Nmap Development mailing list archives
[NSE] Unpwdb Library Updates
From: Kris Katterjohn <katterjohn () gmail com>
Date: Tue, 01 Jul 2008 16:20:36 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hey everyone,
I've created a new thread because I think the unpwdb NSElib is starting to
near completion (the old thread is here[1]). But I suppose we'll see about that..
I've attached a new version of this library, with the updates described below
that Fyodor and I have discussed. We didn't go over all of the fine details
of the implementation, so any suggestions on any of this are appreciated.
There is a new timelimit() function which returns the recommended number of
seconds to brute-force. Implementation of the actual timeout is of course
left to the script. The time limit is based on Nmap's timing values (-T4,
etc) and whether or not a user-defined list is used. If a user-defined list
is used, I've decided that this function will return 1.5x the default value.
The library now accepts a new "notimelimit" script argument, which causes this
function to return nil.
Now that there is this timelimit() function, the usernames() and passwords()
functions no longer return whether a user-defined list is used. This means
there are only two return values now, the boolean success indicator and the
closure.
I've attached a very simple username list. At first this list will probably
stay kind of small, with admin names first, followed by other common names.
Any improvements are appreciated.
I've also attached a small password list. We're using the MySpace list, since
it's a big collection and has duplicates. The attached is just a head -n 510
of the big list of 37000+, with the top comments taken out (just contains the
information below). The big list has been sorted and contains frequency
information, it's not just the raw list.
I generated the master password list, containing the frequency information,
like this:
sort myspace1.txt | uniq | cut -d: -f2 | sort | uniq -c | sort -nr | awk '{
print $1":"$2 }' | tr -d '^M' >passwords.lst.master
(With "^M" replaced with the real CTRL-M character)
Removing the frequency information is simple:
sed -e 's/^[0-9]\+://g' passwords.lst.master >passwords.lst
Any comments on creating a better list are certainly welcome. For instance,
in the master list, there are many passwords with "myspace" in them. Should
these be stripped out, or left in?
The password list that will be shipped with Nmap will probably be shortened to
a few thousand lines, stripped of the frequency information.
There exists a means for comments in the username and password lists: the
prefix of "#!comment:". This is the comment style John the Ripper uses, and I
think it works fine. I've decided that comments are only allowed on a line of
their own because it leaves too much ambiguity if it's on the same line as a
username or password. For instance, does the password in
mypass #!comment: some comment..
contain a space, two spaces, or do they just separate the password from the
comment?
Also, the lists will be stored in nselib/data as briefly discussed in some
other threads.
I've probably neglected some things by mistake while trying to give a bunch of
new information, so if I just wasn't clear about anything, feel free to ask.
Not that I really need to tell you that :)
Thanks,
Kris Katterjohn
[1] http://seclists.org/nmap-dev/2008/q2/index.html#740
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQIVAwUBSGqfov9K37xXYl36AQIKkw//d/ANhfRKlPsrke0+BdBjWcwoozZ+ubDX
5DmPBNo/zltND1Tr9nySuJ5LAg2yHYbZ7AD0ZQqjz/HRDHjougmK+uj7I+I1BQ7t
5/Njx3DtWChgU/9iwaOd7RzUzyKgkygTiAsuwrfVCceQJ1bnN+eurW1KgDoxC01g
FypEb8GEZmOIIfd9rdzi5NrLnCEtu1aox4lIMf/8ussDVTVq98ZCq9p7n0iyw1J4
5yeVngLwmsnEOrJPQgFz+T18jSl2GiMpLwYHQcj3tbAex3OdLZ35WXHAJDx35ggG
Riy7pvpWwM4Y39FFrDcS+vTDm8P05bUl+5Gt0sYzfS2lxFVP90a96H3iiFu5hVet
2SnuZwp99QGFdTEN3rIYHhAsF9bkodSOmF11NHKc2aMikGnYA7HY1YCs9AFsSNDv
7atW3JtM2PEue5SjUzZOu4yDdZXHdzFuBNs7Wt/ZOvVbcTT9wSbSBZtk/s3YSKmA
fKvpp+wRkql6nZdCCPKY9EJUwPuWy+TQrMlGIZzSMkY8e8+7Bwf/ssUY8qdKwYs8
+p3CWX0dOZSLuYYyTNCYKVw54rznxgVUrXq4NimCCntQVbZ0TavwP3tiXgtSzo0p
UrEUS7JEp3pcddFakvj1wrKXh72A7dGxHhXKlRNP/iP/t45pnOfTIbQrFwWVj08k
jqo942vWQVg=
=Rpzo
-----END PGP SIGNATURE-----
-- Kris Katterjohn 06/2008
module(..., package.seeall)
---- Username/Password DB Library
--
-- usernames() - Returns a closure which returns a new username with every call
-- until the username list is exhausted (in which case it returns nil)
--
-- passwords() - Returns a closure which returns a new password with every call
-- until the password list is exhausted (in which case it returns nil)
--
-- timelimit() - Returns the suggested number of seconds to attempt a brute
-- force attack, based on Nmap's timing values (-T4, etc) and whether or not a
-- user-defined list is used. You can use the script argument "notimelimit" to
-- make this function return nil, which means the brute-force should run until
-- the list is empty. If "notimelimit" is not used, be sure to still check for
-- nil return values on the above two functions in case you finish before the
-- time limit is up.
