I’ve been following the progress of the Web Exploitation Framework (wXf) for a while. It’s a cool idea with a ton of potential.
Recently cktricky has been putting out some great tutorials on using buby to extend and interact with Burp through wXf. The posts illustrate some of the flexibility of buby and just how easy it can be to integrate with wXf. I wanted to give it a try and thought I’d put a new spin on an old idea.
So, I went about implementing a custom wordlist creation module that would utilize the response data from the proxy history to pull words out of h1-h5, p, span, and title tags.
There are tools that produce a similar result, however they usually require that the tool spider the site. Spidering is far from perfect and when I’m assessing a web application I make a point of clicking every link and discovering every page manually. Why not use the information I already have?
The user can specify a minimum word length and gets output sorted and uniqued. Find the latest module here.
There’s nothing too fancy here, but I it might be useful. Git pull the wXf, play with buby, write some modules and have fun!
Check out the buby posts over at Attack Research Blog.
Code, passwords buby, passwords, ruby, wXf
Here are a few cleaned up wordlists from the sownage files. There are more than a few throwaways in use here, but it still might be worth a run in a few specific situations.
From the “Beauty Users” file, which contains 20,912 records:
| Rank |
Password |
Count |
| #1 |
winner |
90 |
| #2 |
password |
73 |
| #3 |
123456 |
72 |
| #4 |
purple |
57 |
| #5 |
9452 |
31 |
| #6 |
contest |
27 |
| #7 |
princess |
24 |
| #8 |
shadow |
24 |
| #9 |
peanut |
23 |
| #10 |
cookie |
21 |
Sorted and uniqued passwords only here.
From the “Delboca Users” file, which contains 17,786 records:
| Rank |
Password |
Count |
| #1 |
seinfeld |
107 |
| #2 |
password |
50 |
| #3 |
123456 |
32 |
| #4 |
winner |
31 |
| #5 |
sweeps |
25 |
| #6 |
bosco |
22 |
| #7 |
jerry |
17 |
| #8 |
kramer |
17 |
| #9 |
ginger |
16 |
| #10 |
princess |
15 |
Sorted and uniqued passwords only here.
From the “Netherlands” file, which contains 596 records:
| Rank |
Password |
Count |
| #1 |
foto4U2 |
113 |
| #2 |
FOTO4U2 |
6 |
| #3 |
foto26 |
4 |
| #4 |
foto4U |
4 |
| #5 |
Pr0mO4U |
4 |
| #6 |
foto30 |
3 |
| #7 |
foto25 |
3 |
| #8 |
foto10 |
3 |
| #9 |
foto35 |
3 |
| #10 |
HLN |
2 |
Sorted and uniqued passwords only here.
Go follow @LulzSec on twitter for more information on when the Lulz Boat might be making another run.
UPDATE: About 2 hours after my initial post my RSS reader brought me Troy Hunt’s A brief Sony password analysis. This post has quite a bit more substance and I recommend checking it out.
passwords, Security News passwords, sony, wordlists
