Nmap Development mailing list archives
Re: [nmap-svn] r12027 - nmap/docs
From: Fyodor <fyodor () insecure org>
Date: Sat, 7 Feb 2009 14:11:51 -0800
On Sat, Feb 07, 2009 at 03:23:17PM -0600, Ron wrote:
+o Get better password data for unpw + o perhaps from Solar Designer. + o perhaps add phpbb hack data (there is at least a list of 28,635 + passwords in phpbb_users.sql, and possibly more in other files.I put together a list of password lists on my wiki[1], the most interesting one being the list of phished MySpace passwords, ordered by the frequency of use. Might be worth looking at that one, too.
Nice.
I'd like to add phpbb_users.sql to my list, does anybody know where I can get a copy of it (or does anybody have a unique username/password in the list that I can google for:) )? (the links I've seen have been taken down)
I don't want to publicly post all the files, because I'm sure many users use the same password for their email and other accounts. But a list of just how many times each password was found doesn't hurt anything. So I placed such a list here in this temporary directory: http://insecure.org/tmp/c/phbb-top-pw.txt Of course my not posting the full files does little considering anyone can get it from The Pirate Bay (search for phpbb). I think these 28,635 passwords are just the easiest ones for the hacker to crack. So they are biased toward lame passwords. We could likely create a better file with some password cracking effort. Though we might want to wait a month or more before posting any results from such an effort, so the victims have more time to change their passwords. Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: [nmap-svn] r12027 - nmap/docs Ron (Feb 07)
- Re: [nmap-svn] r12027 - nmap/docs Fyodor (Feb 07)