--
-- The first two functions return multiple values for use with exception handling
-- via nmap.new_try(). The first value is the boolean success indicator, the
-- second value is the closure.
--
-- The closures can take a parameter of "reset" to rewind the list to the
-- beginning.
--
-- You can select your own username and/or password database to read from with
-- the script arguments userdb and passdb, respectively. Comments are allowed
-- in these files, prefixed with "#!comment:". Comments cannot be on the same
-- line as a username or password because this leaves too much ambiguity, e.g.
-- does the password in "mypass #!comment: blah" contain a space, two spaces,
-- or do they just separate the password from the comment?
--
----
local usertable = {}
local passtable = {}
local customdata = false
-- So I don't have to type as much :)
local args = nmap.registry.args
local userfile = function()
if args.userdb then
customdata = true
return args.userdb
end
return nmap.fetchfile("nselib/data/usernames.lst")
end
local passfile = function()
if args.passdb then
customdata = true
return args.passdb
end
return nmap.fetchfile("nselib/data/passwords.lst")
end
local filltable = function(filename, table)
if #table ~= 0 then
return true
end
local file = io.open(filename, "r")
if not file then
return false
end
while true do
local l = file:read()
if not l then
break
end
-- Comments takes up a whole line
if not l:match("#!comment:") then
table[#table + 1] = l
end
end
file:close()
return true
end
local closure = function(table)
local i = 1
return function(cmd)
if cmd == "reset" then
i = 1
return
end
local elem = table[i]
if elem then i = i + 1 end
return elem
end
end
-- If we're reading from a user-defined username or password list,
-- we'll give them a timeout 1.5x the default. If the "notimelimit"
-- script argument is used, we return nil.
timelimit = function()
local t = nmap.timing_level()
-- Easy enough
if args.notimelimit then
return nil
end
if t <= 3 then
return (customdata and 900) or 600
elseif t == 4 then
return (customdata and 450) or 300
elseif t == 5 then
return (customdata and 270) or 180
end
end
usernames = function()
local path = userfile()
if not path then
return false, "Cannot find username list"
end
if not filltable(path, usertable) then
return false, "Error parsing username list"
end
return true, closure(usertable)
end
passwords = function()
local path = passfile()
if not path then
return false, "Cannot find password list"
end
if not filltable(path, passtable) then
return false, "Error parsing password list"
end
return true, closure(passtable)
end
root admin administrator webadmin sysadmin netadmin guest user web test
password1 abc123 fuckyou monkey1 iloveyou1 myspace1 fuckyou1 i password number1 football1 nicole1 123456 iloveyou2 123abc princess1 bubbles1 blink182 babygirl1 123456a qwerty1 jordan1 iloveyou fuck bitch asshole password2 michael1 love123 soccer1 hockey1 fuckyou2 anthony1 poohbear1 justin1 iloveyou! greenday1 fuckyou! snoopy1 password3 chocolate1 cheese1 charlie1 a123456 soccer2 orange1 loser1 liverpool1 jordan23 jesus1 iloveyou. cookie1 bitch1 baseball1 ballin1 ashley1 amanda1 tigger1 summer1 shadow1 qwerty12 password! nigger1 loveyou1 iloveu1 friends1 forever1 computer1 chicken1 carmen1 babygurl1 1qwerty yankees1 william1 tweety1 taylor1 superman1 shorty1 scooby1 password. passw0rd panda1 nirvana1 matthew1 marie1 loveme1 joshua1 iloveyou3 hollister1 hello1 green1 fuckoff fluffy1 faggot