project

profilesri999
Passwords-SkullSecurity.pdf
Home>Information Systems homework help>project

Passwords From SkullSecurity

HEY EVERYBODY! If you like this page, please consider supporting me on Patreon (https://www.patreon.com

/iagox86)!

Contents

1 Password dictionaries 2 Leaked passwords

2.1 Statistics 3 Miscellaneous non-hacking dictionaries

3.1 Facebook lists

Password dictionaries

These are dictionaries that come with tools/worms/etc, designed for cracking passwords. As far as I know, I'm not breaking any licensing agreements by mirroring them with credit; if you don't want me to host one of these files, let me know and I'll remove it.

Name Compressed Uncompressed Notes

John the Ripper (http://www.openwall.com/john/)

john.txt.bz2 (http://downloads.skullsecurity.org /passwords/john.txt.bz2) (10,934 bytes)

n/a

Simple, extremely good, designed to be modified

Cain & Abel (http://www.oxid.it /cain.html)

cain.txt.bz2 (http://downloads.skullsecurity.org /passwords/cain.txt.bz2) (1,069,968 bytes)

n/a Fairly comprehensive, not ordered

Conficker worm conficker.txt.bz2 (http://downloads.skullsecurity.org /passwords/conficker.txt.bz2) (1411 bytes)

n/a

Used by conficker worm to spread -- low quality

500 worst passwords (http://www.whatsmypass.com /?p=415)

500-worst-passwords.txt.bz2 (http://downloads.skullsecurity.org/passwords/500- worst-passwords.txt.bz2) (1868 bytes)

n/a

370 Banned Twitter passwords (http://techcrunch.com/2009/12 /27/twitter-banned-passwords/)

twitter-banned.txt.bz2 (http://downloads.skullsecurity.org/passwords/twitter- banned.txt.bz2) (1509 bytes)

n/a

Leaked passwords

Passwords that were leaked or stolen from sites. I'm hosting them because it seems like nobody else does (hopefully it isn't because hosting them is illegal :)). Naturally, I'm not the one who stole these; I simply found them online, removed any names/email addresses/etc (I don't see any reason to supply usernames -- if you do

Passwords - SkullSecurity https://wiki.skullsecurity.org/index.php?title=Passwords

1 of 5 12/11/20, 3:05 AM

have a good reason, email me (ron-at-skullsecurity.net) and I'll see if I have them.

The best use of these is to generate or test password lists.

Note: The dates are approximate.

Name Compressed Uncompressed Date Notes

Rockyou rockyou.txt.bz2 (http://downloads.skullsecurity.org /passwords/rockyou.txt.bz2) (60,498,886 bytes)

n/a

2009-12

Best list available; huge, stolen unencryptedRockyou with count

rockyou-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords /rockyou-withcount.txt.bz2) (59,500,255 bytes)

n/a

phpbb phpbb.txt.bz2 (http://downloads.skullsecurity.org /passwords/phpbb.txt.bz2) (868,606 bytes)

n/a

2009-01

Ordered by commonness Cracked from md5 by Brandon Enright (97%+ coverage)

phpbb with count phpbb-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords/phpbb- withcount.txt.bz2) (872,867 bytes)

n/a

phpbb with md5 phpbb-withmd5.txt.bz2 (http://downloads.skullsecurity.org/passwords/phpbb- withmd5.txt.bz2) (4,117,887 bytes)

n/a

MySpace myspace.txt.bz2 (http://downloads.skullsecurity.org /passwords/myspace.txt.bz2) (175,970 bytes)

n/a

2006-10 Captured via phishing

MySpace - with count myspace-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords /myspace-withcount.txt.bz2) (179,929 bytes)

n/a

Hotmail hotmail.txt.bz2 (http://downloads.skullsecurity.org /passwords/hotmail.txt.bz2) (47,195 bytes)

n/a

Unknown

Isn't clearly understood how these were stolenHotmail with count

hotmail-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords /hotmail-withcount.txt.bz2) (47,975 bytes)

n/a

Faithwriters (http://forums.crosswalk.com /m_4252083/mpage_1/tm.htm)

faithwriters.txt.bz2 (http://downloads.skullsecurity.org/passwords /faithwriters.txt.bz2) (39,327 bytes)

n/a

2009-03 Religious passwords

Faithwriters - with count faithwriters-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords /faithwriters-withcount.txt.bz2) (40,233 bytes)

n/a

Elitehacker elitehacker.txt.bz2 (http://downloads.skullsecurity.org /passwords/elitehacker.txt.bz2) (3,690 bytes)

n/a

2009-07 Part of zf05.txt

Elitehacker - with count elitehacker-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords /elitehacker-withcount.txt.bz2) (3,846 bytes)

n/a

Hak5 hak5.txt.bz2 (http://downloads.skullsecurity.org /passwords/hak5.txt.bz2) (16,490 bytes)

n/a

2009-07 Part of zf05.txt

Hak5 - with count hak5-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords/hak5- withcount.txt.bz2) (16,947 bytes)

