Wednesday, May 9, 2012

PowerShell Password Fun

Yesterday, there was a bit of hype about five pastebin posts that appeared to be 55K twitter usernames and passwords.  The passwords turned out to be old, repetitive and mostly available in other dumps. However, as explained in a previous post, all passwords are important.

Here are the links in case you would like to look at them:


In order to analyze these passwords, I downloaded the five lists into a single file named twitter_passwords.txt.  Next, I used the following PowerShell one-liner to output the more complex passwords in the list:

((gc .\twitter_passwords.txt | %{$_.split(':')[1]} | sort -unique) -cmatch "^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[\x21-\x2F\x3A-\x40\x5B-\x60\x7B-\x7F]).{10,50}$")


First, we use the get-content cmdlet (gc is an alias) to pipe the contents of twitter_passwords.txt to foreach ("%" is an alias) which is splitting based on ":".  The results are then sorted with only unique strings (this should be moved to the end for larger lists to avoid the issues described here).  The next bit uses regular expressions to trim the list to those strings that are at least 10 characters (less than 50) with at least one upper, one lower, one number and a special character. Thanks Matt for suggesting the use of hex to save a lot of time and headache.

The disappointing output:
88455036.Ass
Bolinha@2008
Bruno&58236280
Cristal!89
F@tern2010
FLLAvyio@123
Frida2009$
Luis_carlos9
Mayr@2829
UNC**lab2007

Looking at these passwords, the only useable pattern that jumps out is the use of years.  I added them to my dictionary, but hopefully the one-liner is useful in the future.  Of note, some applications like OpManager don't allow special characters in passwords so this list might be useful.

-Chris

1 comment:

  1. The powershell foo is strong with this one.

    ReplyDelete