Waraxe IT Security Portal

glid3r · Regular user

hello, i've been searching around for good wordlists and i 've found this http://forums.remote-exploit.org/showthread.php?t=11875 there are good things in but tons of garbage also, and its hard to clean everything. i've also found a 28gb "string"list but it wasnt really a wordlist. i was thinking of getting that Ramius dict but as some of you here have some HUGe wordlists i was thinking maybe someone could share it :p thanks for help

slsl · Advanced user

I have a 27 gig dictionary it's called acdc's dictionary

glid3r · Regular user

tehhunter · Valuable expert

Dictionaries don't have to be super-huge to be super-effective. It's more so how effective they are. I have only roughly a million words in my dictionaries that I accumulated myself, and they are pretty effective for the space they take up if I do say so myself.

glid3r · Regular user

right now i'm building my own one with every wordlists i find. my dic is currently 2gb large, but it will be ~4 with all awords lowercased +uppercased :p. but you are right, a 100GB dictionary full of aaa aaaa etc is useless

tehhunter · Valuable expert

In my opinion the most efficient thing to do is compile your own wordlists from common things. That's why I went out and made a few programs to download/sort/store things like:

Then, after I compiled these lists, I decided to add some other somewhat bigger lists. I downloaded and converted milw0rm's cracked password file (which contains every password ever cracked by milw0rm, an invaluable treasure) and also opencrack's cracked password file.
With these lists, I can typically crack around 1/4 of any passwords I find. I can make that probability around 1/2 since I created a program to create permutations that people often use, thinking they are making their passwords more secure, such as:

hello -> h3llo -> hell0 -> h3ll0 -> HELLO -> Hello -> HeLLo -> hEllO -> olleh -> hello1 -> hello2 -> .... -> hello10 -> ... -> hello99 -> hello100 -> hello999 -> Hello1 -> ........... -> HELLO1 -> ............ -> 1hello1 -> ......................

Really it's quite simple. I first just thought of how I try to make my own passwords more secure, and then just programmed the changes into my program and thus saved much space and retained the efficiency (if not heightened it) of my wordlists. Currently I use a wordlist of around a million words, and at the end of my program I typically end up with around 9 billion passwords generated and checked.

I'm currently in the process of taking over a dead project on sourceforge, but when I am finished, I will upload and begin further development on my program (which was made in Java (albeit a 'slowish' language)).

P.S. If anyone has any good tips for boosting Java's speed, I would be all ears. Currently I am looking into harnassing JIT compilers (which convert the bytecode into native code at runtime) and also possibly introduction of CUDA to allow harnassing the GPU and thus radically shorten the time (on my laptop it takes around 21 hours to run fully through the full program).