n/a

Älypää (http://www.f-secure.com /weblog/archives/00001915.html)

alypaa.txt.bz2 (http://downloads.skullsecurity.org /passwords/alypaa.txt.bz2) (5,178 bytes)

n/a

2010-03 Finnish passwordsalypaa (http://www.f-secure.com

/weblog/archives/00001915.html) - with count

alypaa-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords /alypaa-withcount.txt.bz2) (6,013 bytes)

n/a

Facebook (Pastebay) (http://twitter.com/FSLabsAdvisor /status/12585285761)

facebook-pastebay.txt.bz2 (http://downloads.skullsecurity.org/passwords /facebook-pastebay.txt.bz2) (375 bytes)

n/a

2010-04

Found on Pastebay; appear to be malware- stolen.

Facebook (Pastebay) (http://twitter.com/FSLabsAdvisor /status/12585285761) - w/ count

facebook-pastebay-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords /facebook-pastebay-withcount.txt.bz2) (407 bytes)

n/a

Unknown porn site porn-unknown.txt.bz2 (http://downloads.skullsecurity.org/passwords/porn- unknown.txt.bz2) (30,600 bytes)

n/a

2010-08

Found on angelfire.com. No clue where they originated, but clearly porn site.

Unknown porn site - w/ count porn-unknown-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords/porn- unknown-withcount.txt.bz2) (31,899 bytes)

n/a

Passwords - SkullSecurity https://wiki.skullsecurity.org/index.php?title=Passwords

2 of 5 12/11/20, 3:05 AM

Ultimate Strip Club List (http://sla.ckers.org/forum /read.php?3,35591)

tuscl.txt.bz2 (http://downloads.skullsecurity.org /passwords/tuscl.txt.bz2) (176,291 bytes)

n/a

2010-09 Thanks to Mark Baggett for finding!

Ultimate Strip Club List - w/ count tuscl-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords/tuscl- withcount.txt.bz2) (182,441 bytes)

n/a

[Facebook Phished] facebook-phished.txt.bz2 (http://downloads.skullsecurity.org/passwords /facebook-phished.txt.bz2) (14,457 bytes)

n/a

2010-09 Thanks to Andrew Orr for reporting

Facebook Phished - w/ count facebook-phished-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords /facebook-phished-withcount.txt.bz2) (14,941 bytes)

n/a

Carders.cc carders.cc.txt.bz2 (http://downloads.skullsecurity.org /passwords/carders.cc.txt.bz2) (8,936 bytes)

n/a

2010-05 Carders.cc - w/ count

carders.cc-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords /carders.cc-withcount.txt.bz2) (9,774 bytes)

n/a

Singles.org singles.org.txt.bz2 (http://downloads.skullsecurity.org /passwords/singles.org.txt.bz2) (50,697 bytes)

n/a

2010-10 Singles.org - w/ count

singles.org-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords /singles.org-withcount.txt.bz2) (52,884 bytes)

n/a

Unnamed financial site (reserved) (reserved) 2010-12

Unnamed financial site - w/ count (reserved) (reserved) Gawker (reserved) (reserved)

2010-12 Gawker - w/ count (reserved) (reserved) Free-Hack.com (reserved) (reserved)

2010-12 Free-Hack.com w/count (reserved) (reserved) Carders.cc (second time hacked) (reserved) (reserved)

2010-12Carders.cc w/count (second time hacked)

(reserved) (reserved)

Statistics

I did some tests of my various dictionaries against the different sets of leaked passwords. I grouped them by the password set they were trying to crack:

cracked_500worst.png (http://www.skullsecurity.org/blogdata/cracked_500worst.png) cracked_elitehackers.png (http://www.skullsecurity.org/blogdata/cracked_elitehackers.png) cracked_faithwriters.png (http://www.skullsecurity.org/blogdata/cracked_faithwriters.png) cracked_hak5.png (http://www.skullsecurity.org/blogdata/cracked_hak5.png) cracked_hotmail.png (http://www.skullsecurity.org/blogdata/cracked_hotmail.png) cracked_myspace.png (http://www.skullsecurity.org/blogdata/cracked_myspace.png) cracked_phpbb.png (http://www.skullsecurity.org/blogdata/cracked_phpbb.png) cracked_rockyou.png (http://www.skullsecurity.org/blogdata/cracked_rockyou.png)

Miscellaneous non-hacking dictionaries

These are dictionaries of words (etc), not passwords. They may be useful for one reason or another.

