Re: Password lists

From: James Leighe (jamesleighe@gmail.com)
Date: Tue Aug 23 2005 - 08:18:17 EDT

• Next message: Gonenc, Ozan: "RE: QualysGuard - VA/PT appliance"
• Previous message: ak@red-database-security.com: "New tool: Oracle Password Checker"
• In reply to: Andrew Meyers: "RE: Password lists"
• Next in thread: Michael Wood: "Re: Password lists"
• Reply: Michael Wood: "Re: Password lists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Here are some pretty good word lists:
http://www.packetstormsecurity.org/Crackers/wordlists/

Also, I know that programs exist out there that are able to generate
password lists, even though I'm skeptical of the usefulness of such a
program... just keep looking!

On 04/08/05, Andrew Meyers <AMeyers@msolgroup.com> wrote:
> Here is a link (its cached from google) that a trainer from Foundstone showed me (his website) of the 51 most common passwords that worked 80% of the time to penetrate a network
>
> http://66.102.7.104/search?q=cache:N60gEe8eS8UJ:hig.beesecure.org/r005_password_guessing_works.html+51+common+passwords+beesecure&hl=en&client=firefox-a
>
>
> if the link doesn't work here is the article itself:
>
>
>
> There are many "Default Password Lists" on the internet that are fairly comprehensive. Many of them are too big. Over the past few years, I've compiled a personal list of passwords that I've run across. When doing internal assessments against NT environments, one of these 51 passwords get me in 80% of the time. I'm interested in adding to this list. Please send me any common passwords (for Domain Admin's) you may have run into.
>
> Begin list:
>
> 123456
> 1234567
> 12345678
> 123asdf
> Admin
> admin
> administrator
> asdf123
> backup
> backupexec
> changeme
> clustadm
> cluster
> compaq
> default
> dell
> dmz
> domino
> exchadm
> exchange
> ftp
> gateway
> guest
> lotus
> money
> notes
> office
> oracle
> pass
> password
> password!
> password1
> print
> qwerty
> replicate
> seagate
> secret
> sql
> sqlexec
> temp
> temp!
> temp123
> test
> test!
> test123
> tivoli
> veritas
> virus
> web
> www
> KKKKKKK
>
> End List.
>
> When I brutre force, I use username:username first, then this list. Do *not* forget to include a blank line in the above password list. Many accounts have blank passwords. That's it.
>
> --Aaron Higbee, CISSP aaron@beesecure.org
>
> Andy Meyers
> Systems Engineer
> Managed Solution
> ameyers@mssandiego.com
>
> -----Original Message-----
> From: dareios [mailto:dareios@gmx.at]
> Sent: Thursday, August 04, 2005 2:53 AM
> To: pen-test@securityfocus.com
> Subject: Password lists
>
> Hi!
>
> I am searching for "good" lists of common passwords. The definiton of good
> in this context is that the passwords in the list are different from the
> "aaaaa aaaab ... zzzzz" approach and contain also special characters (eg not
> only words from a dictionary).
> I want to use them with bruteforcers like "hydra". Does anybody know some
> pointers where to find (or generate?) such lists?
>
> Several pentesting live-distros like Auditor contain such lists. How useful
> are they?
>
> -dareios
>
> --
> 5 GB Mailbox, 50 FreeSMS http://www.gmx.net/de/go/promail
> +++ GMX - die erste Adresse für Mail, Message, More +++
>
> ------------------------------------------------------------------------------
> FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't
>
> Learn the hacker's secrets that compromise wireless LANs. Secure your
> WLAN by understanding these threats, available hacking tools and proven
> countermeasures. Defend your WLAN against man-in-the-Middle attacks and
> session hijacking, denial-of-service, rogue access points, identity
> thefts and MAC spoofing. Request your complimentary white paper at:
>
> http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
> -------------------------------------------------------------------------------
>
>
> ------------------------------------------------------------------------------
> FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't
>
> Learn the hacker's secrets that compromise wireless LANs. Secure your
> WLAN by understanding these threats, available hacking tools and proven
> countermeasures. Defend your WLAN against man-in-the-Middle attacks and
> session hijacking, denial-of-service, rogue access points, identity
> thefts and MAC spoofing. Request your complimentary white paper at:
>
> http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
> -------------------------------------------------------------------------------
>
>

• Next message: Gonenc, Ozan: "RE: QualysGuard - VA/PT appliance"
• Previous message: ak@red-database-security.com: "New tool: Oracle Password Checker"
• In reply to: Andrew Meyers: "RE: Password lists"
• Next in thread: Michael Wood: "Re: Password lists"
• Reply: Michael Wood: "Re: Password lists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:46 EDT