Jump to content

13GB (4.4gb compressed) - WPA WPA2 Word List - 982,963,904 Words


Recommended Posts

  • Replies 82
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

Thjy posted that in 2013, that's 8 years ago...and they have not been on since 2018.

I made a 9+gb sequential numbers 00000000-999999999 file and aircrack used it fine, but I do see your issue, it would take days to crack something, so I used the linux split command (Read the help file) and made like a shit ton of 50mb files. Cracked the wifes wifi(which I already knew the range it was in since I told her that her boss was an idiot for using just numbers and only as long as 9 characters). I just did a head and a tail on the files, till I found which one I knew it was in, and it cracked in like 20 minutes on a crappy dual core laptop with BT5. Now that said, had I had to go and use the entire 9GB file, well, it would have done it, but would have had to run for days to go through all 8 characters, then all 9 until it found it.

Split is your friend. So is sort if you want to sort unique or also, reverse the order of the list like say 1,2,3,4,5 becomes 5,4,3,2,1 (but with say a list of characters 8 or longer).

If I had it on my home machine and I sent the pcap to the hashcat site,I could have made a file compatible for cracking using oclhashcat on my GPU. That 9+GB sequential list probably would have cracked in an hour or so. Got to love GPU computing. BT5 has the ability to use CUDA and OpenCL drivers too, but they don't work on my POS laptop, but just a heads up, you can crack with the 13gb list if you split it into chunks and run them in parallel too if you've got more than one GPU.

where can i download it ?

Link to post
Share on other sites
  • 1 month later...
  • 2 weeks later...
  • 4 weeks later...

Hey Guys,

I haven't forgotten about this post i just work away allot and the list is on my desktop machine! the only time i am home is at the weekend before i need to travel again. Ill upload it the first chance i get.

Thanks,

-Anton.

Link to post
Share on other sites
  • 2 weeks later...

I'm changing my original post because now I've put my pen testing hat back on all this is making a lot more sense now.

I downloaded the file again, this time directly from crackstation itself, unzipped it, managed to open it and it is indeed plain text after all.

It's possible the version I had earlier was corrupt hence the confusion.

Edited by factgasm
Link to post
Share on other sites
  • 3 months later...

Hey Guys,

I haven't forgotten about this post i just work away allot and the list is on my desktop machine! the only time i am home is at the weekend before i need to travel again. Ill upload it the first chance i get.

Thanks,

-Anton.

Hey to give this topic a little bump. Am loking for a very nice cleaned up password list to use for WPA2s. can see that the links are not working in this thread so if anyone has a up to date copy of anything good and cleaned up (no dupes) that would really help a chap out. :)

Link to post
Share on other sites

This page lists a stack of them:

https://wifi0wn.wordpress.com/wepwpawpa2-cracking-dictionary/

You're going to have to pluck out the dupes and the ones that are too short to be valid for WPA2 though and no idea how large the end result is going to become because of it.

Link to post
Share on other sites

Wow nice list. Thanks for that dude. Someone must have a nicely cleaned up word list file. Am gonna start the long painful task of going through and making my own list but if any kind soul has anything clean and good please let a brother know :)

Link to post
Share on other sites
  • 1 month later...

I can tell there are a lot of cracking newbs in this thread and just some newbs in general. Let me save you some time...

First off, this is not full of dupes as someone suggested. It had only 300k worth of dupes in it, less than 0.001%. But that doesn't mean this list isn't rubbish because it is. There isn't a single mixed case word I saw while tailing off samples of it while it was sorting the few dupes it contained. So this list at best is only a "source list", not a cracking list. That means to have "decent" success you'll need to apply rules to it to toggle case.

On a list this large the best you're going to do in volume is all lower, upper first character and all upper. If you were focusing on a single newtwork for a long time you could definetly expand it, but nothing like you can do when you can get 28G c/s on MD5.

This list is just too big to run a comprehsive ruleset on for WPA, and just using it for source words is pretty bad. I have lists 10% of the size that do 400% better on average. I would call this list more of a list of last resort instead of a first choice.

If you're using a CPU then this list isn't for you, just still with the openwall list or something under 5 to 10M words. Otherwise it will take you several days running nonstop to check the list as-is and you'll be lucky to have more than a 10-20% success rate. Add in just a few rules and you're talking nearly a month. For comparison, I can run this list in around 40 minutes. I get about 400,000 c/s on WPA and 28G c/s on MD5. If you don't have a GPU with fast hasing then stick to a good small list of PWs, not just a big source list of words and such. But this list is bad for a source list for WPA just because of its size, you can't make more than a few mutations from it and still be able to test the results against a large enough sample to learn anything.

If you want to do more than just try to crack a single password then you're going to have to do it on GPU. You'll rarely find someone who is willing to share a list or rules that are working amazing because it takes a ton of time and work and you lose your edge in competitions and such. To start getting results above 30-40% on WPA you'll need to start doing a lot of testing and analysis. This is the part where it is tough, because WPA is slow. If can take a day just to test 10 handshakes against a few new rules, whereas you could test the same MD5 hashes in under 10 seconds. And 10 handshakes doesn't tell you squat, so even with a cluster of cracking rigs it takes forever to do quantitive analysis on WPA.

The solution to this is to stick with MD5. It is not a direct crossover... personal pws and WPA PSK, but the patterns can apply across both. If you find a rule or list working well on MD5 hashes it will likely perform will on WPA. The trick is efficiency, not maximum results when it comes to WPA. So if you have a list/ruleset that finds 30% of the hashes, but is 1000% more efficient (less keyspace) than the one that gets 40% you sacrifice the 10%, at least initially and use the rules for the extra 10% at the end.

Pyrit is slow, so you're not going to get the numbers from even multiple GPUs that I pull on a single GPU core in HC. And of course aircrack (cpu) might as well be standing still.

Link to post
Share on other sites
  • 3 weeks later...

I have a list with about 1.3 billion words 8-63 chars (about 15.5GB). It took me about month to create. I would be willing to burn that to some DVDs and mail them to anyone who wants to start a torrent. I just don't have the upload speed to with my ISP because I'm in the boonies. So I'm not even going to try to send that much data. It would be depressingly slow.

I've heard a lot of people say that having a smaller list and a good ruleset for creating permutations works just as well even better than having a large list.

Edited by vailixi
Link to post
Share on other sites

I've heard a lot of people say that having a smaller list and a good ruleset for creating permutations works just as well even better than having a large list.

Never said so myself, but I vehemently agree with it. Maybe you could elaborate a bit on what you did to assemble your wordlist?

Link to post
Share on other sites

I grabbed every list I could find from places like skull, hack forums, various english, french german, latin dictionaries, dictionaries of medical and science terminology, short lists, leaked passwords. That was about 100GB total and about 1300 lists. Then I used some bashfu to make sense of it.

Split, sort, awk, sed, uniq, and some other commands.

I'll see if I can dig up the commands list. There are a lot of ways to sort with BASH so if you do it different or have something to add please share.

The simplest way to merge wordlists is with cat.

cat *txt > mylists.txt

You can pipe cat.

cat *txt | sort -u -i > list1.txt

You can pipe some more with nawk.

cat list.txt | nawk '{str=$0; if (gsub(".", "") <= 63) print str}' > list2.txt
cat list2.txt | nawk '{str=$0; if (gsub(".", "") >= 8) print str}' > list3.txt

Once the wordlist gets to big it will start sucking up all of your RAM and swap so you will have to split the list down to managable size.

split --bytes=2000000 --verbose wordlist.txt

More BASH

#!/bin/bash
count=0
nums=$(ls -l | grep -v ^l | wc -l)
echo "Processing $(ls -l | grep -v ^l | wc -l) original files"

for i in $( ls ); do

echo "Processing $i"
mv $i temp.txt
cat temp.txt | nawk '{str=$0; if (gsub(".", "") <= 63) print str}' | nawk '{str=$0; if (gsub(".", "") >= 8) print str}' | sort -i -u > $i

done;

sort and merge

sort -imu -o newmergedfile.txt *

I think the script would be something like the following. Sorry in advance for syntax errors. It's pretty much copy pasta from my notes and editing off the top of my head and it's pretty late. Long day today. But you get the gist of it.

#!/bin/bash
count=0
nums=$(ls -l /root/Desktop/mylists/ | grep -v ^l | wc -l)
echo "Processing $(ls -l | grep -v ^l | wc -l) original files"

for i in $( ls /root/Desktop/mylists/ ); do

echo "Processing $i"

# this will sort each text file alphnumerically and cut strings shorter than 8 characters and longer than 63 and remove whitespace $i

((count ++))
mv /root/Desktop/mylists/${i} /root/Desktop/mylists/temp.txt
cat root/Desktop/myslists/temp.txt | awk '{ print length, $0 }' | sort -n | cut -d" " -f2- | nawk '{str=$0; if (gsub(".", "") >= 8) print str}' |nawk '{str=$0; if (gsub(".", "") <= 63) print str}' > $i
rm /root/Desktop/mylists/temp.txt

echo "$count / $nums complete"
done;

Basically you'll want to split the lists into managable sizes so the bash utilities don't crash do to memory allocation issues. Then sort them for uniqs merge etc.

I'll see if I can find some of my older command line histories. I was in the habbit of saving them for a while.

Incidentally. I've had one person interested in a copy via mail but the individual is in the United Kingdom. If I ship something like a wordlist is that going to get me in trouble?

Edited by vailixi
Link to post
Share on other sites

Thanks for this.

I'm thinking the dictionary words would suffice and you could then create a permutator that would change case, replace chars and maybe tack on a few numbers. That way your wordlist stays kinda small but your actual vocabulary (for lack of a better word) is huge and it shouldn't take a lot of cpu cycles to do the expansion.

