To name just a few companies, VK, µTorrent, and ClixSense all suffered significant data breaches at some point in the past. The leaked password databases from those and other online sites can be used to understand better how human-passwords are created and increase a hacker's success when performing brute-force attacks.
In other articles, we'll cover generating wordlists for use in password-cracking. But here, we'll learn how to create wordlists of statistical complexity and length based on actual passwords found in database leaks that occurred in recent years. Understanding how average, every-day people think about passwords will aid hackers during password-guessing attacks and greatly increase the statical probability of the success of the brute-force attacks.
Disclaimer
The leaked databases featured in this article were obtained using public and darknet resources. The databases are all at least four years old. This was intentional and would ensure that this article would harm no victim of these leaks as they've had an opportunity to reset their passwords. Also, passwords used in 2016 would still provide excellent datasets for understanding how people create passwords today.
What Makes a Good Password List?
Realistically, it's not possible to brute-force an SSH service or web login with a list of five million passwords. An attack like that would set off all kinds of alarms and take an incomprehensible amount of time to complete.
Some may believe that massive, comprehensive, 100 GB wordlists are common and often utilized by hackers. However, we'll learn that small targeted and fine-tuned wordlists will usually get t ..
Support the originator by clicking the read the rest link below.
