is for the ability to create wordlists from AXIOM cases. The data recovered from an image/drive/smartphone/cloud by AXIOM is generally going to contain a majority of the user-related activity, and very importantly, much of the user-inputted data. This data could contain complete or partial passwords, or words used in passwords, which is greatly beneficial when attempting to crack a password.
As mentioned earlier, the complexity of password hashing/encryption continues to increase, which makes brute-force password attacks much slower. It’s crucial to have good wordlists available to make your password attacks smarter and faster, leveraging a dictionary attack rather than just brute force.
Announcing a New Free Tool: Magnet AXIOM Wordlist Generator
To assist with that challenge, we are releasing the AXIOM Wordlist Generator. This is a free tool (free as in “free beer”! ?) that will extract words from your AXIOM case(s) and put them into a simple de-duplicated text file, one word per line. It also supports running against multiple cases if you want to run it against a folder full of current and historical cases. If you have a wordlist file you want to keep appending to as new cases come in, that option is available as well.
How to Use the Tool
Usage of the tool is fairly simple. If you wish to extract words from a single case, leave “Include subfolders” unchecked and click the first “Browse” button to select your AXIOM case folder. If you would like to extract words from multiple cases, check the “Include subfolders” checkbox and click the first “Browse” button to select the parent folder that contains all the AXIOM cases/folders you want to extract from.
Next, click the second “Browse” button to select an output file for the extracted words. If this is an existing file that you want to append to (an ongoing wordlist you want to continue growing) then check the “Append to output file, if it already exists” checkbox. Otherwise, if the selected output file exists, it will be overwritten.
That’s it! Click “Start” to begin the wordlist generation.
You can download this tool here.
Get a New White Paper with More Information
Once you have your wordlist, you can use it with many different password cracking tools out there. Our Director of Training, Jamey Tubbs, has put together a great white paper for you to download that will walk you through this step, outlining a great success story he had while testing this new tool.
Finally, stay tuned! We may have some interesting new additions to AXIOM in an upcoming release that will simplify a lot of this. ?
Thanks for your support in 2017 and prior years. We’re excited about 2018 and what we’re working on this year to continually serve you better and support you in your missions. As always, please be candid with us and let us know where we can improve, and feel free to share any ideas, suggestions, or concerns with us. We want to hear from you! Your feedback continues to help us shape our strategy and direction.
Wishing you a Happy 2018,
Jad and the Magnet Team