Passwords

From SkullSecurity
Revision as of 03:46, 21 September 2011 by Ron (talk | contribs)
Jump to navigation Jump to search

Password dictionaries

These are dictionaries that come with tools/worms/etc, designed for cracking passwords. As far as I know, I'm not breaking any licensing agreements by mirroring them with credit; if you don't want me to host one of these files, let me know and I'll remove it.

Name Compressed Uncompressed Notes
John the Ripper john.txt.bz2 (10,934 bytes) n/a Simple, extremely good, designed to be modified
Cain & Abel cain.txt.bz2 (1,069,968 bytes) n/a Fairly comprehensive, not ordered
Conficker worm conficker.txt.bz2 (1411 bytes) n/a Used by conficker worm to spread -- low quality
500 worst passwords 500-worst-passwords.txt.bz2 (1868 bytes) n/a
370 Banned Twitter passwords twitter-banned.txt.bz2 (1509 bytes) n/a

Leaked passwords

Passwords that were leaked or stolen from sites. I'm hosting them because it seems like nobody else does (hopefully it isn't because hosting them is illegal :)). Naturally, I'm not the one who stole these; I simply found them online, removed any names/email addresses/etc (I don't see any reason to supply usernames -- if you do have a good reason, email me (ron-at-skullsecurity.net) and I'll see if I have them.

The best use of these is to generate or test password lists.

Note: The dates are approximate.

Name Compressed Uncompressed Date Notes
Rockyou rockyou.txt.bz2 (60,498,886 bytes) n/a 2009-12 Best list available; huge, stolen unencrypted
Rockyou with count rockyou-withcount.txt.bz2 (59,500,255 bytes) n/a
phpbb phpbb.txt.bz2 (868,606 bytes) n/a 2009-01 Ordered by commonness
Cracked from md5 by Brandon Enright
(97%+ coverage)
phpbb with count phpbb-withcount.txt.bz2 (872,867 bytes) n/a
phpbb with md5 phpbb-withmd5.txt.bz2 (4,117,887 bytes) n/a
MySpace myspace.txt.bz2 (175,970 bytes) n/a 2006-10 Captured via phishing
MySpace - with count myspace-withcount.txt.bz2 (179,929 bytes) n/a
Hotmail hotmail.txt.bz2 (47,195 bytes) n/a Unknown Isn't clearly understood how these were stolen
Hotmail with count hotmail-withcount.txt.bz2 (47,975 bytes) n/a
Faithwriters faithwriters.txt.bz2 (39,327 bytes) n/a 2009-03 Religious passwords
Faithwriters - with count faithwriters-withcount.txt.bz2 (40,233 bytes) n/a
Elitehacker elitehacker.txt.bz2 (3,690 bytes) n/a 2009-07 Part of zf05.txt
Elitehacker - with count elitehacker-withcount.txt.bz2 (3,846 bytes) n/a
Hak5 hak5.txt.bz2 (16,490 bytes) n/a 2009-07 Part of zf05.txt
Hak5 - with count hak5-withcount.txt.bz2 (16,947 bytes) n/a
Älypää alypaa.txt.bz2 (5,178 bytes) n/a 2010-03 Finnish passwords
alypaa - with count alypaa-withcount.txt.bz2 (6,013 bytes) n/a
Facebook (Pastebay) facebook-pastebay.txt.bz2 (375 bytes) n/a 2010-04 Found on Pastebay;
appear to be malware-stolen.
Facebook (Pastebay) - w/ count facebook-pastebay-withcount.txt.bz2 (407 bytes) n/a
Unknown porn site porn-unknown.txt.bz2 (30,600 bytes) n/a 2010-08 Found on angelfire.com. No clue where they originated, but clearly porn site.
Unknown porn site - w/ count porn-unknown-withcount.txt.bz2 (31,899 bytes) n/a
Ultimate Strip Club List tuscl.txt.bz2 (176,291 bytes) n/a 2010-09 Thanks to Mark Baggett for finding!
Ultimate Strip Club List - w/ count tuscl-withcount.txt.bz2 (182,441 bytes) n/a
[Facebook Phished] facebook-phished.txt.bz2 (14,457 bytes) n/a 2010-09 Thanks to Andrew Orr for reporting
Facebook Phished - w/ count facebook-phished-withcount.txt.bz2 (14,941 bytes) n/a
Carders.cc carders.cc.txt.bz2 (8,936 bytes) n/a 2010-05
Carders.cc - w/ count carders.cc-withcount.txt.bz2 (9,774 bytes) n/a
Singles.org singles.org.txt.bz2 (50,697 bytes) n/a 2010-10
Singles.org - w/ count singles.org-withcount.txt.bz2 (52,884 bytes) n/a
Unnamed financial site (reserved) (reserved) 2010-12
Unnamed financial site - w/ count (reserved) (reserved)
Gawker (reserved) (reserved) 2010-12
Gawker - w/ count (reserved) (reserved)
Free-Hack.com (reserved) (reserved) 2010-12
Free-Hack.com w/count (reserved) (reserved)
Carders.cc (second time hacked) (reserved) (reserved) 2010-12
Carders.cc w/count (second time hacked) (reserved) (reserved)

