Password List

Random things go here

Re: Password List

Post by KthProg on Mon Jan 28, 2013 7:09 pm
([msg=72808]see Re: Password List[/msg])

nifty lol
so how do you choose what 'words' to use exactly?
User avatar
KthProg
Poster
Poster
 
Posts: 219
Joined: Wed Jan 23, 2013 7:06 pm
Blog: View Blog (0)


Re: Password List

Post by fashizzlepop on Mon Jan 28, 2013 7:30 pm
([msg=72812]see Re: Password List[/msg])

KthProg wrote:nifty lol
so how do you choose what 'words' to use exactly?

You use all the words in the dictionary. Your choice is choosing your dictionary file.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2304
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


Re: Password List

Post by KthProg on Mon Jan 28, 2013 7:38 pm
([msg=72817]see Re: Password List[/msg])

-_- how do they choose the words for these dictionaries i mean?
is it based on hueristics? common passwords?
User avatar
KthProg
Poster
Poster
 
Posts: 219
Joined: Wed Jan 23, 2013 7:06 pm
Blog: View Blog (0)


Re: Password List

Post by fashizzlepop on Mon Jan 28, 2013 7:51 pm
([msg=72825]see Re: Password List[/msg])

It can either be that, or just that they are known to be common (or merely known to be used) passwords people use. Generally you could use a simple english dictionary plus common alterations (passw0rd, password1). So, kinda heuristics but also very broad spectrum.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2304
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


Re: Password List

Post by -Ninjex- on Mon Jan 28, 2013 7:53 pm
([msg=72826]see Re: Password List[/msg])

KthProg wrote:-_- how do they choose the words for these dictionaries i mean?
is it based on hueristics? common passwords?


Usually, depending on your victom you can try different dictionaries that have different words in them.

For example if you was to try and brutforce a password that belongs to someone from the UK, you would load up a dictionary that has UK slang in it. If you was to use a dictionary attack on someone from China, you would want chinese words in your dictionary. The dictionaries themselves usually contain thousands of commonly used passwords. The passwords for wordlists are usually dumped from large databases on websites via SQLi, this gives you a realistic approach on what passwords are being used.
If you're not willing to learn, no one can help you. If you're determined to learn, no one can stop you.⠠⠵
The absence of evidence is not evidence of absence.
I can explain it for you, but I can't understand it for you.
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1196
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Re: Password List

Post by KthProg on Mon Jan 28, 2013 8:44 pm
([msg=72844]see Re: Password List[/msg])

Nifty lollll
So somehow you get ahold of a database of previously (or currently) used passwords and put them all in a text file lol
Id be a bigger fan of the more reliable approach ,i.e. trying all combinations, and focusing on optimization.
But of course you're prolly less likely to get caught with a dictionary and I could definitely see how that would be useful on a large number of users
User avatar
KthProg
Poster
Poster
 
Posts: 219
Joined: Wed Jan 23, 2013 7:06 pm
Blog: View Blog (0)


Re: Password List

Post by fashizzlepop on Mon Jan 28, 2013 8:46 pm
([msg=72846]see Re: Password List[/msg])

Trying every possible combination is very inefficient and slow. Of course it may not catch the password for diligent users who actually use random passwords.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2304
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


Re: Password List

Post by KthProg on Mon Jan 28, 2013 9:00 pm
([msg=72852]see Re: Password List[/msg])

I don think it would be inefficient or slow if it were optimized.
you just have to make sure that it leans towards certain vowel/consonant combinations that are actually valid and common in the english language.
so isntead of a word list youd use a vowel - consonant combinations list.
ae -aemoeba
ai -laid
ea -beans
ee -beef
ei -idk...lol
ie -lie
io -lion
oa -boar
oi -loins
ou -mouth
ue -quest
ui -squid
uo -duo
^these may only be preceded and followed by a consonant
vowel combinations starting with u may only be preceded by a q

ll
sh
ch
nd
ct
gr
br
tr
pr
cr
cl
you get the idea.

basically make rules that say only these combinations (and a few others) are valid, sort them by their likelihood of occurence, then start cracking.

I think it would be a good balance between the two
User avatar
KthProg
Poster
Poster
 
Posts: 219
Joined: Wed Jan 23, 2013 7:06 pm
Blog: View Blog (0)


Re: Password List

Post by -Ninjex- on Mon Jan 28, 2013 9:02 pm
([msg=72853]see Re: Password List[/msg])

KthProg wrote:ei -idk...lol

reign
If you're not willing to learn, no one can help you. If you're determined to learn, no one can stop you.⠠⠵
The absence of evidence is not evidence of absence.
I can explain it for you, but I can't understand it for you.
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1196
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Re: Password List

Post by KthProg on Mon Jan 28, 2013 9:03 pm
([msg=72854]see Re: Password List[/msg])

-Ninjex- wrote:
KthProg wrote:ei -idk...lol

reign

how appropriate 0_o muahahaha lol
reign o'er the accounts of the interweb
also I'm not sure how most brute forcers work but id think the best way to do it if you wanted it to be fast(not pretty) would be nesting for each statements iterating through an array of valid symbols and letters. 16 nested for each statements will iterate through every possible 16 character password. maybe ill even try that real quick to see how long it takes. my bet is about 3 minutes maybe not even that long.
User avatar
KthProg
Poster
Poster
 
Posts: 219
Joined: Wed Jan 23, 2013 7:06 pm
Blog: View Blog (0)


PreviousNext

Return to Off-Topic

Who is online

Users browsing this forum: No registered users and 0 guests