Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Best Word Lists

  1. #1
    Just burned his ISO
    Join Date
    Oct 2009
    Posts
    4

    Default Best Word Lists

    As a penetration tester, I find that my least developed skill is password guessing. What are some of the best word lists that you have run across? Do you have any favorites?

  2. #2
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: Best Word Lists

    You know pentesters don't just grab a 2 gb wordlist and use a bruteforcer because it takes forever. Most of them gather information, email adresses, names etc. and create their own wordlist.
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  3. #3
    Good friend of the forums
    Join Date
    Jan 2010
    Location
    outside chicago, il
    Posts
    442

    Default Re: Best Word Lists

    Bruteforce will always win given enough time. However since time is usually a factor some finesse is needed.

    The company's password policy will give you alot of helpful information minimum password length, complexity, how often it changes, etc. Next is to use keywords about the company. If the company is a bank, then make sure bank, money, cents, etc and their variations B@nk1, Bank3, etc are in the wordlist.
    I like the bleeding edge, but I don't like blood loss

  4. #4
    Just burned his ISO
    Join Date
    Oct 2009
    Posts
    4

    Default Re: Best Word Lists

    I am going to use CeWL or something similar to build my lists from the company websites and/or any documents that I find of theirs on the Internet but I would like to do more with it like before I use it like throw on a set of commonly used and/or default passwords. After that, I would like to have the list expanded using hybridization and suffixes. Like wildcat to wildcat, w1ldk@t, w1ldk@t1234.

    Do you happen to know any good lists with commonly used passwords and/or default password lists that I could throw in there?
    Or any tools that would expand the list by hybridizing the words and also adding suffixes?

  5. #5
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default Re: Best Word Lists

    Here is a excellent source for passwords which is fairly new: Passwords - Skull Security

    Also you can use the --mangle option of john the ripper to further enhance a wordlist. It makes 50 permutations of each single word.

  6. #6
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default Re: Best Word Lists

    Quote Originally Posted by purehate View Post
    Here is a excellent source for passwords which is fairly new: Passwords - Skull Security

    Also you can use the --mangle option of john the ripper to further enhance a wordlist. It makes 50 permutations of each single word.
    Heh, my old password is on that site!
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  7. #7
    Junior Member
    Join Date
    Apr 2009
    Location
    not telling
    Posts
    26

    Default Re: Best Word Lists

    Favorites so far would be Pureh@tes and --=Xploitz=-- password lists, Crunch also has the option to download extra lists from various sites.

    -=Xploitz=- 2 Master Password Collections!! - Remote Exploit Forums
    purehates word list Torrent Download
    .:[ packet storm ]:. - http://packetstormsecurity.org/ [also have other lists]
    The Argon list ver.2 Password dictionary 2.3gig Jo-Psyko (download torrent) - TPB

    best advice though would be custom made lists based on what other people in the thread have stated, policies, information about the client etc;
    There are some optimization scripts such as wordlist_tools.sh (Purehate) and wordlist.sh [M1ck3y & M1rg3] (these are mostly for WPA though) that can help sort, modify, remove duplicates etc;

    -- google bashing also helps, the other day it found me a 63gb NTLM rainbow table

    hope this is helpful

  8. #8
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default Re: Best Word Lists

    All good links. For some finesse in building your own lists (in guessing passwords) and because he is clearly too modest, check out bofh28's password cracking guide: http://www.backtrack-linux.org/forum...-howtos/68.htm a good wordlist, combined with some good permutions is better geared toward getting you in than a lot of the lists available.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  9. #9
    Junior Member
    Join Date
    Jun 2010
    Posts
    25

    Default Re: Best Word Lists

    I have chance to download 8gb and 123gb(rly i havent place at this moment) rainbow tables. Can aircrack-ng suite understand this file format and read?
    And i have one more question. They are md5 hash info tables. But if the wpa/wpa2 password not so long or use some special words like name(i dont think md5 hash have some passwords like name surname)?
    And how about cuda at this moment guys? How its work with live cd(live usb)? I have chance to try it or better forget about it before installation.

  10. #10
    Just burned his ISO
    Join Date
    Oct 2009
    Posts
    4

    Default Re: Best Word Lists

    Quote Originally Posted by purehate View Post
    Here is a excellent source for passwords which is fairly new: Passwords - Skull Security

    Also you can use the --mangle option of john the ripper to further enhance a wordlist. It makes 50 permutations of each single word.
    -->

    I had heard that JTR could do that and read one article about it just before I posted my last message. The article and your recommendation are enough for me. I'll give it a try before my next job.

    Also, thank you for the link. It has some really good lists and this blog posting (SkullSecurity) does a great comparison of them.

Page 1 of 2 12 LastLast

Similar Threads

  1. WPA - password lists?
    By Zolltain in forum OLD Newbie Area
    Replies: 6
    Last Post: 06-15-2009, 05:25 PM
  2. linking word lists - aircrack question #2
    By undeserving in forum OLD Newbie Area
    Replies: 4
    Last Post: 08-11-2008, 08:41 AM
  3. Where to put word lists?
    By contrive in forum OLD BT3final Support
    Replies: 5
    Last Post: 07-05-2008, 06:40 AM
  4. password lists
    By maddoggpt in forum OLD Newbie Area
    Replies: 8
    Last Post: 12-14-2007, 07:42 AM
  5. Word Lists - Dictionary lists??
    By wylde342 in forum OLD Newbie Area
    Replies: 6
    Last Post: 07-06-2007, 05:45 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •