Brute force, even though it’s gotten so fast, is still a long way away from cracking long complex passwords. That’s were word lists come in handy. It’s usually the crackers first go-to solution, slam a word list against the hash, if that doesn’t work, try rainbow tables (if they happen to have the tables for that specific hash type), and then the full on brute force. Some would say those first two steps are reversed, and it really is the choice of the the person doing it and the word lists they have to work with.
Matt Weir and company created a cool tool that has the best of both worlds, Dictionary based Rainbow Tables with Dr-Crack, which you can find here:
http://reusablesec.googlepages.com/drcrack
But, back to the reason of this post, word lists. Where do you get them? Here are a couple of my favorite places in no particular order:
http://www.packetstormsecurity.org/Crackers/wordlists/
http://www.theargon.com/achilles/wordlists/
http://www.openwall.com/wordlists/
http://www.outpost9.com/files/WordLists.html
I like to keep 3 size word lists:
1. small and fast: usually based on the output of one of the tools i’m about to tell you about
2. medium: this is my custom list that I add passwords I find / crack and generally think are good to add. I’m pretty picky about what goes into this list
3. huge: any wordlist I come across gets added to this list, it gets sorted and uniqued and restored
Now the two tools that I like for the small list is are CeWL and wyd
CeWL – http://www.digininja.org/projects/cewl.php
Wyd – http://www.remote-exploit.org/codes_wyd.html
They have some very similar lists of features, your mileage may vary. But they basically parse files and web pages for words and generate password lists based on the words found.
Update on 2011-02-11 08:01 by Rob Fuller
Korelogic’s password lists: http://contest.korelogic.com/wordlists.html
Korelogic’s John rule set: http://contest.korelogic.com/rules.html
Update on 2010-03-30 05:00 by Rob Fuller
I missed one hell of a treasure trove of word lists:
http://trac.kismac-ng.org/wiki/wordlists
Right now, there list is this:
OpenWall:
- http://ftp.sunet.se/pub/security/tools/net/Openwall/wordlists/
- ftp://ftp.openwall.com/pub/wordlists/
- http://www.openwall.com/mirrors/
- http://passwordz.info/
- ftp://ftp.ox.ac.uk/pub/wordlists/
- http://gdataonline.com/downloads/GDict/
- http://theargon.com/achilles/wordlists/
- http://theargon.com/achilles/wordlists/theargonlists/
- ftp://ftp.cerias.purdue.edu/pub/dict/
- http://www.outpost9.com/files/WordLists.html
- http://www.securinfos.info/wordlists_dictionnaires.php
- http://www.vulnerabilityassessment.co.uk/passwords.htm
- http://packetstormsecurity.org/Crackers/wordlists/
- http://www.ai.uga.edu/ftplib/natural-language/moby/
- http://www.insidepro.com/eng/download.shtml
- http://www.word-list.com/
- http://www.cotse.com/tools/wordlists1.htm
- http://www.cotse.com/tools/wordlists2.htm
- http://www.phreak.org/index/archive01/hacking/wordlsts/wordlsts.shtml
- http://www.indianz.ch/tools/doc/wordlists.zip
- http://wordlist.sourceforge.net/
- http://prdownloads.sourceforge.net/wepattack/wordlist.tar.gz?download
- http://hacor.org/docs/hugelist.txt (broken link. Does anyone have it hosted elsewhere?)
- shhh! – /projects/hugelist.txt
By operat0r
- http://rapidshare.com/files/165513464/word.lst.s.u.john.s.u.200.part01.rar
- http://rapidshare.com/files/165518143/word.lst.s.u.john.s.u.200.part02.rar
- http://rapidshare.com/files/165498510/word.lst.s.u.john.s.u.200.part03.rar
- http://wiki.services.openoffice.org/wiki/Dictionaries
- http://article7.org/wordlists/
Update on 2010-03-30 04:22 by Rob Fuller
Recent additions:
- http://www.skullsecurity.org/wiki/index.php/Passwords
- hotmail: http://current.com/technology/91108676_email-password-leak-update-gmail-yahoo-aol-and-hotmail-hit-too.htm
- rockyou: http://securitystream.info/data-breaches/easy-passwords-found-in-rockyou-data-leak/
- http://wordlist.sourceforge.net/ (Kevin’s Word Lists)
- http://www.phenoelit-us.org/dpl/dpl.html
- http://www.offensive-security.com/wpa-tables/wpalist.txt.tar.bz2
- http://www.renderlab.net/projects/WPA-tables/