Penetration Testing mailing list archives
Re: Password lists
From: Illuminatus Master <illuminatus.master () gmail com>
Date: Thu, 4 Aug 2005 15:30:32 -0400
The best approach (in my opinion) is to create your word lists based on what you will be using the wordlists for, brute forcing, password cracking etc. You can use the same list for Hydra that you use for John and so forth. A google search for wordlists returns many good hits: http://www.google.com/search?hl=en&q=wordlists&btnG=Google+Search I also add the wordlists used by common worms such as the agobot/phatbot strains. As an example: http://www.f-secure.com/v-descs/agobot_fo.shtml Dont forget to add the default passwords either: http://www.phenoelit.de/dpl/dpl.html Try and keep your number of lists small (I use exactly two), when you feed a wordlist into a tool you dont want it to run for 60 seconds and need another list. Use comprehensive, focused lists and save yourself some work. Additionally, you can use a word list generator (google it), and set your own requirements for the list. Go have a look around with Google and you'll find more word lists and resources than you can use. On 8/4/05, dareios <dareios () gmx at> wrote:
Hi! I am searching for "good" lists of common passwords. The definiton of good in this context is that the passwords in the list are different from the "aaaaa aaaab ... zzzzz" approach and contain also special characters (eg not only words from a dictionary). I want to use them with bruteforcers like "hydra". Does anybody know some pointers where to find (or generate?) such lists? Several pentesting live-distros like Auditor contain such lists. How useful are they? -dareios -- 5 GB Mailbox, 50 FreeSMS http://www.gmx.net/de/go/promail +++ GMX - die erste Adresse für Mail, Message, More +++ ------------------------------------------------------------------------------ FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't Learn the hacker's secrets that compromise wireless LANs. Secure your WLAN by understanding these threats, available hacking tools and proven countermeasures. Defend your WLAN against man-in-the-Middle attacks and session hijacking, denial-of-service, rogue access points, identity thefts and MAC spoofing. Request your complimentary white paper at: http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801 -------------------------------------------------------------------------------
------------------------------------------------------------------------------ FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't Learn the hacker's secrets that compromise wireless LANs. Secure your WLAN by understanding these threats, available hacking tools and proven countermeasures. Defend your WLAN against man-in-the-Middle attacks and session hijacking, denial-of-service, rogue access points, identity thefts and MAC spoofing. Request your complimentary white paper at: http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801 -------------------------------------------------------------------------------
Current thread:
- Password lists dareios (Aug 04)
- Re: Password lists ilaiy (Aug 04)
- RE: Password lists Prashant Meswani (Aug 04)
- Re: Password lists Illuminatus Master (Aug 04)
- Re: Password lists J. Theriault (Aug 04)
- Re: Password lists Isaias Calderon (Aug 04)
- Re: Password lists A. Ramos (Aug 05)
- Re: Password lists xyberpix (Aug 06)
- <Possible follow-ups>
- Fwd: RE: Password lists Greg (Aug 10)
- RE: Password lists Andrew Meyers (Aug 22)
- Re: Password lists Jeffrey Denton (Aug 23)
- Re: Password lists James Leighe (Aug 23)
- Re: Password lists Michael Wood (Aug 23)