RE: Fwd: password list generation

[<whip () netspace net au>]

I'd agree. Write you own script to take a string and generate a list of
permutations, based on your own variation. Will come in very handy for
future pen tests.


Scott

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Radu Oprisan
Sent: Wednesday, 15 August 2007 6:33 AM
To: sami seclist
Cc: security-basics () securityfocus com
Subject: Re: Fwd: password list generation

sami seclist wrote:
> Hi list,
>
> I am pentesting the backbone of an ISP. There are several ssh and
> telnet ports open, and I would like to launch a brute force password
> attack. However, i want to lower the number of possibilities to try to
> those common combinations we all use in our company (ACME2007,
> AcmE2OO7, AcMe123, etc.).
> is anybody aware of a tool that can generate a list of passwords from
> a root word, the company name for example, or is there any source that
> lists all the trivial combination of words commonly used as passwords.
>
> Thanks guys.

You can probably find password lists by using google.
Modifying a password list by adding numbers should be very simple,
however, modifying case should be a job for a perl script and should not
be used because it would generate a huge list. For example:

base: acme
1: Acme
2: ACme
3: ACMe
4: ACME
5: aCme
& so on




-- 
No virus found in this incoming message.
Checked by AVG Free Edition. 
Version: 7.5.476 / Virus Database: 269.11.19/953 - Release Date: 14/08/2007
5:19 PM


No virus found in this incoming message.
Checked by AVG Free Edition. 
Version: 7.5.476 / Virus Database: 269.11.19/953 - Release Date: 14/08/2007
5:19 PM
 

No virus found in this outgoing message.
Checked by AVG Free Edition. 
Version: 7.5.476 / Virus Database: 269.11.19/953 - Release Date: 14/08/2007
5:19 PM