Re: wordlists for Ncrack

[Brandon Enright <bmenrigh () ucsd edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 28 Jul 2009 21:14:10 +0200
Sebastien Raveau <sebastien.raveau () epita fr> wrote:

> On Tue, 28 Jul, 2009 at 16:30:10 +0400, Solar Designer
> <solar_at_openwall.com> wrote:
> > Obviously, most of these wordlists are too large to be used with
> > Ncrack.
>
> If your wordlists are too large, what does it make my 58,427,177
> words list? :-P
> http://blog.sebastien.raveau.name/2009/03/cracking-passwords-with-wikipedia.html

Comparing the size of one's cracking dictionary is a digital pissing
contest.

A more important measure of a dictionary is not its size but its
relative cracking efficiency.  Increasing the size runs into
diminishing returns.

If you are doing offline, unsalted list cracking then bigger is
better.  If have limited cracking resources you need to use your time
efficiently.  John's wordlist is an exercise in efficiency rather than
completeness.

> Agreed it is a bit too "raw" at the moment (I'll work on that) but it
> has already proven its usefulness already:
> http://reusablesec.blogspot.com/2009/04/ok-some-actual-results.html so
> I thought I should mention it here as it might interest some of you in
> general, if not for using it with Ncrack :-)

Indeed, I've had a lot of success compiling similar word lists.  I too
used Wikipedia (EN only) as starting point.

One of the better sources I've compiled from are the 14,000 wikis
hosted by Wikia:

http://wikistats.wikia.com/dbdumps/dbdumps.html

This includes wikis like Star Wars, Star Trek, World of Warcraft, etc.

> Also, speaking of Matt Weir's blog (which is great overall on the
> topic of password cracking) he just released a passphrase dictionary:
> http://reusablesec.blogspot.com/2009/07/pass-phrase-input-dictionary.html

Matt has done some good work.  He is giving a talk at DEFCON on his
phbbb cracking efforts that I'm looking forward to.

Back to password lists for Nmap, Nmap/Ncrack can't ship a 10GB password
list, not even a 100MB list.  We need to ship an efficient list.  With
that in mind, I too have been working on cracking the phpbb passwords.
Of the 189766 unsalted MD5 hashes, I've cracked 176620.  That's 93% ;-)

http://noh.ucsd.edu/~bmenrigh/phpbb/

I've posted the cracked passwords as well as a count of the
hashes sorted by frequency.  A little real-word data is a good thing.
I'd suggest that we cherry pick the top 100-500 passwords from this
list to augment the list that we end up shipping.

I've been ridiculously busy lately but at some point this summer I hope
to publish detailed analysis of my cracking efforts and some metrics on
the passwords cracked so far.  I put a lot of engineering time into this
cracking.  Don't steal my thunder by doing analysis
using my cracked list.

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)

iEYEARECAAYFAkpvgfAACgkQqaGPzAsl94LDOgCfULfJ0Jnbf3TO4Me/VSfIKMwJ
PzQAnRitOdL2x4ZedTfr2z1AYd2PhVMz
=u9xu
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org