systemd0wn Posted August 30, 2012 Share Posted August 30, 2012 Has anyone seen a wordlist using all the recent DB hacked passwords? So for instance has someone taken all the hashes from linked in, brute forced them then used those plaintext passwords to create a wordlist? It would be cool to have a compilation of all these recent password DB hacks. Cheers, Systemd0wn Quote Link to comment Share on other sites More sharing options...
digip Posted August 30, 2012 Share Posted August 30, 2012 (edited) hmm. I know there are tons of wordlists on packet storm http://packetstormsecurity.org/Crackers/wordlists/ Just have to google for them. Edited August 30, 2012 by digip Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted August 30, 2012 Share Posted August 30, 2012 A lot of the LinkedIn passwords weren't words you would find in a dictionary. A lot of them seemed to be randomized passwords. I went up to 7 chars brute force on them before my old hardware said it would take a year to crack 8 characters. Quote Link to comment Share on other sites More sharing options...
digip Posted August 30, 2012 Share Posted August 30, 2012 check the various pastbin like places. A lot of them have various cracked lists too, but google for them in general. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted August 30, 2012 Share Posted August 30, 2012 (edited) If you search in Google, you can find a plenthora of passwords, that's how I compiled mine. You can also use CeWl, a tool written by DigiNinja to make your own password list, based on a given website. Edited August 30, 2012 by Infiltrator Quote Link to comment Share on other sites More sharing options...
systemd0wn Posted August 30, 2012 Author Share Posted August 30, 2012 Thanks I've grabbed some in the past: http://g0tmi1k.blogspot.com/2011/06/dictionaries-wordlists.html (he really put some work into this one). Like 13GB and 38GB lists, using them for WPA and the 13GB takes ~5 hours to run though. As a side project I thought it would be fun to pull together the paintext passwords from a lot of these website hacks and do some manual and statistical analysis. I haven't really committed to the idea, still just kicking it around. Didn't want to get into it only to realize I was the 10th person to do it. If I decide to I'll be sure to post my progress. Quote Link to comment Share on other sites More sharing options...
digip Posted August 30, 2012 Share Posted August 30, 2012 Have you tried wps attack via reaver? Might get you there in less than 5 hours if its enabled, no password needed. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted August 31, 2012 Share Posted August 31, 2012 Have you tried wps attack via reaver? Might get you there in less than 5 hours if its enabled, no password needed. That's if the router has WPS enabled, my router supports it, but it's disabled. I know a lot users out there, will opt to have this option enabled, as it will save a lot of their time with configuration. But it's worth a shot, if the router has it enabled. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.