wordlist recommendation for rule-based attack
#1
Example: time to go through a 1 billion wordlist dic attack takes 1 hour.

Based on a rule-base attack, for each single "function" it would therefore take 1 hour to go through the entire wordlist.

So for a rule-based file with lets say 64 functions, that's 64 hours, on a worst case scenario...

Is there a recommended dic file / rule file to have the best chances of statistical discovery??
#2
The best wordlist is the one with the password in it. There is no "perfect" one.
#3
I think you missed my point. I am trying to find the "best bang for the buck" wordlist which will get the best statistical results vs the number of words it has. I am obviously not looking for a "perfect" password list, and very well aware it does not exist.
#4
It always depends on what you are trying to crack. You obviously need a different wordlist for a fast hashing scheme like md5 than you would need for eg WPA. Also it is well worth building specialized wordlists for your target, covering words from the thematic range the hashes originate from.

You seem to be looking for a rather small wordlist. For something generic have a look at the phpbb wordlist.
#5
Yes well the plan is to run through all the dic files first, and then follow up with the combinator / rule attacks, but obviously if I use a large dic with the best64 rule file for example, that would take a long time.

A generic wordlist to quickly run against a multiple rule files is the goal here, because imagine running a combinator attack with 2 dic of 15 GB each (1.2 billion words)
#6
Some research into human password habits like appending 198x, 19xx, 2014, 2015 to the words with a rule for example, would help out in this case.

Also scouring the web for some more password lists and then using "sort", assuming you are on linux, to strip out all the duplicates (and words <8 characters for WPA). You can also use "cewl" to harvest unique <8 character words from websites if your target is a company. You can use "crunch" to create your own password list too.

These things will give you an overall higher quality list to work with. You can also sell some stuff laying around you don't need on Craigslist and use that money to buy an additional GPU cutting your time in half and "best bang for you buck". Maybe borrow another GPU from a friend. Maybe the extra GPU you did buy has a return policy of 30 days or 90 days and it didn't suit your needs or it became defective and you had to return it (just kidding, don't abuse this)
#7
After some research, it seems the rockyou dictionary and best64, rockyou-30000 rule files are the best combination so far.
#8
Disagree. Rockyou dictionary is nice but far not the best. The Hashkiller Output Wordlist combined with rockyou-30000 and best 64 is the best precompiled dictionary i've found yet. You can still do better but it already rocks a lot. And who knows, maybe it contains the Rockyou list anyway Wink

Though logistix is right, you need to know what and who you attack. Real password lists are fine to get a lot pwds fast, but depending on whom you wanna attack, constructed word lists with normal words of lots of languages (+real names, surnames, cities etc. you name it) combined with clever rules can be much more effective to cover all sorts of common password contructions. It's just a wide field and, disagree with logistix, by far more worth than stuffing another GC in your rack.

There is a very good explanation I think by philsmd how he thinks a good wordlist should be build and how you do that. But I'm too lazy to look for it now, you find it somewhere here in the forum.

Personally I didn't try princeprocessor yet and have it on my task list. Curious how it compares to a "normal" pattern of attack methods.
#9
I'll cut the BS.

- Hashes.org "founds"
- Scrape as many usernames as you can
- Scrape forums like InsidePro
- Compile small and good wordlists, RockYou, 10k most common etc
- Compile passwords and usernames from combo lists
- Get username from emails

The list goes on and on, use your imagination. That's what I did.