About a year ago the weak pass project started. It’s never possessed to be “best from the best” or something like that, but made for only one purpose – dictionary that can be used for cracking that contains as much as possible wordlists at once. Without cracking with lots of wordlists and test “qwerty” and “password” again-again and again, the dictionary that contains tons of unique passwords. Also the main idea is to get fine results when you have no good hardware, GPU and much time.
Some history
First, there were so ideas:
- Make dictionary compilation.
- How many common passwords in dictionaries?
Because it was made for testing purposes, all site look like trash and dictionary were bad (there were ton’s of errors and never been used). Only one good feature was there – commonness in dictionaries. There was a statistic about how many `parts` of dictionaries were in each dictionary. Like (below just a sample):
rockyou.txt
| Has: | Is in: |
|---|---|
| 10mostcommon:100% | crackstation.txt: 73% |
| twitter_banned:90% | crackstation-human_only.txt: 70% |
| 500_worst:100% | InsideProFull:56% |
| hashkiller:10% |
Because of no practical usage, it was fully rebuilt.
There were made a lot of changes and improvements:
- Make dictionary compilation.
- Make wordlists stats that can be useful (pipal)
- Testing dictionaries – to see how good can be dictionary for hash recovering. It was very simple – get couple of hash lists and try to crack them with dictionary. After that calculate how many passwords were recovered.
- Make some side project for auto passwords collecting from various sources.
- Create wordlist that is more effective to WPA/WPA2 cracking (passwords with length 8 and more)
At the beggining there was some rule – add one dictionary each week.There was only one option to get weakpass – direct download and google drive(mostly for backup).
Fine presentation about weakpass:
The result wordlist contains about ~260 dictionaries and was really good for dictionary attacks. Especially in those cases when hashes were “fast” like md5, sha1, ntlm, netntlm and so on, it takes about a couple of minutes to get results.
It’s overall crack rating is 62.7% and size ~ 36 gb
After some time weakpass specially for wifi was made. It was the same as weakpass, but contains passwords from 8 to 32.
But there were some crucial disadvantages
- Size – it was really big and direct download is sometimes not an option.
- Tons of junk, that badly affected on recovery speed.
- Errors while in scripts, arhitecture and whole process.
- Many useless options.
weakpass_1
I tried to take into account the mistakes that were made during previous work and to make the project a global update.
What’s new:
- To reduce traffic load and disk space – everything were moved to dropbox
- List for testing was increased from ~8 to 50.
- Weakpass now contains passwords from 4 to 40 chars.
- Also it was splitted to parts – each part contains 200KK passwords.
- Result dictionary can be downloaded with dropbox, torrent and direct link.
- Removed some junk dictionaries.
- You can see on the main page the progress of dictionaries
As a result, weakpass_1 overall crack rating is 69.1% and size ~ 33 gb.
weakpass_wifi_1 overall crack rating is 45.4% and size ~ 31 gb.
UPD 1:
Few days after release, there were so much traffic that:
“This email is an automated notification from Dropbox that your Public links have been temporarily suspended for generating excessive traffic.”
Комментариев нет:
Отправить комментарий