Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Password lists

From: Illuminatus Master <illuminatus.master () gmail com>
Date: Thu, 4 Aug 2005 15:30:32 -0400
The best approach (in my opinion) is to create your word lists based
on what you will be using the wordlists for, brute forcing, password
cracking etc. You can use the same list for Hydra that you use for
John and so forth.

A google search for wordlists returns many good hits:
http://www.google.com/search?hl=en&q=wordlists&btnG=Google+Search

I also add the wordlists used by common worms such as the
agobot/phatbot strains.
As an example:
http://www.f-secure.com/v-descs/agobot_fo.shtml

Dont forget to add the default passwords either:
http://www.phenoelit.de/dpl/dpl.html

Try and keep your number of lists small (I use exactly two), when you
feed a wordlist into a tool you dont want it to run for 60 seconds and
need another list. Use comprehensive, focused lists and save yourself
some work.

Additionally, you can use a word list generator (google it), and set
your own requirements for the list. Go have a look around with Google
and you'll find more word lists and resources than you can use.

On 8/4/05, dareios <dareios () gmx at> wrote:

Hi!

I am searching for "good" lists of common passwords. The definiton of good
in this context is that the passwords in the list are different from the
"aaaaa aaaab ... zzzzz" approach and contain also special characters (eg not
only words from a dictionary).
I want to use them with bruteforcers like "hydra". Does anybody know some
pointers where to find (or generate?) such lists?

Several pentesting live-distros like Auditor contain such lists. How useful
are they?

-dareios

--
5 GB Mailbox, 50 FreeSMS http://www.gmx.net/de/go/promail
+++ GMX - die erste Adresse für Mail, Message, More +++

------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------




------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: