Penetration Testing mailing list archives
Re: Password lists
From: "Michael Wood" <mike () itnetsec com>
Date: Tue, 23 Aug 2005 18:09:44 -0400 (EDT)
Here is another site that contains a large variety of wordlists: http://theargon.com/archives/wordlists/
Here are some pretty good word lists: http://www.packetstormsecurity.org/Crackers/wordlists/ Also, I know that programs exist out there that are able to generate password lists, even though I'm skeptical of the usefulness of such a program... just keep looking! On 04/08/05, Andrew Meyers <AMeyers () msolgroup com> wrote:Here is a link (its cached from google) that a trainer from Foundstone showed me (his website) of the 51 most common passwords that worked 80% of the time to penetrate a network http://66.102.7.104/search?q=cache:N60gEe8eS8UJ:hig.beesecure.org/r005_password_guessing_works.html+51+common+passwords+beesecure&hl=en&client=firefox-a if the link doesn't work here is the article itself: There are many "Default Password Lists" on the internet that are fairly comprehensive. Many of them are too big. Over the past few years, I've compiled a personal list of passwords that I've run across. When doing internal assessments against NT environments, one of these 51 passwords get me in 80% of the time. I'm interested in adding to this list. Please send me any common passwords (for Domain Admin's) you may have run into. Begin list: 123456 1234567 12345678 123asdf Admin admin administrator asdf123 backup backupexec changeme clustadm cluster compaq default dell dmz domino exchadm exchange ftp gateway guest lotus money notes office oracle pass password password! password1 print qwerty replicate seagate secret sql sqlexec temp temp! temp123 test test! test123 tivoli veritas virus web www KKKKKKK End List. When I brutre force, I use username:username first, then this list. Do *not* forget to include a blank line in the above password list. Many accounts have blank passwords. That's it. --Aaron Higbee, CISSP aaron () beesecure org Andy Meyers Systems Engineer Managed Solution ameyers () mssandiego com -----Original Message----- From: dareios [mailto:dareios () gmx at] Sent: Thursday, August 04, 2005 2:53 AM To: pen-test () securityfocus com Subject: Password lists Hi! I am searching for "good" lists of common passwords. The definiton of good in this context is that the passwords in the list are different from the "aaaaa aaaab ... zzzzz" approach and contain also special characters (eg not only words from a dictionary). I want to use them with bruteforcers like "hydra". Does anybody know some pointers where to find (or generate?) such lists? Several pentesting live-distros like Auditor contain such lists. How useful are they? -dareios -- 5 GB Mailbox, 50 FreeSMS http://www.gmx.net/de/go/promail +++ GMX - die erste Adresse für Mail, Message, More +++ ------------------------------------------------------------------------------ FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't Learn the hacker's secrets that compromise wireless LANs. Secure your WLAN by understanding these threats, available hacking tools and proven countermeasures. Defend your WLAN against man-in-the-Middle attacks and session hijacking, denial-of-service, rogue access points, identity thefts and MAC spoofing. Request your complimentary white paper at: http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801 ------------------------------------------------------------------------------- ------------------------------------------------------------------------------ FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't Learn the hacker's secrets that compromise wireless LANs. Secure your WLAN by understanding these threats, available hacking tools and proven countermeasures. Defend your WLAN against man-in-the-Middle attacks and session hijacking, denial-of-service, rogue access points, identity thefts and MAC spoofing. Request your complimentary white paper at: http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801 -------------------------------------------------------------------------------
Current thread:
- RE: Password lists, (continued)
- RE: Password lists Prashant Meswani (Aug 04)
- Re: Password lists Illuminatus Master (Aug 04)
- Re: Password lists J. Theriault (Aug 04)
- Re: Password lists Isaias Calderon (Aug 04)
- Re: Password lists A. Ramos (Aug 05)
- Re: Password lists xyberpix (Aug 06)
- Fwd: RE: Password lists Greg (Aug 10)
- RE: Password lists Andrew Meyers (Aug 22)
- Re: Password lists Jeffrey Denton (Aug 23)
- Re: Password lists James Leighe (Aug 23)
- Re: Password lists Michael Wood (Aug 23)