[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CANWtx02frrnsMGrswyM42BUFWvbZvoeeuJpnA3GsJLXMAp0i2w@mail.gmail.com>
Date: Fri, 14 Aug 2015 21:35:38 -0400
From: Rich Rumble <richrumble@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Annotated wordlists
On Fri, Aug 14, 2015 at 7:15 PM, Tonimir Kisasondi <kisasondi@...il.com> wrote:
> Hello everyone,
>
> This is my first time posting here, so, hello everyone, I'm Tonimir and
> i am kinda interested in password cracking and research in the same
> area.
Welcome!
> So, one of the things i like are default passwords and dictionaries for
> default passwords. Be it default passwords that are vendor pre-set or
> backdoors that are found by researchers, but sometime you want to have a
> large list, but select only passwords that are backdoors, or only those
> that work on HP servers. Also, sometimes you want to "annotate"
> wordlists for instance, selecting just the top 75% of the statistically
> occuring elements that are used in leaked password lists. Or only words
> that are "tech" related or only "french". Or do a reverse lookup: why
> did the password b4dg3r5 work from this default password list on this
> HP device. You get the idea, the possibilities are endless, and this opens
> the avenue for more interesting password cracking attacks and methods.
Many "default" password lists exist, it would be interesting to add
default website passwords if they exist. Maybe AT&T issues everyone the
same random looking password for their wifi or something like that.
>
> 1) Do you think something like that is useful? What's your opinion on this?
I think some lists like that exist, and have some metadata with them
already, perhaps not the meta you want however.
http://www.phenoelit.org/dpl/dpl.html
http://www.routerpasswords.com/
http://www.answersthatwork.com/Download_Area/ATW_Library/Networking/Network__4-List_of_default_Router_Admin_Passwords_and_IP_addresses.pdf
> 2) Would you be interested in accepting a patch/toolchain to enable this
> functionality in john? The core would be unchanged, it's only a python
> script that helps you to manipulate annotated wordlists (awl)
> 3) Of course I'm experimenting with this functionality in python
> currently, but i would love to hear your opinion on the whole matter. If
> you think this is interesting, I'm more then willing to contribute the
> necessary code into jumbo.
Someone else was talking about probability recently here on the list:
http://www.openwall.com/lists/john-users/2015/06/11/1
It was related the HC's Prince attack. Some list's I think have been
sorted by probability,
https://wiki.skullsecurity.org/Passwords
(see phpbb - sorted by "commonness")
Incremental mode works on this principal to some degree, using
trigraphs rather than "whole words". John "learns" what is
probable from training it on wordlists, and currently the .chr
files are created using Rockyou.txt as the basis for guessing.
G:\CMIYC-2015>john.exe -stdout -inc
123456
12345
111189
123455
111188
12344
121288
121289
112345
112344
123123
123121
121987
121989
111288
111289
112222
112224
11111
11110
marissa
---
Incremental is very good and a very powerful method of cracking.
Most wordlists on the net are simply sorted by alphabet typically.
The meta could get out of hand, you could include top passwords
for policies (1 upper, one lower, one special, 8 or more long etc).
You could make meta data for websites, wifi, algo (md5, durpal,
mediawiki, des etc..) and subcatagories, photo websites, dating
websites...
It's all very interesting, and beyond my capabilities, I'm glad
someone wants to explore it further. I think some meta could
be useful, but the most useful data may not be shared or
revealed. I bet Age, Sex, Region/Country, Religion and just
about anything else could contribute to password choice, maybe
even mood at the time :)
During CMIYC 2015 I trained JtR on the passwords we cracked
and immediately got passwords across each hash type. Stats or
meta about a target could be useful in an attack, maybe pass's
from Amazon users would be similar to TigerDirect, or Gmail
will be similar to Hotmail/0365. We keep getting leaks of passes
and there could be meta were missing, but the main thing
being found, is poor password choices like 123456. That's
partly why Incremental tries that one first, it's frequency in
Rockyou.txt made sure it got to the top.
Here is some output from my Street.chr, they don't look like
what a user would ordinarily use, but they were great during
the contest!
G:\CMIYC-2015>john.exe -stdout -inc=street
éCLAt
ñata
éCLAN
é&&&
ñato
é&&a
älska
älski
körgen
éthen
éther
äpPlO
äpPle
ñaja
ñaje
é&é
é&á
ñeko
ñeka
ñeut
ñeuk
édel
édes
édé
édù
éCRue
Prince mode too is pretty awesome, and they have
some of the same goals I think your after, but they
produce the likely candidates rather than store them
in a "static" file or database.
https://hashcat.net/events/p14-trondheim/prince-attack.pdf
We need more work like this, I hope I wasn't too
disparaging. I think we need more ideas like Prince or
metadata passwords.I would love a way to SHARE
metadata without giving away enough information
that it can be traced to a company or person.
We've all talked about this stuff, or simialr items
a lot, this was a good thread...
http://www.openwall.com/lists/john-users/2012/09/11/6
-rich
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
