snakersnk Posted October 6, 2015 Report Share Posted October 6, 2015 UsageUNIQPASS is a large password list for use with John the Ripper (JtR) wordlist mode to translate large number of hashes, e.g. MD5 hashes, into cleartext passwords. While we have had good success rate with our standard password list passwords.txt, we found that the list can be made more useful and relevant by including commonly used passwords from the recently leaked databases that have been made public. As a result, we have compiled millions of these unique passwords into UNIQPASS. Such list is especially handy for pentesters to perform comprehensive password audit and also for IT administrators to expose insecure passwords used by their users.SpecificationsVersion 15 released on January 10, 2015 with 243,779,397 entries1. For use with JtR wordlist mode with --rules set2. All passwords are unique and listed in sorted order according to their native byte values using UNIX sort command3. 192,916 of the passwords (UNIQPASS v1) came from English dictionary4. The remaining passwords were collected from leaked databases from various websites (including major sites e.g. Sony Pictures, Gawker)5. Max. password length is 30 characters long6. Password may consist of a-z, 0-9, spaces and special characters ` ~ ! @ # $ % ^ & * ( ) _ - + = { [ } ] | \ : ; " ' < , > . ? /7. UNIX end-of-line character is used as the newline character8. Trailing spaces, trailing tabs and NULL bytes have been removed from all passwords9. List compressed size is 435.8 MB, i.e. the downloadable size10. The total unmangled entries, 243,779,397, is based on UNIX wc -l outputPerformanceIn the following test, we compare the success rate of JtR wordlist cracking mode against a list of 551,638 MD5 hashes using our standard password list passwords.txt vs. UNIQPASS v15. We use JtR 1.8.0 community-enhanced version for this test. The hashes are passwords for accounts from several leaked databases published by LulzSec back in June 2011.$ john --format=raw-MD5 --wordlist=passwords.txt --rules hashes.txt..$ john --format=raw-MD5 --show hashes.txt..219722 password hashes cracked, 331916 leftpasswords.txt cracked 40% of the hashes using JtR wordlist mode with rules enabled.$ john --format=raw-MD5 --wordlist=uniq.txt --rules hashes.txt..$ john --format=raw-MD5 --show hashes.txt..515260 password hashes cracked, 36378 leftUNIQPASS v15 cracked 93% of the hashes using JtR wordlist mode with rules enabled.Upon completing a dictionary attack (wordlist mode), the next step is to resume the same session with JtR incremental mode leaving it to run for a couple hours or until we achieve a desirable yield. This can done with e.g. john --format=raw-MD5 --incremental --max-run-time=3600 hashes.txt.Recommended ToolsDepending on your use cases, we recommend one or more of the following password recovery tools for use with UNIQPASS:John the Ripper (JtR)Our current default tool to audit most of the leaked hashesJohn the Ripper password crackeroclHashcatDe facto standard GPU-based password crackeroclHashcat - advanced password recoveryhashcat-utilsUseful set of utilities to manipulate wordlisthashcat_utils [hashcat wiki]THC-HydraFast network logon crackerhttp://www.thc.org/thc-hydra/Cain & AbelPassword recovery tool for Microsoft Operating Systemsoxid.it - Cain & AbelAircrack-ng802.11 WEP and WPA-PSK keys cracking programhttp://www.aircrack-ng.orgKisMACWireless stumbling and security tool for Mac OS Xhttp://kismac-ng.orghttps://mega.nz/#!fccGiZ5B!xv-cSBa_bv4IWt2ozlxyg168Nl_Za4dm55QoYyKRhs4 Quote Link to comment Share on other sites More sharing options...