T.M.O.S

Wordlists

17 posts in this topic

Can someone please point me in the direction of a site with good wordlists

0

Share this post


Link to post
Share on other sites

It's worth mentioning that on risk assessment audits or pen tests we create custom lists via googling the target and scraping their website... a little awk/sed foo should do the trick!

0

Share this post


Link to post
Share on other sites

We should write a script, when compilied, printed out all the letter combination for x amount of letters per word.

0

Share this post


Link to post
Share on other sites

We should write a script, when compilied, printed out all the letter combination for x amount of letters per word.

What do you mean? Like a word list generator?

0

Share this post


Link to post
Share on other sites

We should write a script, when compilied, printed out all the letter combination for x amount of letters per word.

What do you mean? Like a word list generator?

Yeah, when compiled, it would be like this:

a

aa

ab

ac

ad

ae

af

ag

ah

ai

aj

and so on. It would go up to lets say, 8 letters, so once it reached azzzzzzz, it would go to b,

0

Share this post


Link to post
Share on other sites

We should write a script, when compilied, printed out all the letter combination for x amount of letters per word.

What do you mean? Like a word list generator?

Yeah, when compiled, it would be like this:

a

aa

ab

ac

ad

ae

af

ag

ah

ai

aj

and so on. It would go up to lets say, 8 letters, so once it reached azzzzzzz, it would go to b,

That'd be alright, but, I think instead of starting 1 letter, it should start at 3 letters, as most passwords are required to be atleast 3 chars long.. and there's quite a few that are more than 8 letters, plus it'd have a lot of excess combinations, such as: "lkgjkuol", who's going to use something like that?

/me post more later, but I'm running out to the store real quick

0

Share this post


Link to post
Share on other sites

We should write a script, when compilied, printed out all the letter combination for x amount of letters per word.

That's not really a wordlist, and the filesize would get really big really fast. We're talking rainbow table proportions. :P

0

Share this post


Link to post
Share on other sites

Your list is ineffecient, you should go through all combinations at a given depth before moving on, for example:

a

b

c

... (up to z)

aa

ab

ac

.. (up to zz)

aaa

aab

aac

.. (up to zzz)

etc, all the way up to 8 z's

Otherwise you must go all the way up to azzzzzzz before you can even check 'b' by itself.

if you really want to, this is exactly what perl was made to do - you will not find a faster and shorter method:

perl -e"for(a..zzzzzzzz){print\"$_\n\"} #i have no idea how to do this effeciently in recursion, thankfully it's premade

As stated, this (more of) a rainbow table than it is a dictionary, filesize is exponentially attrocious ;)

0

Share this post


Link to post
Share on other sites

I think instead of starting 1 letter, it should start at 3 letters, as most passwords are required to be atleast 3 chars long.. and there's quite a few that are more than 8 letters, plus it'd have a lot of excess combinations, such as: "lkgjkuol", who's going to use something like that?

This is why professional brute-forcers use combinations of rainbowtables(time/memory tradeoff) and optimized password generation, like the Xieve™ algorithm.

Rainbow table = pre-generated list of password:hash

xieve = a proprietary algorithm generates more logical passwords, skipping illogical combinations (because who uses lkgjkuol? ;))

http://www.lostpassword.com/zip.htm#xieve

"Passware developed Xieve™ optimization, which dramatically boosts Brute-Force attack speed by skipping password checks of nonsense combinations of characters. With 95% recovery rate for English words, password search speed is over 1,500,000,000 passwords per minute."

---

So you can recovery 95% of all passwords without trying otherwise time-wasting combinations, and when using a rainbow table of hashes pre-generated using the 95hit/5miss tradeoff you can save storage-space and further decrease the search-time.

{though for the remaining 5% miss you will need to run them through a more complete list, hopefully generated using an inverse xieve - all the passwords that are considered nonsense could be forked over to a secondary rainbow table, increasing the original generation time, but greatly increasing further seeks.}

0

Share this post


Link to post
Share on other sites

We should write a script, when compilied, printed out all the letter combination for x amount of letters per word.

What do you mean? Like a word list generator?

Yeah, when compiled, it would be like this:

a

aa

ab

ac

ad

ae

af

ag

ah

ai

aj

and so on. It would go up to lets say, 8 letters, so once it reached azzzzzzz, it would go to b,

Brutus etc. can do that anyway tho...you just brute force the pass word, rather than using a dict. attack.

It can also filter wordlists for you I think...I remember getting rid of anything above 8 characters and saving it to a new file...So guess its all been done already.

0

Share this post


Link to post
Share on other sites

I have 1.2 gig wordlist and still looking for obfuscated words IE

password == pa55w0rd

0

Share this post


Link to post
Share on other sites

It's worth mentioning that on risk assessment audits or pen tests we create custom lists via googling the target and scraping their website... a little awk/sed foo should do the trick!

Ya thats your best bet if you have a predetermined target with information there for you to gather. Otherwise it is simple enough to hack around with brutus,jtr, or rainbow table techniques

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now