UNIQPASS v15 – Large password list

Usage

UNIQPASS is a large password list for use with John the Ripper (JtR) wordlist mode to translate large number of hashes, e.g. MD5 hashes, into cleartext passwords. While we have had good success rate with our standard password list passwords.txt, we found that the list can be made more useful and relevant by including commonly used passwords from the recently leaked databases that have been made public. As a result, we have compiled millions of these unique passwords into UNIQPASS. Such list is especially handy for pentesters to perform comprehensive password audit and also for IT administrators to expose insecure passwords used by their users.

Specifications

Version 15 released on January 10, 2015 with 243,779,397 entries
1.	For use with JtR wordlist mode with –rules set
2.	All passwords are unique and listed in sorted order according to their native byte values using UNIX sort command
3.	192,916 of the passwords (UNIQPASS v1) came from English dictionary
4.	The remaining passwords were collected from leaked databases from various websites (including major sites e.g. Sony Pictures, Gawker)
5.	Max. password length is 30 characters long
6.	Password may consist of a-z, 0-9, spaces and special characters ` ~ ! @ # $ % ^ & * ( ) _ – + = { [ } ] | \ : ; ” ‘ < , > . ? /
7.	UNIX end-of-line character is used as the newline character
8.	Trailing spaces, trailing tabs and NULL bytes have been removed from all passwords
9.	List compressed size is 435.8 MB, i.e. the downloadable size
10.	The total unmangled entries, 243,779,397, is based on UNIX wc -l output

Performance

In the following test, we compare the success rate of JtR wordlist cracking mode against a list of 551,638 MD5 hashes using our standard password list passwords.txt vs. UNIQPASS v15. We use JtR 1.8.0 community-enhanced version for this test. The hashes are passwords for accounts from several leaked databases published by LulzSec back in June 2011.

$ john --format=raw-MD5 --wordlist=passwords.txt --rules hashes.txt
..
$ john --format=raw-MD5 --show hashes.txt
..
219722 password hashes cracked, 331916 left

passwords.txt cracked 40% of the hashes using JtR wordlist mode with rules enabled.

$ john --format=raw-MD5 --wordlist=uniq.txt --rules hashes.txt
..
$ john --format=raw-MD5 --show hashes.txt
..
515260 password hashes cracked, 36378 left

UNIQPASS v15 cracked 93% of the hashes using JtR wordlist mode with rules enabled.

Upon completing a dictionary attack (wordlist mode), the next step is to resume the same session with JtR incremental mode leaving it to run for a couple hours or until we achieve a desirable yield. This can done with e.g. john –format=raw-MD5 –incremental –max-run-time=3600 hashes.txt.

More information can be found on: http://dazzlepod.com/uniqpass/