WordList

[Yet]

Hello, please i wanted to buy Dictionary Wordlist does anyone have good idea, where i can get one? thus i saw this UNIQPASS i don’t know if anyone have used it before? also i get few questions about JtR can i crack many hashes in one list at once ? i mean all the hashes put together .

[MaXe]

This company is famous for selling rainbow tables:
http://www.objectif-securite.ch/en/products.php

(It’s even mentioned in a GIAC certification.)

[Yet]

Thanks but it’s for big men .

@MaXe wrote:

This company is famous for selling rainbow tables:
http://www.objectif-securite.ch/en/products.php

(It’s even mentioned in a GIAC certification.)

[MaXe]

Big men?  ;D If you work for a company, get them to buy it for you in case you have a legitimate business purpose for using rainbow tables. (We have several rainbow tables.)

Anyway, there’s plenty other places you can obtain wordlists (or rainbow tables) from, and since I forget where they are, I would start with Google and Twitter.

Make sure you search for what you are looking for. There’s a difference between using wordlists (online bruteforcing) and rainbow tables (offline cracking).

[Jamie.R]

If you just want word list then do a Google search there are a lot on a site cant remember full name skull security it might be. They have some good word list on that alternative you can buy them from the people behind john the ripper.

[Yet]

Yeah that was where i found this UNIQPASS, but also can someone tell me if JtR can crack more than one hashes at a time?

[MaXe]

@Yet wrote:

Yeah that was where i found this UNIQPASS, but also can someone tell me if JtR can crack more than one hashes at a time?

As the CPU is working sequentially, but you can have 4 cores trying to crack 4 hashes at a time, the answer is yes and no. John however, works sequentially, and if you supply it with a list of hashes, it will try to crack the first hash in the list first.

[superkojiman]

skullsecurity.org has a large list of dictionaries: http://www.skullsecurity.org/wiki/index.php/Passwords

[cd1zz]

g0tmi1k’s are great http://g0tmi1k.blogspot.com/2011/06/dictionaries-wordlists.html

[BillV]

I have uniqpass – I haven’t had an opportunity to use it enough to really form an opinion on it yet. What little I have used it, I haven’t been too impressed – more so in the fact of what it missed that other wordlists I have identified.

[rance]

I’ve got some specialized wordlists here: http://stormthe.net/wordlists

[Yet]

Wow thanks guys this is really huge .

[Malachai]

Thank you… that was great links… Will have to check them out.

[Yet]

Hey is it possible for you to share? i mean no offensive .

@BillV wrote:

I have uniqpass – I haven’t had an opportunity to use it enough to really form an opinion on it yet. What little I have used it, I haven’t been too impressed – more so in the fact of what it missed that other wordlists I have identified.

[m0wgli]

@Yet wrote:

Hey is it possible for you to share? i mean no offensive .

No offense, but remember you’re on the ethicalhacker.net forums, the keyword here being “ethical”.

If you want it, is $4.99 really too much to pay?

[prats84]

Recently I have been having issues cracking some of the hashes.
After about a 4 days running a attack found the hash and as such was a german word written in english.

So I have started to make list of some comman words in couple languages like german, french and adding complexity to them… and creating a list.

Anyone got some better solutions

[cyber.spirit]

BruteForce attacks are much better than dictionary attacks totally because of many reasons such as wordlist doesnt include all of words, it takes much more time to crack the password and so on.

However you can find good wordlists here:
http://www.skullsecurity.org/wiki/index.php/Passwords/

But u perform dictionary or bruteforce attack use the ncrack tool first. Its a very fast pass cracker open terminal in backtrack and type this command:

Ncrack -v –user :

Example:
Ncrack -v –user admin 127.0.0.1:21

Goodluck and let me know if u have any problem.

CyberSpirit

[prats84]

Not really a fan of live bruteforce attack.
issue with live attach is most apps would suspend the user account if multiple failed attempts in short time.
Some apps/services could also suspend a IP and log it the admin.

[shadowzero]

ncrack is actually no longer under development (http://seclists.org/nmap-dev/2012/q3/605). Hydra and medusa are still supported, so we’ll continue to see bugfixes and enhancements.

Here are some comparisons on their performance:
http://www.thc.org/thc-hydra/network_password_cracker_comparison.html
http://www.foofus.net/~jmk/medusa/medusa-compare.html

[cyber.spirit]

@shadowzero wrote:

ncrack is actually no longer under development (http://seclists.org/nmap-dev/2012/q3/605). Hydra and medusa are still supported, so we’ll continue to see bugfixes and enhancements.

Here are some comparisons on their performance:
http://www.thc.org/thc-hydra/network_password_cracker_comparison.html
http://www.foofus.net/~jmk/medusa/medusa-compare.html

You are right about ncrack but it doesnt that ncrack is useless. U can stil use it and hydra is a pro cracker as i’ve mentioned before i just want him/her to search for some chances with ncrack so fast then if he failed he can perform dict or bruteforce attack.

[Yet]

Hmm you don’t need to ask those questions, simple say no period, don’t make big deal out of nothing .

author=m0wgli link=topic=9334.msg52552#msg52552 date=1349425123]
@Yet wrote:

Hey is it possible for you to share? i mean no offensive .

No offense, but remember you’re on the ethicalhacker.net forums, the keyword here being “ethical”.

If you want it, is $4.99 really too much to pay?
[/quote]

[BillV]

No.

[Author]

Posts