|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 84
Members: 0
Total: 84
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Ramius Cracking Dictionary |
|
Posted: Tue Dec 23, 2008 5:46 pm |
|
|
glid3r |
Regular user |
|
|
Joined: Dec 22, 2008 |
Posts: 11 |
|
|
|
|
|
|
|
hello, i've been searching around for good wordlists and i 've found this http://forums.remote-exploit.org/showthread.php?t=11875 there are good things in but tons of garbage also, and its hard to clean everything. i've also found a 28gb "string"list but it wasnt really a wordlist. i was thinking of getting that Ramius dict but as some of you here have some HUGe wordlists i was thinking maybe someone could share it :p thanks for help |
|
|
|
|
Posted: Wed Dec 24, 2008 4:36 am |
|
|
slsl |
Advanced user |
|
|
Joined: Oct 14, 2008 |
Posts: 66 |
|
|
|
|
|
|
|
I have a 27 gig dictionary it's called acdc's dictionary |
|
|
|
|
Posted: Wed Dec 24, 2008 9:52 am |
|
|
glid3r |
Regular user |
|
|
Joined: Dec 22, 2008 |
Posts: 11 |
|
|
|
|
|
|
|
slsl wrote: | I have a 27 gig dictionary it's called acdc's dictionary |
yeah i know about this one, but it's not a wordlist, its a character chain, cuz when its rar'ed, its only about 70mb |
|
|
|
|
Posted: Wed Dec 24, 2008 10:05 am |
|
|
tehhunter |
Valuable expert |
|
|
Joined: Nov 19, 2008 |
Posts: 261 |
|
|
|
|
|
|
|
Dictionaries don't have to be super-huge to be super-effective. It's more so how effective they are. I have only roughly a million words in my dictionaries that I accumulated myself, and they are pretty effective for the space they take up if I do say so myself. |
|
|
|
|
Posted: Wed Dec 24, 2008 12:44 pm |
|
|
glid3r |
Regular user |
|
|
Joined: Dec 22, 2008 |
Posts: 11 |
|
|
|
|
|
|
|
right now i'm building my own one with every wordlists i find. my dic is currently 2gb large, but it will be ~4 with all awords lowercased +uppercased :p. but you are right, a 100GB dictionary full of aaa aaaa etc is useless |
|
|
|
|
|
|
|
|
Posted: Wed Dec 24, 2008 9:46 pm |
|
|
tehhunter |
Valuable expert |
|
|
Joined: Nov 19, 2008 |
Posts: 261 |
|
|
|
|
|
|
|
In my opinion the most efficient thing to do is compile your own wordlists from common things. That's why I went out and made a few programs to download/sort/store things like:
Common First Names (can find on Gov't websites)
Common Last Names (same as above)
Commonly used words (Can find on various literature websites)
Common web lingo (Can find on random sites)
Then, after I compiled these lists, I decided to add some other somewhat bigger lists. I downloaded and converted milw0rm's cracked password file (which contains every password ever cracked by milw0rm, an invaluable treasure) and also opencrack's cracked password file.
With these lists, I can typically crack around 1/4 of any passwords I find. I can make that probability around 1/2 since I created a program to create permutations that people often use, thinking they are making their passwords more secure, such as:
hello -> h3llo -> hell0 -> h3ll0 -> HELLO -> Hello -> HeLLo -> hEllO -> olleh -> hello1 -> hello2 -> .... -> hello10 -> ... -> hello99 -> hello100 -> hello999 -> Hello1 -> ........... -> HELLO1 -> ............ -> 1hello1 -> ......................
Really it's quite simple. I first just thought of how I try to make my own passwords more secure, and then just programmed the changes into my program and thus saved much space and retained the efficiency (if not heightened it) of my wordlists. Currently I use a wordlist of around a million words, and at the end of my program I typically end up with around 9 billion passwords generated and checked.
I'm currently in the process of taking over a dead project on sourceforge, but when I am finished, I will upload and begin further development on my program (which was made in Java (albeit a 'slowish' language)).
P.S. If anyone has any good tips for boosting Java's speed, I would be all ears. Currently I am looking into harnassing JIT compilers (which convert the bytecode into native code at runtime) and also possibly introduction of CUDA to allow harnassing the GPU and thus radically shorten the time (on my laptop it takes around 21 hours to run fully through the full program). |
|
|
|
|
|
www.waraxe.us Forum Index -> General discussion
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|