Password lists

Default Credentials

Default Credentials

Top20 - France

123456
123456789
azerty
qwerty123
qwerty1
azertyuiop
marseille
doudou
loulou
12345678
1234561
000000
chouchou
motdepasse
soleil
mypassphrase
1234567
password
nicolas
camille

Top200

123456
123456789
12345678
password
qwerty123
qwerty1
111111
12345
secret
123123
1234567890
1234567
000000
qwerty
abc123
password1
iloveyou
11111111
dragon
monkey
123123123
123321
qwertyuiop
00000000
Password
654321
target123
tinkle
zag12wsx
1g2w3e4r
gwerty123
gwerty
666666
1q2w3e4r5t
Qwerty123
987654321
1q2w3e4r
a123456
1qaz2wsx
121212
abcd1234
1qaz2wsx
asdfghjkl
123456a
88888888
Qwerty123!
Qwerty1!
112233
q1w2e3r4t5y6
football
zxcvbnm
princess
Qwerty1
aaaaaa
Abcd1234
Password1
sunshine
147258369
Qwerty1234
fuckyou
Qwerty12
123qwe
computer
baseball
159753
superman
azerty
dearbook
pokemon
michael
1234qwer
1234561
888888
daniel
111222tianya
12345678910
1qaz2wsx3edc
123456789a
123654
P@ssw0rd
qwer1234
Qwerty1?
789456123
123456789
Qwerty123?
q1w2e3r4
shadow
222222
soccer
qwe123
7777777
22535
asdasd
admin
killer
testing
qazwsx
asdf1234
1314520
555555
12341234
michelle
a123456789
charlie
liverpool
master
123abc
7758521
woaini
asdfgh
password123
starwars
jordan
jessica
999999
unknown
1q2w3e
1111111
789456
pakistan
12qwaszx
ashley
1111111111
welcome
aa123456
jennifer
11223344
thomas
159357
asd123
andrew
nicole
anthony
147258
trustno1
qwerty12
naruto
jonathan
hunter
102030
basketball
cambiami
letmein
987654321
hello
chocolate
zinch
internet
samsung
asdfasdf
Aa123456
justin
passw0rd
purple
blink182
whatever
g_czechout
tigger123
samantha
joshua
alexander
hannah
qazwsxedc
11111
andrea
minecraft
matthew
changeme
123456!
87654321
jordan23
qq123456
1qazxsw2
william
1234567891
123456123
12344321
buster
cookie
babygirl
butterfly
batman
lol123
qwert
robert
summer
amanda
123654789
aaaaaaaa
benjamin
mysapce1
333333
facebook
chelsea
family
hello123
maggie
freedom
cheese

Top400

top_400_passwords/top400.txt at main · dinosn/top_400_passwordsGitHub

Rockyou

https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt

Fasttrack

kali-wordlists/fasttrack.txt at master · 00xBAD/kali-wordlistsGitHub

WeakPass

Weakpass

https://weakpass.com/wordlists/all_in_one.txt

Custom List - Tools

kwprocessor - generate wordlists of keyboard walks

GitHub - hashcat/kwprocessor: Advanced keyboard-walk generator with configureable basechars, keymap and routesGitHub

./kwp basechars/full.base keymaps/en-us.keymap routes/2-to-16-max-3-direction-changes.route > ~/keyboard_walks-2-to-16-3-direction

CeWL - generate wordlist from crawling website

GitHub - digininja/CeWL: CeWL is a Custom Word List GeneratorGitHub

cewl --depth 10 --with-numbers --write cewl.txt "$TARGET"

cewl --depth 3 --write cewl.txt http://IP:PORT/wordpress

cewl --write cewl_test.txt http://IP:PORT/wordpress

$ cewl https://www.inlanefreight.com -d 4 -m 6 --lowercase -w inlane.wordlist
$ wc -l inlane.wordlist