elizabeth1 chocolate! brandon1 batman1 12345a yellow1 whatever1 victoria1 trustno1 tigger sunshine1 spongebob1 soccer14 simba1 red123 orlando1 myspace2 myspace. myspace! michelle1 loser kisses1 joseph1 jimmy1 jessica1 freedom1 football2 element1 dragon1 david1 chris1 charlotte1 cameron1 butterfly1 buster1 bowwow1 bailey1 andrew1 50cent 123qwe whatever weed420 water1 sweet16 stupid1 steven1 steelers1 soccer8 soccer4 soccer13 slipknot1 single1 sidekick3 ronaldo7 rocky1 puppy1 pimpin1 penis1 peanut1 password4 panic! noodles1 muffin1 mother1 monkey2 money1 money$ mommy1 loveu2 lover1 lovely1 love22 love12 killer1 jasper1 iverson3 internet1 iloveu2 hottie1 hannah1 google1 george1 gangsta1 fuckyou. fucku fuck elephant1 disney1 cutiepie1 cunt cookies1 compaq1 candy1 bubble1 booboo1 baseball3 banana1 babyboy1 asdf1234 asd123 angels1 angel1 andrew aaliyah1 1password 1234abcd zxcvbnm1 young1 winner1 willy1 tyler1 teddy1 taytay1 stephanie1 sparky1 softball6 soccer9 snowflake1 snowball1 shithead samsung1 sammy1 robert1 raymond1 rainbow1 pudding! princess12 pink123 pickles1 penguin1 paula1 password14 password12 oliver1 ohiostate1 natalie1 myspace4 myspace12 mustang1 music1 moomoo1 moo123 mickey1 metallica1 megan1 marie manutd1 lucky13 lover12 love69 love24 love louise1 louise louise! lol liverpool lilone1 lilly1 kitty1 kitten1 julie1 jonny1 johnny12 jessie1 jennifer1 jackass1 iloveyou91 iloveyou7 iloveyou5 iloveyou4 iloveyou123 ihateyou2 ihateyou1 ihateyou! icecream1 hummer1 hottie! hotl01 homie1 hello123 ♥ harry1 happy1 guitar1 gregory1 grandma1 gerrard8 garrett1 gabriel1 fuckyou11 FUCKYOU FUCK fuckoff1 fuckme1 fuck69 fuck123 friends forever21 flowers1 fender1 fatty1 fatass1 disney3 dancer1 dance1 daisy1 daddy1 cooldude1 classof09 chicken5 chevy1 cherry1 cheetah1 cheese chargers21 catdog45 cancer11 buddy1 brooklyn1 brian braves1 black1 bitches1 bitch69 bitch5 bigdaddy1 baseball5 baseball4 baller1 badboy1 baby123 asshole1 asdfjkl; alexander1 airforce1 1qaz2wsx 1blood 123456q 123456j zxc123 yousuck yourmom7 yourmom1 yourgay1 yellow xxx123 woohoo1 wolves1 willie1 westlife1 wanker volcom1 verizon1 vanilla1 twat turtles1 travis1 tom143 tiger1 thomas1 tanner1 swimming1 swimmer1 sweet1 sugar11 suckmydick suck strider1 steph1 steelers spyder1 spiderman1 sparkle1 sophie1 softball88 softball15 soccer6 soccer3 soccer12 soccer snickers1 smurf06 smokey1 smash1 skittles skater1 simpsons1 silver1 shorty2 shelby1 shanika7 sexybeast1 sexy123 seven7 secret1 secret. school12 school1 sarah1 sammie1 ruby17 ronaldo1 ricardo1 redsox1 rebecca1 rdb000 RAYRAY1 rayray1 raven6 random1 raiders1 rachel1 rabbit1 qwerty qwert1 purple2 purple1 pumpkin1 print3r princess3 princess. prince1 pretty1 precious1 poopie1 polka-dot police5 pokemon1 pistons1 pirate1 pinky1 pinker7 pink14 penguin123 penguin peewee1 peanut3 peaches1 password6 password5 password23 password11 pablo1 p2883545 oranges1 OMG1195 number32 number2 nigger nigga1 nicole2 nick11 nichole1 nathan1 nascar1 myspace.com mylove1 music2 mummy1 mullet1 muffin mountain1 monster1 monkies4 monkey7 monkey5 monkey3 monkey money23 mobile1 misfits millie1 mikey1 michael miami1 mensuck1 melody1 mazdarx7 matthew14 maryjoe1 maroon5 maple1 man123 madison1 m lucyb1234 lucky7 lovers1 lover. loveme lovebug1 love4ever love45 love1234 love101 love06 loser11 longhorns1 lollipop! logitech2 living2 lilmama1 lebron23
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE] Unpwdb Library Updates Kris Katterjohn (Jul 02)