Statistics

I did some tests of my various dictionaries against the different sets of leaked passwords. I grouped them by the password set they were trying to crack:

Miscellaneous non-hacking dictionaries

These are dictionaries of words (etc), not passwords. They may be useful for one reason or another.

Name Compressed Uncompressed Notes
English english.txt.bz2 (1,368,101 bytes) n/a My combination of a couple lists, from Andrew Orr, Brandon Enright, and Seth
German german.txt.bz2 (2,371,487 bytes) n/a Compiled by Brandon Enright
American cities us_cities.txt.bz2 (77,081 bytes) n/a Generated by RSnake
"Porno" porno.txt.bz2 (7,158,285 bytes) n/a World's largest porno password collection!
Created by Matt Weir
Honeynet honeynet.txt.bz2 (889,525 bytes) n/a From a honeynet run by Joshua Gimer
Honeynet - w/ count honeynet-withcount.txt.bz2 (901,868 bytes) n/a
File locations file-locations.txt.bz2 (1,724 bytes) n/a Potential logfile locations (for LFI, etc).
Thanks to Seth!
Fuzzing strings (Python) fuzzing-strings.txt.bz2 (276 bytes) n/a Thanks to Seth!
PHPMyAdmin locations phpmyadmin-locations.txt.bz2 (304 bytes) n/a Potential PHPMyAdmin locations.
Thanks to Seth!
Web extensions web-extensions.txt.bz2 (117 bytes) n/a Common extensions for Web files.
Thanks to dirb!
Web mutations web-mutations.txt.bz2 (177 bytes) n/a Common 'mutations' for Web files.
Thanks to dirb!

DirBuster has some awesome lists, too -- usernames and filenames.

Facebook lists

These are the lists I generated from this data. Some are more useful than others as password lists. All lists are sorted by commonness.

If you want a bunch of these, I highly recommend using the torrent. It's faster, and you'll get them all at once.

Name Compressed Uncompressed Date Notes
Full names facebook-names-unique.txt.bz2 (479,332,623 bytes) n/a 2010-08  
Full names - w/ count facebook-names-withcount.txt.bz2 (477,274,173 bytes) n/a
First names facebook-firstnames.txt.bz2 (16,464,124 bytes) n/a 2010-08  
First names - w/ count facebook-firstnames-withcount.txt.bz2 (73,134,218 bytes) n/a
Last names facebook-lastnames.txt.bz2 (21,176,444 bytes) n/a 2010-08  
Last names - w/ count facebook-lastnames-withcount.txt.bz2 (21,166,232 bytes) n/a
First initial last names facebook-f.last.txt.bz2 (67,110,776 bytes) n/a 2010-08  
First initial last names - w/ count facebook-f.last-withcount.txt.bz2 (66,348,431 bytes) n/a
First name last initial facebook-first.l.txt.bz2 (37,463,798 bytes) n/a 2010-08  
First name last initial facebook-first.l-withcount.txt.bz2 (36,932,295 bytes) n/a