This document discusses a password collection called W3@|cP@$s. It contains dictionaries of passwords gathered from multiple sources on the internet. The document provides statistics on the number and types of passwords collected, such as the frequency of different character sets and length distributions. It also describes the features of the collection, including the ability to filter passwords, count totals, and check sample passwords. The collection contains over 3.5 billion passwords gathered using automated bots to find password dumps from sites like pastebin.com.

1. W3@|cP@$s
passwords, passwords never
changes
09/07/2015
DCG #7812
by
@w34kp455

2. What is it?
Defcon Russia (DCG #7812) 2

3. What is it?
1) Need more p@s$W0rdS
2) Dictionary bruteforce
3) Ultimate dictionary
– Duplicates remove
4) All in one place
Defcon Russia (DCG #7812) 3

4. What is it?
Too many dictionaries
Too little time
Defcon Russia (DCG #7812) 4

5. Features
• Source and Alt. links (+
drive/dropbox/mega)
• Passwords count
• Size
• Recovery rate
– Recovery rate to size
• Some samples ( for better
understanding)
Defcon Russia (DCG #7812) 5

6. Passpal?
Charset frequency, sorted by count, full table
+------------------------------------------------------------------------+
| Charset | Count | Of total | Count/keyspace |
+------------------------------------------------------------------------+
| lower-upper-numeric-symbolic | 24278 | 99.9547 % | 255.55789473684212 |
| lower-upper-numeric | 24228 | 99.7489 % | 390.7741935483871 |
| lower-numeric-symbolic | 23579 | 97.0769 % | 341.72463768115944 |
| lower-numeric | 23537 | 96.9039 % | 653.8055555555555 |
| lower-upper-symbolic | 4864 | 20.0255 % | 57.22352941176471 |
| lower-upper | 4835 | 19.9061 % | 92.98076923076923 |
| lower-symbolic | 4652 | 19.1527 % | 78.84745762711864 |
| lower | 4624 | 19.0374 % | 177.84615384615384 |
| upper-numeric-symbolic | 1148 | 4.7264 % | 16.63768115942029 |
| upper-numeric | 1139 | 4.6894 % | 31.63888888888889 |
| numeric-symbolic | 1107 | 4.5576 % | 25.74418604651163 |
| numeric | 1099 | 4.5247 % | 109.9 |
| upper-symbolic | 20 | 0.0823 % | 0.3389830508474576 |
| upper | 12 | 0.0494 % | 0.46153846153846156 |
| symbolic | 8 | 0.0329 % | 0.24242424242424243 |
+------------------------------------------------------------------------+
Defcon Russia (DCG #7812) 6
+----------------------------+
| Length | Count | Of total |
+----------------------------+
| 0 | 6 | 0.0247 % |
| 1 | 8 | 0.0329 % |
| 2 | 1 | 0.0041 % |
| 3 | 9 | 0.0371 % |
| 4 | 229 | 0.9428 % |
| 5 | 376 | 1.548 % |
| 6 | 2116 | 8.7118 % |
| 7 | 1550 | 6.3815 % |
| 8 | 17944 | 73.8771 % |
| 9 | 1044 | 4.2982 % |
| 10 | 589 | 2.425 % |
| 11 | 241 | 0.9922 % |
| 12 | 105 | 0.4323 % |
| 13 | 44 | 0.1812 % |
| 14 | 12 | 0.0494 % |
| 15 | 13 | 0.0535 % |
| 16 | 2 | 0.0082 % |
+----------------------------+
https://digi.ninja/projects/pipal.php
http://thepasswordproject.com/passpal

7. Passpal?
Charset frequency, sorted by count, full table
+------------------------------------------------------------------------+
| Charset | Count | Of total | Count/keyspace |
+------------------------------------------------------------------------+
| lower-upper-numeric-symbolic | 24278 | 99.9547 % | 255.55789473684212 |
| lower-upper-numeric | 24228 | 99.7489 % | 390.7741935483871 |
| lower-numeric-symbolic | 23579 | 97.0769 % | 341.72463768115944 |
| lower-numeric | 23537 | 96.9039 % | 653.8055555555555 |
| lower-upper-symbolic | 4864 | 20.0255 % | 57.22352941176471 |
| lower-upper | 4835 | 19.9061 % | 92.98076923076923 |
| lower-symbolic | 4652 | 19.1527 % | 78.84745762711864 |
| lower | 4624 | 19.0374 % | 177.84615384615384 |
| upper-numeric-symbolic | 1148 | 4.7264 % | 16.63768115942029 |
| upper-numeric | 1139 | 4.6894 % | 31.63888888888889 |
| numeric-symbolic | 1107 | 4.5576 % | 25.74418604651163 |
| numeric | 1099 | 4.5247 % | 109.9 |
| upper-symbolic | 20 | 0.0823 % | 0.3389830508474576 |
| upper | 12 | 0.0494 % | 0.46153846153846156 |
| symbolic | 8 | 0.0329 % | 0.24242424242424243 |
+------------------------------------------------------------------------+
Defcon Russia (DCG #7812) 7
+----------------------------+
| Length | Count | Of total |
+----------------------------+
| 0 | 6 | 0.0247 % |
| 1 | 8 | 0.0329 % |
| 2 | 1 | 0.0041 % |
| 3 | 9 | 0.0371 % |
| 4 | 229 | 0.9428 % |
| 5 | 376 | 1.548 % |
| 6 | 2116 | 8.7118 % |
| 7 | 1550 | 6.3815 % |
| 8 | 17944 | 73.8771 % |
| 9 | 1044 | 4.2982 % |
| 10 | 589 | 2.425 % |
| 11 | 241 | 0.9922 % |
| 12 | 105 | 0.4323 % |
| 13 | 44 | 0.1812 % |
| 14 | 12 | 0.0494 % |
| 15 | 13 | 0.0535 % |
| 16 | 2 | 0.0082 % |
+----------------------------+
https://digi.ninja/projects/pipal.php
http://thepasswordproject.com/passpal

8. Features
Defcon Russia (DCG #7812) 8
Passwords:
• digits?
• Lowercase chars?
• …
• Some kind of profit
Also
1) Count
2) % from total count

9. Features
Defcon Russia (DCG #7812) 9

10. Features
Defcon Russia (DCG #7812) 10

11. Features
Defcon Russia (DCG #7812) 11

12. Rates
Defcon Russia (DCG #7812) 12

13. Rates
Defcon Russia (DCG #7812) 13

14. Spec. lists
Defcon Russia (DCG #7812) 14

15. Results!
Defcon Russia (DCG #7812) 15
• ~3.5 billions of passwords (5
– 32 symbols)
• Wi-Fi spec. dictionary ( 8 –
32)
• ~ 5TB downloaded (some
kind of win)
• In most cases everything can
be cracked!

16. FIALS!
Defcon Russia (DCG #7812) 16
1) Toooo big
– 40 gigs ? Really?
– Hard to get (no
torrent yet)
2) Junk dictionaries
– Too slow with
complex rules
• But still rulez

17. Bicycles
Defcon Russia (DCG #7812) 17
Trade-off is everything!
• CPU
• MEM
• HD
• …
• Only 3.5!

18. Future?
Defcon Russia (DCG #7812) 18
1) Junk remove
2) Smaller and tougher
3) Rules for dictionaries (spec. lists)
4) Online `hash` check
5) Hashcat masks
– Even more info

19. Passwords! Need More!
Defcon Russia (DCG #7812) 19

20. Psbdmp
Defcon Russia (DCG #7812) 20

21. What?
Defcon Russia (DCG #7812) 21

22. What?
Defcon Russia (DCG #7812) 22
1) Collect dumps, leaks from different resources
2) Fully automatic
3) Own bot(s) with bugs and vulnerabilities
So what is it was and what is it now?

23. History
Defcon Russia (DCG #7812) 23
Pastebin.com only
• Full access to dumps
• Dull bot
• Moderation (
• Search?
Purpose: passwords!

24. Result
Defcon Russia (DCG #7812) 24

25. History
Defcon Russia (DCG #7812) 25
1) Registration!
2) Updated bot(s)! ( less FP )
3) Added description : GAMES, site , pron and etc
4) Email for abuses.
5) Daily data
6) Twitter informing!

26. History
Defcon Russia (DCG #7812) 26

27. Result
Defcon Russia (DCG #7812) 27

28. Result
Defcon Russia (DCG #7812) 28

29. History
• More bots!
• No access before registration!
• Search!
• Added new bots ( pastebin.ca, tinypaste.com)
Defcon Russia (DCG #7812) 29

30. Now
Defcon Russia (DCG #7812) 30
1) Subscriptions
2) Moderation
3) Search
4) Free

31. Dumps
Defcon Russia (DCG #7812) 31

32. Dumps
Defcon Russia (DCG #7812) 32

33. Same?*
Defcon Russia (DCG #7812) 33

34. Features!
Defcon Russia (DCG #7812) 34

35. End?
Defcon Russia (DCG #7812) 35
w3akpass@yahoo.com (lol)
https://twitter.com/w34kp455