Re: Password lists

From: Illuminatus Master (illuminatus.master@gmail.com)
Date: Thu Aug 04 2005 - 15:30:32 EDT

• Next message: J. Theriault: "Re: Password lists"
• Previous message: Alexandre Paradis: "RE: Is there any way to measure IT Security??"
• In reply to: dareios: "Password lists"
• Next in thread: J. Theriault: "Re: Password lists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

The best approach (in my opinion) is to create your word lists based
on what you will be using the wordlists for, brute forcing, password
cracking etc. You can use the same list for Hydra that you use for
John and so forth.

A google search for wordlists returns many good hits:
http://www.google.com/search?hl=en&q=wordlists&btnG=Google+Search

I also add the wordlists used by common worms such as the
agobot/phatbot strains.
As an example:
http://www.f-secure.com/v-descs/agobot_fo.shtml

Dont forget to add the default passwords either:
http://www.phenoelit.de/dpl/dpl.html

Try and keep your number of lists small (I use exactly two), when you
feed a wordlist into a tool you dont want it to run for 60 seconds and
need another list. Use comprehensive, focused lists and save yourself
some work.

Additionally, you can use a word list generator (google it), and set
your own requirements for the list. Go have a look around with Google
and you'll find more word lists and resources than you can use.

On 8/4/05, dareios <dareios@gmx.at> wrote:
> Hi!
>
> I am searching for "good" lists of common passwords. The definiton of good
> in this context is that the passwords in the list are different from the
> "aaaaa aaaab ... zzzzz" approach and contain also special characters (eg not
> only words from a dictionary).
> I want to use them with bruteforcers like "hydra". Does anybody know some
> pointers where to find (or generate?) such lists?
>
> Several pentesting live-distros like Auditor contain such lists. How useful
> are they?
>
> -dareios
>
> --
> 5 GB Mailbox, 50 FreeSMS http://www.gmx.net/de/go/promail
> +++ GMX - die erste Adresse für Mail, Message, More +++
>
> ------------------------------------------------------------------------------
> FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't
>
> Learn the hacker's secrets that compromise wireless LANs. Secure your
> WLAN by understanding these threats, available hacking tools and proven
> countermeasures. Defend your WLAN against man-in-the-Middle attacks and
> session hijacking, denial-of-service, rogue access points, identity
> thefts and MAC spoofing. Request your complimentary white paper at:
>
> http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
> -------------------------------------------------------------------------------
>
>

------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------

• Next message: J. Theriault: "Re: Password lists"
• Previous message: Alexandre Paradis: "RE: Is there any way to measure IT Security??"
• In reply to: dareios: "Password lists"
• Next in thread: J. Theriault: "Re: Password lists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:41 EDT