Friday, January 16, 2009

Downadup's Password Cracking List

This week it was reported that the Downadup worm (also known as Conficker) has infected 3.5 million Windows machines, according to data gathered by security company F-secure. One the ways the worm tries to propagate is by guessing account passwords on the victim machine.

F-secure has a write-up on the worm which includes the list of passwords that it checks (reproduced below). The list of just over 180 passwords candidates contains the usual suspects - the username for the account, repeated digits, qwerty, admin, password and pass1, pass12, pass123. Given that the worm has successfully infected such a large number of machines, this password guessing stragegy must be quite effective. So weak passwords are still letting us down.

(Added April 2nd, 2009: you can see a nice graphic of this password list at Graham Cluley's blog).
  • [username]
  • [username][username]
  • [reverse_of_username]
  • 00000
  • 0000000
  • 00000000
  • 0987654321
  • 11111
  • 111111
  • 1111111
  • 11111111
  • 123123
  • 12321
  • 123321
  • 12345
  • 123456
  • 1234567
  • 12345678
  • 123456789
  • 1234567890
  • 1234abcd
  • 1234qwer
  • 123abc
  • 123asd
  • 123qwe
  • 1q2w3e
  • 22222
  • 222222
  • 2222222
  • 22222222
  • 33333
  • 333333
  • 3333333
  • 33333333
  • 44444
  • 444444
  • 4444444
  • 44444444
  • 54321
  • 55555
  • 555555
  • 5555555
  • 55555555
  • 654321
  • 66666
  • 666666
  • 6666666
  • 66666666
  • 7654321
  • 77777
  • 777777
  • 7777777
  • 77777777
  • 87654321
  • 88888
  • 888888
  • 8888888
  • 88888888
  • 987654321
  • 99999
  • 999999
  • 9999999
  • 99999999
  • a1b2c3
  • aaaaa
  • abc123
  • academia
  • access
  • account
  • Admin
  • admin
  • admin1
  • admin12
  • admin123
  • adminadmin
  • administrator
  • anything
  • asddsa
  • asdfgh
  • asdsa
  • asdzxc
  • backup
  • boss123
  • business
  • campus
  • changeme
  • cluster
  • codename
  • codeword
  • coffee
  • computer
  • controller
  • cookie
  • customer
  • database
  • default
  • desktop
  • domain
  • example
  • exchange
  • explorer
  • files
  • foobar
  • foofoo
  • forever
  • freedom
  • games
  • home123
  • ihavenopass
  • Internet
  • internet
  • intranet
  • killer
  • letitbe
  • letmein
  • Login
  • login
  • lotus
  • love123
  • manager
  • market
  • money
  • monitor
  • mypass
  • mypassword
  • mypc123
  • nimda
  • nobody
  • nopass
  • nopassword
  • nothing
  • office
  • oracle
  • owner
  • pass1
  • pass12
  • pass123
  • passwd
  • Password
  • password
  • password1
  • password12
  • password123
  • private
  • public
  • pw123
  • q1w2e3
  • qazwsx
  • qazwsxedc
  • qqqqq
  • qwe123
  • qweasd
  • qweasdzxc
  • qweewq
  • qwerty
  • qwewq
  • root123
  • rootroot
  • sample
  • secret
  • secure
  • security
  • server
  • shadow
  • share
  • student
  • super
  • superuser
  • supervisor
  • system
  • temp123
  • temporary
  • temptemp
  • test123
  • testtest
  • unknown
  • windows
  • work123
  • xxxxx
  • zxccxz
  • zxcvb
  • zxcvbn
  • zxcxz
  • zzzzz

1 comment:

Anonymous said...

Those are only positive password use not totally cracking.


Laby[linen suits for men]