Name Compressed Uncompressed Notes

English english.txt.bz2 (http://downloads.skullsecurity.org /passwords/english.txt.bz2) (1,368,101 bytes)

n/a

My combination of a couple lists, from Andrew Orr (https://twitter.com/xorrbit), Brandon Enright, and Seth (http://xd-blog.com.ar/)

German german.txt.bz2 (http://downloads.skullsecurity.org /passwords/german.txt.bz2) (2,371,487 bytes)

n/a Compiled by Brandon Enright

Passwords - SkullSecurity https://wiki.skullsecurity.org/index.php?title=Passwords

3 of 5 12/11/20, 3:05 AM

American cities (http://ha.ckers.org /blog/20090417/us- cities-dictionary/)

us_cities.txt.bz2 (http://downloads.skullsecurity.org /passwords/us_cities.txt.bz2) (77,081 bytes)

n/a Generated by RSnake

"Porno" porno.txt.bz2 (http://downloads.skullsecurity.org /passwords/porno.txt.bz2) (7,158,285 bytes)

n/a

World's largest porno password collection! Created by Matt Weir (http://reusablesec.blogspot.com/)

Honeynet honeynet.txt.bz2 (http://downloads.skullsecurity.org /passwords/honeynet.txt.bz2) (889,525 bytes)

n/a From a honeynet run by Joshua Gimer (http://twitter.com/jgimer)

Honeynet - w/ count honeynet-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords /honeynet-withcount.txt.bz2) (901,868 bytes)

n/a

File locations file-locations.txt.bz2 (http://downloads.skullsecurity.org /passwords/file-locations.txt.bz2) (1,724 bytes)

n/a

Potential logfile locations (for LFI, etc). Thanks to Seth (http://xd- blog.com.ar/)!

Fuzzing strings (Python)

fuzzing-strings.txt.bz2 (http://downloads.skullsecurity.org/passwords/fuzzing- strings.txt.bz2) (276 bytes)

n/a Thanks to Seth (http://xd- blog.com.ar/)!

PHPMyAdmin locations

phpmyadmin-locations.txt.bz2 (http://downloads.skullsecurity.org/passwords /phpmyadmin-locations.txt.bz2) (304 bytes)

n/a

Potential PHPMyAdmin locations. Thanks to Seth (http://xd- blog.com.ar/)!

Web extensions web-extensions.txt.bz2 (http://downloads.skullsecurity.org/passwords/web- extensions.txt.bz2) (117 bytes)

n/a

Common extensions for Web files. Thanks to dirb (http://www.open- labs.org/)!

Web mutations web-mutations.txt.bz2 (http://downloads.skullsecurity.org/passwords/web- mutations.txt.bz2) (177 bytes)

n/a

Common 'mutations' for Web files. Thanks to dirb (http://www.open- labs.org/)!

DirBuster (http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project#tab=Download) has some awesome lists, too -- usernames and filenames.

Facebook lists

These are the lists I generated from this data (http://www.skullsecurity.org/blog/?p=887). Some are more useful than others as password lists. All lists are sorted by commonness.

If you want a bunch of these, I highly recommend using the torrent (http://www.skullsecurity.org/blogdata /fbdata.torrent). It's faster, and you'll get them all at once.

Name Compressed Uncompressed Date Notes

Full names facebook-names-unique.txt.bz2 (http://downloads.skullsecurity.org/passwords/facebook- names-unique.txt.bz2) (479,332,623 bytes)

n/a

2010-08  

Full names - w/ count facebook-names-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords/facebook- names-withcount.txt.bz2) (477,274,173 bytes)

n/a

First names facebook-firstnames.txt.bz2 (http://downloads.skullsecurity.org/passwords/facebook- firstnames.txt.bz2) (16,464,124 bytes)

n/a

2010-08  

First names - w/ count facebook-firstnames-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords/facebook- firstnames-withcount.txt.bz2) (73,134,218 bytes)

n/a

Last names facebook-lastnames.txt.bz2 (http://downloads.skullsecurity.org/passwords/facebook- lastnames.txt.bz2) (21,176,444 bytes)

n/a

2010-08  

Last names - w/ count facebook-lastnames-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords/facebook- lastnames-withcount.txt.bz2) (21,166,232 bytes)

n/a

Passwords - SkullSecurity https://wiki.skullsecurity.org/index.php?title=Passwords

4 of 5 12/11/20, 3:05 AM

First initial last names facebook-f.last.txt.bz2 (http://downloads.skullsecurity.org /passwords/facebook-f.last.txt.bz2) (67,110,776 bytes)

n/a

2010-08   First initial last names - w/ count

facebook-f.last-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords/facebook- f.last-withcount.txt.bz2) (66,348,431 bytes)

n/a

First name last initial facebook-first.l.txt.bz2 (http://downloads.skullsecurity.org /passwords/facebook-first.l.txt.bz2) (37,463,798 bytes)

n/a

2010-08   First name last initial

facebook-first.l-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords/facebook- first.l-withcount.txt.bz2) (36,932,295 bytes)

n/a

Retrieved from "https://wiki.skullsecurity.org/index.php?title=Passwords&oldid=3203"

This page was last modified on 18 May 2015, at 23:53.

Passwords - SkullSecurity https://wiki.skullsecurity.org/index.php?title=Passwords

5 of 5 12/11/20, 3:05 AM