Nmap Development mailing list archives

Re: Replacing passwords.lst

From: Ron <ron () skullsecurity net>
Date: Tue, 16 Mar 2010 19:48:28 -0500

On Tue, 16 Mar 2010 18:33:17 -0600 David Fifield
<david () bamsoftware com> wrote:

On Fri, Mar 12, 2010 at 09:48:11PM -0800, Fyodor wrote:

On Fri, Mar 12, 2010 at 09:13:09PM -0700, David Fifield wrote:


I made this directory and copied the old MySpace passwords into
it. I didn't realize that Ron's databases were so huge--RockYou
is like 100 MB. I copied the first 10,000 lines of phpBB and
RockYou into the directory as well.


Yeah, that is huge.  And I know I sometimes complain about stuffing
large files in SVN.  But this is really useful data, so I'd support
storing more.  Rockyou is the biggest issue, as you noted.  My
suggestion for that is:


The sizes were not as bad as I thought at first. After stripping extra
spaces, we are left with

-rw-r--r--  1 david users  88K 2010-03-16 17:13 faithwriters.lst
-rw-r--r--  1 david users 103K 2010-03-16 17:14 hotmail.lst
-rw-r--r--  1 david users 421K 2010-03-16 17:07 myspace.lst
-rw-r--r--  1 david users 1.9M 2010-03-16 17:18 phpbb.lst
-rw-r--r--  1 david users  58M 2010-03-16 17:24 rockyou.lst.bz2

I wrote a simple program to sum the counts from several password files
and output the top n passwords. Using the five lists above, I
regenerated our nselib/data/passwords.lst. The program automatically
does bz2 decompression based on filename so keeping compressed lists
isn't inconvenient.

David Fifield


That's great news! I almost want to do a -iR with smb-brute. *almost*. :)

Brandon had some ideas to get better stats from the password dictionaries than straight counts -- basically, weighing 
the quality of the lists and of each word. But we've talked about improving the dictionary in the past and nothing came 
of it, so I'm glad it's been done. 

-- 
Ron Bowes
http://www.skullsecurity.org
http://www.twitter.com/iagox86
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Re: Replacing passwords.lst, (continued)
- - - Re: Replacing passwords.lst David Fifield (Mar 12)
    - Re: Replacing passwords.lst Fyodor (Mar 12)
    - Re: Replacing passwords.lst David Fifield (Mar 16)
    - Re: Replacing passwords.lst Brandon Enright (Mar 16)
    - Re: Replacing passwords.lst David Fifield (Mar 16)
    - Re: Replacing passwords.lst Brandon Enright (Mar 16)
    - Re: Replacing passwords.lst Fyodor (Mar 16)
    - Re: Replacing passwords.lst Ron (Mar 17)
    - RE: [BULK] Re: Replacing passwords.lst Norris Carden (Mar 17)
    - Re: [BULK] Re: Replacing passwords.lst Ron (Mar 17)
    - Re: Replacing passwords.lst Ron (Mar 16)
    - Re: Replacing passwords.lst Fyodor (Mar 16)
    - Re: Replacing passwords.lst Fyodor (Mar 16)
- Re: Replacing passwords.lst Richard Miles (Mar 04)