Nmap Development mailing list archives
Re: wordlists for Ncrack
From: ithilgore <ithilgore.ryu.l () gmail com>
Date: Wed, 29 Jul 2009 02:34:26 +0300
Brandon Enright wrote:
On Tue, 28 Jul 2009 21:14:10 +0200 Sebastien Raveau <sebastien.raveau () epita fr> wrote:On Tue, 28 Jul, 2009 at 16:30:10 +0400, Solar Designer <solar_at_openwall.com> wrote:Obviously, most of these wordlists are too large to be used with Ncrack.If your wordlists are too large, what does it make my 58,427,177 words list? :-P http://blog.sebastien.raveau.name/2009/03/cracking-passwords-with-wikipedia.htmlComparing the size of one's cracking dictionary is a digital pissing contest. A more important measure of a dictionary is not its size but its relative cracking efficiency. Increasing the size runs into diminishing returns. If you are doing offline, unsalted list cracking then bigger is better. If have limited cracking resources you need to use your time efficiently. John's wordlist is an exercise in efficiency rather than completeness.
Exactly. Ncrack lists need to be efficient rather than just lengthy. We are talking about network cracking here.
Agreed it is a bit too "raw" at the moment (I'll work on that) but it has already proven its usefulness already: http://reusablesec.blogspot.com/2009/04/ok-some-actual-results.html so I thought I should mention it here as it might interest some of you in general, if not for using it with Ncrack :-)Indeed, I've had a lot of success compiling similar word lists. I too used Wikipedia (EN only) as starting point. One of the better sources I've compiled from are the 14,000 wikis hosted by Wikia: http://wikistats.wikia.com/dbdumps/dbdumps.html This includes wikis like Star Wars, Star Trek, World of Warcraft, etc.Also, speaking of Matt Weir's blog (which is great overall on the topic of password cracking) he just released a passphrase dictionary: http://reusablesec.blogspot.com/2009/07/pass-phrase-input-dictionary.htmlMatt has done some good work. He is giving a talk at DEFCON on his phbbb cracking efforts that I'm looking forward to.
That would definitely be interesting. I hope DEFCON is going to upload the streaming videos of the talks soon enough, for those who won't be able to attend.
Back to password lists for Nmap, Nmap/Ncrack can't ship a 10GB password list, not even a 100MB list. We need to ship an efficient list. With that in mind, I too have been working on cracking the phpbb passwords. Of the 189766 unsalted MD5 hashes, I've cracked 176620. That's 93% ;-) http://noh.ucsd.edu/~bmenrigh/phpbb/ I've posted the cracked passwords as well as a count of the hashes sorted by frequency. A little real-word data is a good thing. I'd suggest that we cherry pick the top 100-500 passwords from this list to augment the list that we end up shipping.
That's probably a nice source to use some passwords. The question is: how would you choose the top 100-500 passwords? By doing a quick parsing at your list, the only passwords with a frequency of more than 1, were "frag" "life" and who-would-guess "phpbb" but that's only 3. We can see however that a lot of them start with the string "php" and the combinations from that are a lot. We could use that part of the list as the specialized http-specific password list for Ncrack. As I said earlier, Ncrack is going to ship with a default list with a golden-ratio between size and being as generic as possible, and some service-specific lists for more specialized cracking sessions. Of course, more than 1 lists could exist for one service. For example, we could have a phpbb-related list that would apply more to forums and another one that would apply to web server basic/digest-auth protected areas. Both of them would be related to the http-service.
I've been ridiculously busy lately but at some point this summer I hope to publish detailed analysis of my cracking efforts and some metrics on the passwords cracked so far. I put a lot of engineering time into this cracking. Don't steal my thunder by doing analysis using my cracked list.
I am looking forward to your analysis.
Brandon
-- ithilgore _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: wordlists for Ncrack Sebastien Raveau (Jul 28)
- Re: wordlists for Ncrack Brandon Enright (Jul 28)
- Re: wordlists for Ncrack ithilgore (Jul 28)
- Re: wordlists for Ncrack Brandon Enright (Jul 28)
- Re: wordlists for Ncrack ithilgore (Jul 28)
- Re: wordlists for Ncrack David Fifield (Jul 28)
- Re: wordlists for Ncrack Brandon Enright (Jul 28)
- Re: wordlists for Ncrack ithilgore (Jul 28)
- Re: wordlists for Ncrack Brandon Enright (Jul 28)
- Re: wordlists for Ncrack Sebastien Raveau (Jul 29)