ULM Replacement ?
#1
I am a long time user of Blazers excellent program called ULM. It is by far the best password list manager I have ever found. I was involved in making many feature requests and bug tests for it during its development which Blazer very kindly tolerated. Unfortunately Blazer moved on to other things and has stopped development of ULM, it was a very sad day for me when that happened as ULM was making good progress.

I think it is fair to say that ULM does suffer from its fair share of bugs and little problems. I have until now managed to work round these little “characteristics” but lately I am using larger and larger lists with a more demanding and critical eye and ULM has pretty much reached the end of its usefulness to me.

So I went on a hunt to find anything remotely similar to use on a windows machine and I was disappointed to discover there is still nothing that comes close. There are commercial programs but they are still not useful enough to replace ULM and things become “difficult” when you present a bug report that their software cannot handle a multi gigabyte text file. Many awkward and difficult questions are often asked as to why I would need text files of that size and the conversation usually goes down hill from that point !

As I am not really experienced enough with computers I don’t really know where to go to make any progress. I thought about asking on programming sites to see if anyone wished to take it up as a hobby project but I am a little embarrassed to mention the need for these huge lists !!! Big Grin

Does anyone know any programming sites that are perhaps a little more open minded about subjects like this ?

Perhaps someone here would like to take up the project ? Or even make it a hashcat community project ?

Anyway here is a link to the best password list manager there is currently, I am sure you will find it useful.

Download ULM

.
Reply
#2
Hello, first post on these forums! Thanks for the General Talk section I think it's a great idea especially for shy people like me.

Have you tried l517? It's for Windows but the author states it should work fine under Wine (performance might take a hit working with huge lists though). It doesn't seem as complete as ULM but it's worth a try.

I've been out of the loop for a couple years and I'm getting back up to date with the new wordlists and all (will be getting new computer soon Smile). Back then I always used Unix commands since they're simply the fastest and most reliable. This all comes from reusable security, an awesome blog I used to follow. Worth a read even though it's inactive (though you all probably know it).

All super basic stuff taken mostly from reusec and around the web. This is my little help file I use when working with dicts.

Occurrence sorting:
cat file.txt | sort | uniq -c | sort -nr > sorted.txt

Merge files:
aspell dump master > custom-wordlist
cat /usr/share/john/password.lst >> custom-wordlist
cat /usr/share/dict/american-english* >> custom-wordlist

Count words:
wc -l custom-wordlist

Lower case everything:
tr A-Z a-z < custom-wordlist.txt > custom-wordlist_lowercase

Remove duplicates:
sort -u custom-wordlist_lowercase > custom-wordlist_lowercase_nodups

Making a dictionary from a text:
cat KJbible/* | tr -cs A-Za-z '\012' | tr A-Z a-z | sort | uniq

Remove any line lower or equal to the character length (N), and pipe into a file:
awk 'length > N' dictionary.txt > new_dictionary.txt

Feel free to laugh, or suggest better/more ways to work with the dict files using Unix commands (I'm sure you guys do great stuff with grep). Have a good day!
Reply
#3
Hi Socapex

Welcome to the forum and what a great first post !

I am also very pleased you have joined as this is the first day of this new section and I was worried I would be talking to myself !!!

Yes I have tried l517, but it cannot handle what I need and it has very few features compared to ULM.

To be honest ULM has everything I want, if it would just work properly !!!! I am helping bug test a different project just now but I will reply better to your post when I have read it properly and tried a few things out.

Its turning into a full time job testing !!!! Big Grin

Anyway great post and I hope you hang around.

EDIT...

I almost forgot, as you are getting back into word lists etc again after some time away have you seen my post with links to lists here ?
Reply
#4
I have been experimenting with uniq.exe within UnxUpdates in windows and I am a little confused.

I tried uniq.exe like this...

uniq.exe -u test.txt

My test file has the following text ...

Code:
a
a
a
a
s
d
f
g
h

The output was ...

Code:
s
d
f
g
h

I was expecting to remove some a's but not all of them !! I expected ...

Code:
a
s
d
f
g
h

There doesn't seem to be anything about it in the --help of uniq.exe.
Reply
#5
This is not a scripting forum, but...
uniq's -u option is used when only unique lines are to be kept.
Try:
Code:
uniq test.txt
Note that uniq won't work probably if the file wasn't sorted.

So you better stick with:
Code:
sort -u test.txt
Reply
#6
Ah I see, thank you M@LIK, you worked it out as usual !!! ... totally my fault.

(06-10-2012, 01:07 PM)M@LIK Wrote: This is not a scripting forum, but...

It is now, we are in the "General" section !! ha ha Big Grin
Reply
#7
If anyone wants to see the results from the code above on their HUGE text files then this viewer is just about the only one that can open anything.

Its slow but it does get there in the end.
Reply
#8
Hey there, I did see your wordlist post and it helped me getting back up and running A LOT! Thanks so much for that Smile

I thought you were on Linux, sorry about that. What the Occurrence sorting does is it sorts the file alphabetically (uniq on Unix needs this), then makes everything unique and adds the number of times it removed a line in front of the line, then it sorts it again so the most used passes are on top. Here's an example:

Code:
test
test1
test
whatever
test
whatever

becomes:

Code:
3 test
2 whatever
1 test1

Then you can use Textwrangler or another specialized text editor to remove the numbers in front. For example, Rockyou's first lines look like this:

Code:
290729 123456
79076 12345
76789 123456789
59462 password
49952 iloveyou
33291 princess

Hope this clarifies, but probably doesn't help since your running windows Sad I will definitely keep an eye open. I also wish to try ULM eventually, it looks awesome!

P.S. Gotta love 33291 princess... lol!
Reply
#9
That's very interesting, thanks for the explanation.

The occurrence sorting makes much more sense now you have explained it, it is actually quite useful for analysis.

I do "dabble" with Linux but as a humble user I find it long winded typing in all the commands and trying to remember everything. If I need to just get something done I start Windows. (runs off to shelter from abuse) Big Grin

A password list manager or cleaner is really important, if you take a look though most downloadable word lists they are full of junk. This isn't so bad if you are testing quick algorithms but it is a nightmare waste of time if you are tackling WPA.

I found I got very good results with ULM using its regular expressions feature. I am not sure how I would use regular expressions without ULM, anyone know ?

Anyway thanks again and if either of us find a better solution than ULM we should post back here !

Quote:P.S. Gotta love 33291 princess... lol!

Oh, 33291 princess, has had plenty of love, why do you think she is called 33291 !!! Big Grin
Reply
#10
I'm just getting into sed & grep right now, might be posting some more stuff. But it kinda sucks if they're not available on windows :/. Sed uses regular expressions (I just removed leading & trailing whitespaces, then removed the occurrence numbers and the extra white space from a heavily fragmented list). I don't want to flood this forum with unusefull Unix commands though. If you feel like it I'll make a little thread on "How to extract passwords from files that have ALL the users' info inside, without looking much." Big Grin

BTW I use linux on a VM and not so often. I do use OS X, but please don't throw stuff at me. It's nice because it uses bash and has many Linux tools. Of course have a Windows 7 boot Big Grin I would bet Windows has best GPU performance, can't wait to get a new rig to test that out!

I have to say, grep and sed are really powerful tools (grep is available for windows I think, maybe even sed!).

And I agree, princess got too much love! How about 7780 ...

Yes thats Seven thousand, seven hundred and eighty whitespaces lol. Something is wrong with this list!? Or my beginnings with sed...

Cheers
Reply