Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Password lists
From: James Leighe <jamesleighe () gmail com>
Date: Tue, 23 Aug 2005 07:18:17 -0500

Here are some pretty good word lists:
http://www.packetstormsecurity.org/Crackers/wordlists/

Also, I know that programs exist out there that are able to generate
password lists, even though I'm skeptical of the usefulness of such a
program... just keep looking!

On 04/08/05, Andrew Meyers <AMeyers () msolgroup com> wrote:
Here is a link (its cached from google) that a trainer from Foundstone showed me (his website) of the 51 most common 
passwords that worked 80% of the time to penetrate a network

http://66.102.7.104/search?q=cache:N60gEe8eS8UJ:hig.beesecure.org/r005_password_guessing_works.html+51+common+passwords+beesecure&hl=en&client=firefox-a


if the link doesn't work here is the article itself:



There are many  "Default Password Lists" on the internet that are fairly comprehensive. Many of them are too big. 
Over the past few years, I've compiled a personal list of passwords that I've run across. When doing internal 
assessments against NT environments, one of these 51 passwords get me in 80% of the time. I'm interested in adding to 
this list. Please send me any common passwords (for Domain Admin's) you may have run into.

Begin list:

123456
1234567
12345678
123asdf
Admin
admin
administrator
asdf123
backup
backupexec
changeme
clustadm
cluster
compaq
default
dell
dmz
domino
exchadm
exchange
ftp
gateway
guest
lotus
money
notes
office
oracle
pass
password
password!
password1
print
qwerty
replicate
seagate
secret
sql
sqlexec
temp
temp!
temp123
test
test!
test123
tivoli
veritas
virus
web
www
KKKKKKK

End List.

When I brutre force, I use username:username first, then this list. Do *not* forget to include a blank line in the 
above password list. Many accounts have blank passwords. That's it.

--Aaron Higbee, CISSP aaron () beesecure org

Andy Meyers
Systems Engineer
Managed Solution
ameyers () mssandiego com

-----Original Message-----
From: dareios [mailto:dareios () gmx at]
Sent: Thursday, August 04, 2005 2:53 AM
To: pen-test () securityfocus com
Subject: Password lists

Hi!

I am searching for "good" lists of common passwords. The definiton of good
in this context is that the passwords in the list are different from the
"aaaaa aaaab ... zzzzz" approach and contain also special characters (eg not
only words from a dictionary).
I want to use them with bruteforcers like "hydra". Does anybody know some
pointers where to find (or generate?) such lists?

Several pentesting live-distros like Auditor contain such lists. How useful
are they?

-dareios

--
5 GB Mailbox, 50 FreeSMS http://www.gmx.net/de/go/promail
+++ GMX - die erste Adresse für Mail, Message, More +++

------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------


------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------




  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault