Dictionary file?

[VaeVictis]

im getting quite bored of looking for a really good one... i can get some in the multiple megabyte ranges, which considering its just a text file is pretty awesome... but i want hundreds of megabytes a more than youll ever need dictionary file... maybe even gigs if its possible

and no, i wont do anything illegal with it

anyone know of a really good one? or perhaps just have a really awesome one they can give me?

working on getting sweet rainbow tables too... but imo thats a little straight forward lol probably just gonna end up generating my own to fill up a 1TB external hard drive some day... or maybe a 3tb... hmm....

if you are gonna be a certified penetration tester you gotta be able to crack some fuckin passwords, and right now all my wordlists, dictionary files, and rainbow tables SUCK! -.- im stuck to social engineering, MITM attacks and exploiting broken code

actually had to use chntpw to wipe out some ones admin password locally the other day cause my rainbow tables couldnt even burn through a simple win7 password and john the ripper was taking far too long to brute force it on the fly and i HATE using chntpw cause you never recover the password and there is always a risk (although quite low) of corrupting the SAM hive

sorry... thread was half bitching long story short, OR TL;DR FOR YOU NOOBS! i need a kickass dictionary file lol

[quadz]

sudo apt-get install wamerican

[reaper]

Please take this constructively, because I think you are approaching this the wrong way, and I  will list a few options below.

Guessing the passwords is a trivial affair.  While a lot of brute forcing takes place, it's still just that. As well, it sticks out like a sore thumb.  You really should be one hell of a programmer if you want to get into something like penetration testing.

I'm not an expert in the field but software that takes control of execution maliciously will be harder and harder to make, but it will probably still exist.  This is due to programming languages that check destination buffers, and prevention of executing code on the stack etc.  Along with that, there are applications that simply take input improperly and allow you to do things you shouldn't like access a shell.  My guess is these crude vectors will remain open for some time.  These are the things you should be getting good at if you want to do something like penetration testing. 

There's no shortcut, and it's very hard work.  Bottom line is learn as much computer science as you can and program a lot.  I would say learn C super well, then assembly very well, then learn web applications (easy in comparision).  There is also a whole field in cryptography.  Protocol analyis is also good; see for example the recent "problems" in DNS, where you could poison cache (this is probably what I will spend a good amount of time on).

Yes things like brute forcing a password can be effective, along with SQL injection, but that's just skimming the top and  knowning just those vectors is not going to make you a good security expert.  Anyways, I"m very sure this is what you'd do if you wanted to do that job right.

Personally I"m a fan of learning the fundamentals, so check back with me in five years : ).

Soon enough the common password problem will be headed away.  You'll have something and know something.  Then you can try "input | /bin/cat /etc/passwd" but you will see the password hash shadowed.   From creating CGI scripts I'm sure people fuck these up, so I always use taint in Perl .  Also I know arp.exe in windows is probably vulnerable to something, maybe priviledge escalation.  I always get segmentation fault.

[VaeVictis]

reaper, you underestimate what i know already

the tools are getting very sophisticated, and i may not be a crazy skilled programmer but i do know programming to a point where i can exploit things at a hex or packet level

ive done exploits with custom packets using hping and such, and ive also done weird shit like make a batch file to run cmd.exe using mspaint... i also know how to very easily do arp cache poisoning in either windows or linux, and follow that up by "sidejacking" sessions or spoofing ssl certs and grabbing passwords and stuff... honestly this is all the simple stuff, i am always learning and plan to continue to learn as long as i can, im gonna try to get more low level networking knowledge next and grab my CCNA while im at it

i do have plans to learn C and C++ later down the line, possibly assembly, but coding isnt too much of an issue for me as modifying source code to have custom compiles of something like netcat or cryptcat doesnt exactly take a genius as you arent writing shit from scratch

i could probably write a page bout the stupid shit i know how to exploit i just wanted a word list, as if you are going to get far cracking windows systems, you better be able to crack some passwords... and ofc, first comes the dictionary file (of which i found a 35mb file... wondering if it will be good enough) and then comes rainbow tables, then comes a pure on the fly brute force, and if that doesnt work out too well, then if you have local access you can always hop in and wipe out passwords by editing the SAM file 

i have earned money cracking into systems (owned by the person paying me)

[reaper]

reaper, you underestimate what i know already

If you're unwilling to learn the concepts from computer science, and the programming languages I suggested in extreme detail, then you will not be good at the goal you noted.   It's not supposed to be easy, it's not even "normal" programming.  You are exploiting problems in the instruction set architecture and software design to gain access you shouldn't.  There really is no shortcuts, and it requires detailed knowledge.  You basically have to be not just a programmer, but a master programmer.

I will list a brief example.  To execute your code on a machine by talking to a service remotely (the common exploit):
You can't just modify the source code to show there's a working problem (what a security analysist should be able to do). You have to craft machine level instructions in such a way they get executed.  Basically, if you were starting from scratch you'd create a program to spawn a shell, disassemble it, create the opcodes in a way to be padded into the vulnerable input buffer and then get executed.  The execution changes to your code, because a stack is used to manage function based programming, and you have to put the data in the right place, so the operations on the stack take place by returing the pointer to execution to your code.  You have to overwrite the registers to point to your code.  Then there are protection mechnasims, and this is the easiest way to control execution.  Now do you really think you can write on exploit or are you just hitting buttons in backtrack?

[QwazyWabbit]

Guessing the passwords is a trivial affair.  While a lot of brute forcing takes place, it's still just that.

Oh really?

Here's an encrypted password: 035d732ca3f4f5d5cdcd68eec7e0fcbb

Now tell me what the original password is. I would love to see what if it's truly trivial to crack this.

[VaeVictis]

im not just hitting buttons or running scripts but im also not coding the tools myself, coding is becoming less and less of an issue for cracking

being an experienced coder helps, but limited coding knowledge wont stop me from doing a lot of stuff

i also do not claim to be a 1337 hax0r but im gettin there, coding is on my list of shit to do, but for the mean time its low on my list of priorities

im not aiming to crack into high dollar super computers by using 0 day exploits and shit lol

[reaper]

I should add, common passwords are a big problem, and you should know stuff like that.  But what good is that if you have a vulnerable CGI application and you can't find it.  Or what good is that if the boxes can be rooted?

[reaper]

Oh really?

Here's an encrypted password: 035d732ca3f4f5d5cdcd68eec7e0fcbb

Now tell me what the original password is. I would love to see what if it's truly trivial to crack this.

If the hash is not salted getting the input can be trivial with a rainbow table.  Also generally, brute forcing a common password is trivial.

[QwazyWabbit]

Oh really?

Here's an encrypted password: 035d732ca3f4f5d5cdcd68eec7e0fcbb

Now tell me what the original password is. I would love to see what if it's truly trivial to crack this.

If the hash is not salted getting the input can be trivial with a rainbow table.  Also generally, brute forcing a common password is trivial.

Do it. You have 24 hours.

[reaper]

I don't need to, that's how it works.  If the input isn't salted and in the table, then the hashed value will be found.

[QwazyWabbit]

I don't need to, that's how it works.  If the input isn't salted and in the table, then the hashed value will be found.

It's a simple password. You claim it's trivial to crack a password. Prove it.

[reaper]

If it is an md5 hash without a salt for input or anything else that would manipulate the hash value, then I will let it run until it does return the password.

[reaper]

At a glance that appears to be an md5 hash not cipher text.  Since it's not found online in a database, it's probably not a common password.  However, just because you store only the hash, doesn't mean the password isn't available.  It's in memory for a short time while it's hashed and matched.  I didn't mean it was trivial to guess passwords, I meant using brute forcing techniques is.

[QwazyWabbit]

You wrote:

Guessing the passwords is a trivial affair.  While a lot of brute forcing takes place, it's still just that.

You really don't know how passwords work, do you? MD5 hashes, 3DES, SHA256? You have 22 more hours to prove how trivial passwords can be guessed, cracked or brute forced. I don't care how you do it. Trivial, really, one doesn't even have to write or understand code. Just use someone else's tools and call yourself a penetration tester or a consultant. For my own part, I am even running a tool against the same item, just to see what happens.