Did a really quick analysis of the Forbes password hashes leaked by the Syrian Electronic Army earlier. From the 1,071,734 password hashes that hashcat recognised as WordPress, 2713 were cracked in about 30 minutes.
There were no switches, GPUs, rules or anything used.. I just used the unedited top 25 passwords taken from the top 10,000 list published by Mark Burnett (xato.net). -> blog post here
The results show that 975 people have 123456 as a password.. some things never change! Top 25 cracked hashes follow:
fully@SQ:~/hc$ cat forbescracked.txt|cut -d : -f 2| sort|uniq -c|sort -r -n
975 123456
534 password
159 qwerty
147 12345678
146 abc123
111 111111
75 letmein
66 monkey
64 baseball
62 1234567
50 shadow
35 michael
32 jordan
31 dragon
29 superman
29 master
28 mustang
28 football
25 harley
23 jennifer
22 696969
21 12345
18 1234
2 2000
1 pussy
There were no switches, GPUs, rules or anything used.. I just used the unedited top 25 passwords taken from the top 10,000 list published by Mark Burnett (xato.net). -> blog post here
The results show that 975 people have 123456 as a password.. some things never change! Top 25 cracked hashes follow:
fully@SQ:~/hc$ cat forbescracked.txt|cut -d : -f 2| sort|uniq -c|sort -r -n
975 123456
534 password
159 qwerty
147 12345678
146 abc123
111 111111
75 letmein
66 monkey
64 baseball
62 1234567
50 shadow
35 michael
32 jordan
31 dragon
29 superman
29 master
28 mustang
28 football
25 harley
23 jennifer
22 696969
21 12345
18 1234
2 2000
1 pussy
