Nmap Development mailing list archives
Re: Replacing passwords.lst
From: Ron <ron () skullsecurity net>
Date: Tue, 16 Mar 2010 19:48:28 -0500
On Tue, 16 Mar 2010 18:33:17 -0600 David Fifield <david () bamsoftware com> wrote:
On Fri, Mar 12, 2010 at 09:48:11PM -0800, Fyodor wrote:On Fri, Mar 12, 2010 at 09:13:09PM -0700, David Fifield wrote:I made this directory and copied the old MySpace passwords into it. I didn't realize that Ron's databases were so huge--RockYou is like 100 MB. I copied the first 10,000 lines of phpBB and RockYou into the directory as well.Yeah, that is huge. And I know I sometimes complain about stuffing large files in SVN. But this is really useful data, so I'd support storing more. Rockyou is the biggest issue, as you noted. My suggestion for that is:The sizes were not as bad as I thought at first. After stripping extra spaces, we are left with -rw-r--r-- 1 david users 88K 2010-03-16 17:13 faithwriters.lst -rw-r--r-- 1 david users 103K 2010-03-16 17:14 hotmail.lst -rw-r--r-- 1 david users 421K 2010-03-16 17:07 myspace.lst -rw-r--r-- 1 david users 1.9M 2010-03-16 17:18 phpbb.lst -rw-r--r-- 1 david users 58M 2010-03-16 17:24 rockyou.lst.bz2 I wrote a simple program to sum the counts from several password files and output the top n passwords. Using the five lists above, I regenerated our nselib/data/passwords.lst. The program automatically does bz2 decompression based on filename so keeping compressed lists isn't inconvenient. David Fifield
That's great news! I almost want to do a -iR with smb-brute. *almost*. :) Brandon had some ideas to get better stats from the password dictionaries than straight counts -- basically, weighing the quality of the lists and of each word. But we've talked about improving the dictionary in the past and nothing came of it, so I'm glad it's been done. -- Ron Bowes http://www.skullsecurity.org http://www.twitter.com/iagox86 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Replacing passwords.lst, (continued)
- Re: Replacing passwords.lst David Fifield (Mar 12)
- Re: Replacing passwords.lst Fyodor (Mar 12)
- Re: Replacing passwords.lst David Fifield (Mar 16)
- Re: Replacing passwords.lst Brandon Enright (Mar 16)
- Re: Replacing passwords.lst David Fifield (Mar 16)
- Re: Replacing passwords.lst Brandon Enright (Mar 16)
- Re: Replacing passwords.lst Fyodor (Mar 16)
- Re: Replacing passwords.lst Ron (Mar 17)
- RE: [BULK] Re: Replacing passwords.lst Norris Carden (Mar 17)
- Re: [BULK] Re: Replacing passwords.lst Ron (Mar 17)
- Re: Replacing passwords.lst Ron (Mar 16)
- Re: Replacing passwords.lst Fyodor (Mar 16)
- Re: Replacing passwords.lst Fyodor (Mar 16)