Re: Password lists

From: Michael Wood (mike@itnetsec.com)
Date: Tue Aug 23 2005 - 18:09:44 EDT


Here is another site that contains a large variety of wordlists:
http://theargon.com/archives/wordlists/

> Here are some pretty good word lists:
> http://www.packetstormsecurity.org/Crackers/wordlists/
>
> Also, I know that programs exist out there that are able to generate
> password lists, even though I'm skeptical of the usefulness of such a
> program... just keep looking!
>
> On 04/08/05, Andrew Meyers <AMeyers@msolgroup.com> wrote:
>> Here is a link (its cached from google) that a trainer from Foundstone
>> showed me (his website) of the 51 most common passwords that worked 80%
>> of the time to penetrate a network
>>
>> http://66.102.7.104/search?q=cache:N60gEe8eS8UJ:hig.beesecure.org/r005_password_guessing_works.html+51+common+passwords+beesecure&hl=en&client=firefox-a
>>
>>
>> if the link doesn't work here is the article itself:
>>
>>
>>
>> There are many "Default Password Lists" on the internet that are fairly
>> comprehensive. Many of them are too big. Over the past few years, I've
>> compiled a personal list of passwords that I've run across. When doing
>> internal assessments against NT environments, one of these 51 passwords
>> get me in 80% of the time. I'm interested in adding to this list. Please
>> send me any common passwords (for Domain Admin's) you may have run into.
>>
>> Begin list:
>>
>> 123456
>> 1234567
>> 12345678
>> 123asdf
>> Admin
>> admin
>> administrator
>> asdf123
>> backup
>> backupexec
>> changeme
>> clustadm
>> cluster
>> compaq
>> default
>> dell
>> dmz
>> domino
>> exchadm
>> exchange
>> ftp
>> gateway
>> guest
>> lotus
>> money
>> notes
>> office
>> oracle
>> pass
>> password
>> password!
>> password1
>> print
>> qwerty
>> replicate
>> seagate
>> secret
>> sql
>> sqlexec
>> temp
>> temp!
>> temp123
>> test
>> test!
>> test123
>> tivoli
>> veritas
>> virus
>> web
>> www
>> KKKKKKK
>>
>> End List.
>>
>> When I brutre force, I use username:username first, then this list. Do
>> *not* forget to include a blank line in the above password list. Many
>> accounts have blank passwords. That's it.
>>
>> --Aaron Higbee, CISSP aaron@beesecure.org
>>
>> Andy Meyers
>> Systems Engineer
>> Managed Solution
>> ameyers@mssandiego.com
>>
>> -----Original Message-----
>> From: dareios [mailto:dareios@gmx.at]
>> Sent: Thursday, August 04, 2005 2:53 AM
>> To: pen-test@securityfocus.com
>> Subject: Password lists
>>
>> Hi!
>>
>> I am searching for "good" lists of common passwords. The definiton of
>> good
>> in this context is that the passwords in the list are different from the
>> "aaaaa aaaab ... zzzzz" approach and contain also special characters (eg
>> not
>> only words from a dictionary).
>> I want to use them with bruteforcers like "hydra". Does anybody know
>> some
>> pointers where to find (or generate?) such lists?
>>
>> Several pentesting live-distros like Auditor contain such lists. How
>> useful
>> are they?
>>
>> -dareios
>>
>> --
>> 5 GB Mailbox, 50 FreeSMS http://www.gmx.net/de/go/promail
>> +++ GMX - die erste Adresse für Mail, Message, More +++
>>
>> ------------------------------------------------------------------------------
>> FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You
>> Don't
>>
>> Learn the hacker's secrets that compromise wireless LANs. Secure your
>> WLAN by understanding these threats, available hacking tools and proven
>> countermeasures. Defend your WLAN against man-in-the-Middle attacks and
>> session hijacking, denial-of-service, rogue access points, identity
>> thefts and MAC spoofing. Request your complimentary white paper at:
>>
>> http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
>> -------------------------------------------------------------------------------
>>
>>
>> ------------------------------------------------------------------------------
>> FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You
>> Don't
>>
>> Learn the hacker's secrets that compromise wireless LANs. Secure your
>> WLAN by understanding these threats, available hacking tools and proven
>> countermeasures. Defend your WLAN against man-in-the-Middle attacks and
>> session hijacking, denial-of-service, rogue access points, identity
>> thefts and MAC spoofing. Request your complimentary white paper at:
>>
>> http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
>> -------------------------------------------------------------------------------
>>
>>
>



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:46 EDT