Nmap Development mailing list archives
Re: Replacing passwords.lst
From: Ron <ron () skullsecurity net>
Date: Fri, 5 Mar 2010 14:52:20 -0600
On Fri, 5 Mar 2010 11:46:07 -0700 David Fifield <david () bamsoftware com> wrote:
And what does the Cracked_phpbb column look like with the top 10, 100, and 200 passwords from current passwords.lst?
So, this morning I was using Excel and doing a lot of old tricks I learned in the before times. It looks like the results weren't 100% accurate -- I'm using some Linux tools now and I'm getting different (better!) results. I'll post the command that generated all these after: +++against phpbb+++ Top PWs Nmap Rockyou John Cain&Able 10 8 9 10 3 100 90 99 98 58 200 155 197 197 66 500 479 487 69 1000 935 934 81 2000 1763 1711 102 +++against myspace+++ Top PWs Nmap Rockyou John Cain&Able 10 8 7 8 0 100 98 67 53 20 200 197 116 95 20 500 220 182 20 1000 378 286 24 2000 643 420 24 +++against leaked Hotmail passwords+++ Top PWs Nmap Rockyou John Cain&Able 10 2 8 6 1 100 8 49 29 21 200 10 87 45 21 500 10 187 86 21 1000 10 283 135 23 2000 10 412 194 24 That's actually really surprising -- Nmap's list kicked ass against Myspace, followed by Rockyou, John, and Cain&Able. phpbb was a much closer run -- pretty much a tie between Rockyou and John, followed by Nmap then Cain&Able. On the Hotmail passwords, which are more difficult because Hotmail actually has password policies, the Rockyou.com passwords were the clear winners. Here is the command I was using: - for j in 10 100 200 500 1000 2000; do echo -ne "$j: "; for i in `cat $LIST | head -n$j` ; do grep -Fx "$i" $TESTFILE; done | wc -l; done - -- Ron Bowes http://www.skullsecurity.org http://www.twitter.com/iagox86 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Replacing passwords.lst Ron (Mar 04)
- Re: Replacing passwords.lst Brandon Enright (Mar 04)
- Re: Replacing passwords.lst Ron (Mar 05)
- Re: Replacing passwords.lst David Fifield (Mar 05)
- Re: Replacing passwords.lst Brandon Enright (Mar 05)
- Re: Replacing passwords.lst Brandon Enright (Mar 05)
- Re: Replacing passwords.lst Ron (Mar 05)
- Re: Replacing passwords.lst Kris Katterjohn (Mar 05)
- Re: Replacing passwords.lst Ron (Mar 05)
- Re: Replacing passwords.lst Ron (Mar 05)
- Re: Replacing passwords.lst Brandon Enright (Mar 05)
- Re: Replacing passwords.lst Fyodor (Mar 06)
- Re: Replacing passwords.lst Ron (Mar 06)
- Re: Replacing passwords.lst David Fifield (Mar 06)
- Re: Replacing passwords.lst Martin Holst Swende (Mar 06)
- Re: Replacing passwords.lst Brandon Enright (Mar 04)
- Re: Replacing passwords.lst David Fifield (Mar 12)
- Re: Replacing passwords.lst Fyodor (Mar 12)
- Re: Replacing passwords.lst David Fifield (Mar 16)