The good thing about sorting is that it makes it easy to kick out the duplicates. The bad thing is that the most commonly used combinations aren't at the top of the list when you start processing which is likely to save you a *lot* of processing time when you use the list. Hence the dictionary idea - a more manageable list allowing you to do some manual ordering.

I don't see how shipping a wordlist is something actionable. It's a list of words. Call it the most boring book on the planet if it makes you feel any better.

Link to post
Share on other sites

If you were just going to do like 4 characters prefixed, suffixed or both you could just put all of the 4 char sequences into a string array and for each iteration just concat the the extra chars to the dictionary word.

Also if you are working with a list of names you could just grab the sirnames and firstnames and make two arrays. Then loop through and concat the first+last or last+first or first.last or first+middle+last or whatever. If you're doing emails addresses you grab a list of the top email provider domainnames and just output that at the end. Great way to send spam without sending spam. Just make an email list and put them into your email provider's address book. Then sign up for a throw away facebook account and add contacts from address book.

Or say you are looking for person on LinkedIn and you want to add them so you can get a job. Just use permutations of the first+last+domain until you find their real email address to send them an invite.

Sorry for birdwalking from the orginal subject. Most words if they are capitalized are just capitalized at the beginning except names and some things that are camel cased. Then you could use some substitution rules like for 1337speak, fauxcrypt, or other sensationalized spelling rulesets.

BTW if anyone knows how to do that with string streams in C++ please post an example. But here's just a tiny bit of code. Sorry for being so lazy on the code lately. Working a lot.

//Simple program that outputs mangled words from a list and puts the output into another list.
#include <string>
#include <sstream>
#include <iostream>
#include <cctype>
#include <fstream>
int a;
int b;
int c;
int d;
using namespace std;


int main (int argc, char* argv[3])
{


{ofstream myfile;
myfile.open (argv[2]);

{ string line; ifstream infile (argv[1]);

if (infile.is_open())

{ while ( getline (infile,line) ){

for (a = 32; a <= 126; a++){
for (a = 32; a <= 126; a++){
for (a = 32; a <= 126; a++){
for (a = 32; a <= 126; a++){

cout << line << char(a) << char(b) << char(c) << char(d) << endl;
cout << char(a) << char(b) << char(c) << char(d) << line << endl;

// I forgot how to do string streams for concatenating strings in C++ But if you are going to run crypto against each output you will need to dump each line into a single variable.

}
}
}
}
}



infile.close();
myfile.close();
} else cout << "Unable to open file" << endl;
}
}

return 0; }

Also I think it would be a fun project to collaberate on a wordlist compilation.

Link to post
Share on other sites

I previously made such a generator in plain bash.

All that remains, again in bash, is something like this:

for word in `cat wordlist.txt`
do for sequence in `seq_gen.sh <whatever parameters apply>`
    do <run the program that takes a permutation to try> ${work}${sequence}
    done
done
Link to post
Share on other sites

Some ISPs have WPA keys which are mathematically related to user information such as the user account number or telephone number. Some are hashes of these numbers and some WPA keys are phone numbers. So in cases like this you can look up the area code(s) and prefixes for the local area generate a phone list from that. In the case of account numbers It's just a matter of knowing how many characters the account number is. If you know the hashing algorithm you can generate a wordlist for that ISPs access points. Then write a script to generate lookup tables for every single standard ESSID within the scope of. Some of them are MY-WIFIXXXX. So basically all of the ESSIDs are predictable as far as their names. So a 10 digit numeric list should probably be included in any WPA wordlist.

Link to post
Share on other sites
  • 4 weeks later...

Here's my list of about 1.2 billion words.15.3GB decent compression with 7zip. The file is 2.8GB Collected from about 1200 sources and sorted. Sort of. The files got to big for the ammount of ram and swap space on my machine. But you are welcome to it. Mostly 8-63 character strings. Have fun.

magnet:?xt=urn:btih:d39773d2f403a8f5196081226d8f5134f4546b3a&dn=vailixilist.7z

Edited by vailixi
Link to post
Share on other sites

You don't happen to have the rainbow table files for default and most commonly named routers do you?

I haven't click the torrent to see if they are still alive, or checked if this was posted in this long thread, but there is http://www.renderlab.net/projects/WPA-tables/ which was put out a while back which may yield some results for people looking for precomputed passwords matches

Link to post
Share on other sites

I got those a while back. Most of them are for default access points that are not around my geographic location. But there are some like NETGEAR that are fairly common ESSIDs. Mostly it just takes up space my hard drive. There are some useful scripts on the renderman site as well.

My wordlist is almost uploaded to drive on really slow network speeds. Nobody got the torrent so I'm probably just going to kill that in a few.

Link to post
Share on other sites

To test, i just downloaded the readme form the torrent file to see if it was still alive - https://archive.org/details/wpa-tables-renderman

looks like it's still good to go, but I can understand not wanting to download directly the static files over a single download.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.


×
×
  • Create New...