326

CeWLer - generate wordlist from crawling website

GitHub - roys/cewler: CeWLeR - Custom Word List generator Redefined. CeWL alternative in Python, based on the Scrapy framework.GitHub

cewler --output cewler.txt --depth 5 --min-word-length 2 "http://IP:PORT/wordpress" 

cewler --output cewler.txt --depth 5 --lowercase --min-word-length 2 --without-numbers "$TARGET"

Cupp - generate wordlist from known PII

cupp -i

___________
   cupp.py!                 # Common
      \                     # User
       \   ,__,             # Passwords
        \  (oo)____         # Profiler
           (__)    )\
              ||--|| *      [ Muris Kurgas | j0rgan@remote-exploit.org ]
                            [ Mebus | https://github.com/Mebus/]


[+] Insert the information about the victim to make a dictionary
[+] If you don't know all the info, just hit enter when asked! ;)

> First Name: William
> Surname: Gates
> Nickname: Bill
> Birthdate (DDMMYYYY): 28101955

> Partners) name: Melinda
> Partners) nickname: Ann
> Partners) birthdate (DDMMYYYY): 15081964

> Child's name: Jennifer
> Child's nickname: Jenn
> Child's birthdate (DDMMYYYY): 26041996

> Pet's name: Nila
> Company name: Microsoft

> Do you want to add some key words about the victim? Y/[N]: Phoebe,Rory
> Do you want to add special chars at the end of words? Y/[N]: y
> Do you want to add some random numbers at the end of words? Y/[N]:y
> Leet mode? (i.e. leet = 1337) Y/[N]: y

[+] Now making a dictionary...
[+] Sorting list and removing duplicates...
[+] Saving dictionary to william.txt, counting 43368 words.
[+] Now load your pistolero with william.txt and shoot! Good luck!

Crunch

Wordlist Generator using Crunch [6 Methods] | GoLinuxCloudGoLinuxCloud

PsudoHash - Generates keyword-based password mutations

GitHub - t3l3machus/psudohash: Password list generator that focuses on keywords mutated by commonly used password creation patternsGitHub

RSMangler - perform various manipulations on a wordlist

GitHub - digininja/RSMangler: RSMangler will take a wordlist and perform various manipulations on it similar to those done by John the Ripper with a few extras.GitHub

TheMentalist

GitHub - sc0tfree/mentalist: Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat and John the Ripper.GitHub

Bash

for i in $(cat pwlist.txt); do echo $i; echo ${i}2019; echo ${i}2020; done > pwd.txt

cp pwd.txt pwlist.txt

for i in $(cat pwlist.txt); do echo $i; echo ${i}\!; done > pwd.txt

Hashcat

Rules

echo 'password' > pw

hashcat --stdout pw -r /usr/share/hashcat/rules/best64.rule

hashcat --stdout pw -r /usr/share/hashcat/rules/best64.rule > pwlist

Mutation

$ cat custom.rule

:
c
so0
c so0
sa@
c sa@
c sa@ so0
$!
$! c
$! so0
$! sa@
$! c so0
$! c sa@
$! so0 sa@
$! c so0 sa@

$ hashcat --force password.list -r custom.rule --stdout | sort -u > mut_password.list
$ cat mut_password.list

password
Password
passw0rd
Passw0rd
p@ssword
P@ssword
P@ssw0rd
password!
Password!
passw0rd!
p@ssword!
Passw0rd!
P@ssword!
p@ssw0rd!
P@ssw0rd!

John - Improve the custom list

As we all know few password are just simple words. Many use numbers and special characters. To improve our password list we can use john the ripper. We can input our own rules, or we can just use the standard john-the-ripper rules

john ---wordlist=inlane.wordlist --rules --stdout > wordlist-modified.txt

pentest/password-related-attacks/generating-custom-password-lists.md at master · lamontns/pentestGitHub

Remove password not compliant - Password policy

Example: We know that the password must meet the following conditions:

1. 8 characters or longer

2. contains special characters

3. contains numbers

sed -ri '/^.{,7}$/d' william.txt            # remove shorter than 8
sed -ri '/[!-/:-@\[-`\{-~]+/!d' william.txt # remove no special chars
sed -ri '/[0-9]+/!d' william.txt            # remove no numbers