Anyone have any large wordlists or links?

Viewing 18 reply threads
  • Author
    Posts
    • #6976
      Joshsevo
      Participant

      Anyone have any preassembled worldlists that can be downloaded?

    • #43363
      hell_razor
      Participant

      http://www.attackvector.org/files/thelist.txt.bz2

      This is a reasonable list that is comprised of several other lists and de-duped, etc.

    • #43364
      KrisTeason
      Participant

      The guy over at Skull Security has gotten together some powerful lists. Feel free to check them out:

      http://www.skullsecurity.org/wiki/index.php/Passwords

    • #43365
      lorddicranius
      Participant

      @xXxKrisxXx wrote:

      The guy over at Skull Security has gotten together some powerful lists. Feel free to check them out:

      http://www.skullsecurity.org/wiki/index.php/Passwords

      +1 Skullsecurity has some good lists.

    • #43366
      r2s
      Participant

      Another +1 on that.

    • #43367
      p0et
      Participant

      My first pick would also be Skull Security.  I’d also recommend:
      http://www.renderlab.net/projects/WPA-tables/
      http://www.torrentz.com/178f55c67ca0f522831dbc67042a34983e6652f5
      http://thepiratebay.org/torrent/4017231/
      http://udayallala.blogspot.com/2011/03/cracking-passwords-4.html (a few in here are good from –=Xploitz=–)

      If you’re using JTR, I suggest you check out (if you don’t know already) the –mangle option.
      You probably already know this but I’ll throw it out there… You could also make your own wordlist after gathering info, email addresses, names.  The company’s password policy will give you alot of helpful information minimum password length, complexity, how often it changes, etc.

      Have fun! 🙂

    • #43368
      n3r
      Participant

      I got the wordlists from Xploitz, it’s a good one as there are different languages such as german, french…. 3,7 Gb to download and i’ve made my own dictionary with french words.

    • #43369
      Joshsevo
      Participant

      @p0et wrote:

      My first pick would also be Skull Security.  I’d also recommend:
      http://www.renderlab.net/projects/WPA-tables/
      http://www.torrentz.com/178f55c67ca0f522831dbc67042a34983e6652f5
      http://thepiratebay.org/torrent/4017231/
      http://udayallala.blogspot.com/2011/03/cracking-passwords-4.html (a few in here are good from –=Xploitz=–)

      If you’re using JTR, I suggest you check out (if you don’t know already) the –mangle option.
      You probably already know this but I’ll throw it out there… You could also make your own wordlist after gathering info, email addresses, names.  The company’s password policy will give you alot of helpful information minimum password length, complexity, how often it changes, etc.

      Have fun! 🙂

      I have been assembling one of my own from other small wordlists to create one massive one.  inreagrds to the JTR mangled syntax.

      Once I have the wordlist  how am I supposed to assemble the syntax so it uses the wordlist and then rearranges the words. 

      I’ve seen this syntax so far but not many others:

      john –rules –wordlist=mangled.lst all.lst  shadow

      Will that work?

    • #43370
      p0et
      Participant

      I actually haven’t used it in a little while but here’s a couple good sites with some syntax examples for mangling:
      http://csfacwiki.cslabs.ewu.edu/wiki/securitylab/index.php/JohnTheRipper
      http://www.openwall.com/john/doc/EXAMPLES.shtml

    • #43371
      SephStorm
      Participant

      The single largest worldist that I have found is purehate’s wordlist. 2.5GB. Word of warning, make sure you have a beefy system before you try to use it.

      The other 1 I remember was called GDict, but I dont remember where I found it.

    • #43372
      Joshsevo
      Participant

      Good choices, downloaded a few of them and ran them.  No hits so far.  Just downloaded another big one, should take a few hrs.

    • #43373
      WCNA
      Participant

      Joshsevo- sounds like you may have to bruteforce it. I would suggest Amazon Web Services if you have to go that route (http://www.securitytube.net/video/1984).

    • #43374
      Darktaurus
      Participant

      @SephStorm wrote:

      The single largest worldist that I have found is purehate’s wordlist. 2.5GB. Word of warning, make sure you have a beefy system before you try to use it.

      The other 1 I remember was called GDict, but I dont remember where I found it.

      I have GDict also.  No idea where it is from also.  I just remember trying to have a wordlist for WPA/WPA2 when I found it.  I found a blog with a link for it so hopefully it helps.

      http://www.defenceindepth.net/2010/05/password-wordlists-and-dictionaries.html

      Also, you may want to consider making your own with cewl if you are using John.  Also, I would suggest looking at Insiderpro.  Those guys are incredible. 

    • #43375
      rance
      Participant

      I’ve been working on some of my own specific, broken down word lists.  These are really designed for brute force questions, such as “what was your first pets name” or “where did you go to school”… feel free to have at them…

      http://stormthe.net/wordlists/

    • #43376
      Joshsevo
      Participant

      @WCNA wrote:

      Joshsevo- sounds like you may have to bruteforce it. I would suggest Amazon Web Services if you have to go that route (http://www.securitytube.net/video/1984).

      I was under the impression I was password brute forcing it using JTR and a password list

    • #43377
      lorddicranius
      Participant

      A password list is also known as a dictionary, and using one is known as a dictionary attack.  Brute force attacks iterate through every possible option:

      aaa
      aba
      aca
      ada
      aea

      …etc etc using whichever rules you specify whether it be alpha only, alphanumeric, alphanumeric with special characters.

    • #43378
      hell_razor
      Participant

      No, if you are using pre-compiled word lists, then it is a dictionary attack.  A true brute-force will just start slamming characters through, exhausting all possibilities along the way.

    • #43379
      SephStorm
      Participant

      I believe Mr. Razor is correct on this one.

    • #43380
      BillV
      Participant

      On the wordlist note, has anyone used/purchased this one before?

      http://www.passcape.com/pdc

Viewing 18 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?