Nmap Development mailing list archives
Ncrack: request for username/password lists
From: ithilgore <ithilgore.ryu.l () gmail com>
Date: Fri, 24 Jul 2009 16:28:42 +0300
Hello nmap-dev. As Ncrack is progressing, we have come the point that a collection of username and password lists is due to take place. Obviously we want to include the best lists we can find out there and ideally with a password-frequency sorting, meaning that the most frequent passwords are coming first in the list. Ncrack is going to be shipped with the following: * 1 username and 1 password list which will be as generic as possible, covering the most frequently used usernames and passwords in as many services as possible. These 2 lists will be the default ones used by Ncrack when no explicit list is specified by the user. This means that it is of utmost importance that these lists have a golden ratio between length (not too many usernames and passwords) and effectiveness (as many frequently-used usernames and passwords to be included). * service-specific lists. These lists will hold username and passwords that are mostly seen in the particular service they are referring to. For example, there will be a separate pair of lists for mail-related services (pop3, smtp, imap) which will include credentials mostly seen in these situations. The number of service-specific lists will vary according to how different the credentials for each service are from other services. For example, is there really a need to assemble a separate list for ftp and ssh services or are the kind of credentials most frequently seen for each of these 2 services almost the same? There are already lists out there that are used by cracking tools, but which are usually licensed, so we will need to ask for permission to use one of them or to include some of the pairs of these lists into our own. So, really appreciable will be: * any directions to good lists (that we can use) out there * any actual lists that you know are effective (but may have a license so we will first have to ask to use them) * any information on patterns seen in either service-specific or generic username/password selection Thanks, ithilgore _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Ncrack: request for username/password lists ithilgore (Jul 24)
- Re: Ncrack: request for username/password lists Ron (Jul 24)
- <Possible follow-ups>
- Re: Ncrack: request for username/password lists ange . gutek (Jul 25)