Eikonal Blog

2010.07.13

Stages of checking password crackability

  1. Check if password is empty.
  2. Check if password is equal to the username.
  3. For system (or application) provided accounts, use the Google to find default passwords provided by manufacturers’, and test them against these accounts on your system(s).
  4. Check if password is in the custom assembled corporate dictionary.
  5. Check if password is in the selected language’s dictionary. (see: https://eikonal.wordpress.com/2010/03/29/default-passwords/)
  6. Check if password is a dictionary word + one digit.
  7. Check if password is an 311tized word.
  8. Is password the concatenation of multiple words.
  9. Check in the database of precomputed password hashes.
  10. Desperate measure: brute force cracking.

2010.03.29

Default passwords, wordlist and Rainbow tables

Filed under: infosec — Tags: , , , , — sandokan65 @ 15:07

Default password lists:

Word lists and dictionaries:

Rainbow tables


Related here: John the Ripper – https://eikonal.wordpress.com/2010/05/25/john-the-ripper/

Blog at WordPress.com.