Re: dictionary of forum style usernames

["Robin Wood" <dninja () gmail com>]

As I said, the system I'm going to be testing has users whose
usernames are going to be forum style (e.g. Luca89, mackerel,
Maedhros, Magic Banana, mark_alec) rather than normal "human" name
style (e.g. robin, peter, fred).

> From previous experience with the site I know that a lot of users use
their username as their password so if I can get a reasonable list,
preferably a few hundred at least, I'll try a brute force attack with
a selection of common passwords and the username. I'm going to leave
this going in the background while doing the rest of the tests so the
more names the better.

I know that the human style name lists exist as my ssh server
regularly gets attacked by scripts trying long lists of usernames,
does the same exist for forum style names?

On 5/4/06, Griffiths, Ian <Ian.Griffiths () liv-coll ac uk> wrote:
> How many records are you thinking?
>
> Also what are you aiming to achieve?  I currently can't see any place
> where username actually matters?
>
> Ian
>
> -----Original Message-----
> From: Robin Wood [mailto:dninja () gmail com]
> Sent: 04 May 2006 08:53
> To: webappsec () securityfocus com
> Subject: dictionary of forum style usernames
>
>
> Hi
> I'm going to be doing a test against a forum type system and want to
> have a go at bruteforcing a few logins. As it is a forum the login names
> aren't likely to be usual "human" names so I'm looking for a dictionary
> of names to try. Can anyone recommend one?
>
> Robin
>
> ------------------------------------------------------------------------
> -
> Sponsored by: Watchfire
>
> The Twelve Most Common Application-level Hack Attacks
> Hackers continue to add billions to the cost of doing business online
> despite security executives' efforts to prevent malicious attacks. This
> whitepaper identifies the most common methods of attacks that we have
> seen,
> and outlines a guideline for developing secure web applications.
> Download this whitepaper today!
>
> https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9r
> ------------------------------------------------------------------------
> --

-------------------------------------------------------------------------
Sponsored by: Watchfire

The Twelve Most Common Application-level Hack Attacks
Hackers continue to add billions to the cost of doing business online
despite security executives' efforts to prevent malicious attacks. This
whitepaper identifies the most common methods of attacks that we have seen,
and outlines a guideline for developing secure web applications.
Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9r
--------------------------------------------------------------------------