Security Basics mailing list archives
Fun with passwords
From: Jon Kibler <Jon.Kibler () aset com>
Date: Thu, 03 Jul 2008 21:39:47 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 All, I recently had the opportunity to analyze a 'username password' file used by an SSH brute force program found on a hacked system. I thought the group may be interested in some stats I computed from that data set: Total entires in file 88,900 Unique user names 76,900 Joe accounts 76,400 Unique passwords 81,000 Unique non-Joe passwords 8,100 Passwords occurring more than once 240 Passwords occurring more than 3 times 35 The frequency of occurrence of the top 35 passwords were: 4 admin123 4 backup 4 condo 4 linux 4 oracle 4 rooted 5 123456789 5 gov 5 newpass 5 setup 5 user 6 server 6 sysadmin 7 guest 8 router 9 12345678 12 asdfgh 14 abcd1234 17 abc123 17 changeme 18 1234 18 1q2w3e 18 administrator 21 $changeme$ 21 123 23 12345 23 qwerty 24 root 29 admin 42 127 test123 129 test 139 passwd 1482 password 1858 123456 The number of passwords found for usernames with 15 or more passwords were: 15 chloe 15 jacob 15 jessica 15 julia 15 louise 15 man 15 mary 15 nobody 15 sarah 15 temp 15 tester 15 testing 15 web 16 lp 16 patricia 17 postgres 17 toor 18 alex 18 student 19 daemon 19 news 19 victoria 20 nasa 20 wwwrun 23 user 25 uucp 26 bin 26 guest 35 test 61 admin 114 apache 114 oracle 114 webmaster 3388 root So, I guess the lesson that we should learn from this data is, that to avoid being the victim of an SSH brute force attack, we should set all of our root passwords to 123456. :-) I hope someone can put these stats to good use! Jon Kibler - -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-224-2494 s: 843-564-4224 My PGP Fingerprint is: BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhtf2MACgkQUVxQRc85QlOChQCfWj4m4V8cqtb5AOmmfov6eq8v SX4AoKHUmntf0v735laHYadIOMdZVMdF =NUjk -----END PGP SIGNATURE----- ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
Current thread:
- Fun with passwords Jon Kibler (Jul 04)