Password List

[KthProg]

nifty lol
so how do you choose what 'words' to use exactly?

[fashizzlepop]

nifty lol
so how do you choose what 'words' to use exactly?

You use all the words in the dictionary. Your choice is choosing your dictionary file.

[KthProg]

-_- how do they choose the words for these dictionaries i mean?
is it based on hueristics? common passwords?

[fashizzlepop]

It can either be that, or just that they are known to be common (or merely known to be used) passwords people use. Generally you could use a simple english dictionary plus common alterations (passw0rd, password1). So, kinda heuristics but also very broad spectrum.

[-Ninjex-]

-_- how do they choose the words for these dictionaries i mean?
is it based on hueristics? common passwords?

Usually, depending on your victom you can try different dictionaries that have different words in them.

For example if you was to try and brutforce a password that belongs to someone from the UK, you would load up a dictionary that has UK slang in it. If you was to use a dictionary attack on someone from China, you would want chinese words in your dictionary. The dictionaries themselves usually contain thousands of commonly used passwords. The passwords for wordlists are usually dumped from large databases on websites via SQLi, this gives you a realistic approach on what passwords are being used.

[KthProg]

Nifty lollll
So somehow you get ahold of a database of previously (or currently) used passwords and put them all in a text file lol
Id be a bigger fan of the more reliable approach ,i.e. trying all combinations, and focusing on optimization.
But of course you're prolly less likely to get caught with a dictionary and I could definitely see how that would be useful on a large number of users

[fashizzlepop]

Trying every possible combination is very inefficient and slow. Of course it may not catch the password for diligent users who actually use random passwords.

[KthProg]

I don think it would be inefficient or slow if it were optimized.
you just have to make sure that it leans towards certain vowel/consonant combinations that are actually valid and common in the english language.
so isntead of a word list youd use a vowel - consonant combinations list.
ae -aemoeba
ai -laid
ea -beans
ee -beef
ei -idk...lol
ie -lie
io -lion
oa -boar
oi -loins
ou -mouth
ue -quest
ui -squid
uo -duo
^these may only be preceded and followed by a consonant
vowel combinations starting with u may only be preceded by a q

ll
sh
ch
nd
ct
gr
br
tr
pr
cr
cl
you get the idea.

basically make rules that say only these combinations (and a few others) are valid, sort them by their likelihood of occurence, then start cracking.

I think it would be a good balance between the two

[-Ninjex-]

ei -idk...lol

reign

[KthProg]

ei -idk...lol

reign

how appropriate 0_o muahahaha lol
reign o'er the accounts of the interweb
also I'm not sure how most brute forcers work but id think the best way to do it if you wanted it to be fast(not pretty) would be nesting for each statements iterating through an array of valid symbols and letters. 16 nested for each statements will iterate through every possible 16 character password. maybe ill even try that real quick to see how long it takes. my bet is about 3 minutes maybe not even that long.