diff --git a/.gitignore b/.gitignore index 9a4aeb302..bb80045e0 100644 --- a/.gitignore +++ b/.gitignore @@ -15,3 +15,5 @@ secgen.conf modules/encoders/compression/huffman/tmp .rakeTasks modules/**/Gemfile.lock +modules/generators/network/pcap/files/packet.pcap +lib/resources/images/scenario \ No newline at end of file diff --git a/Gemfile b/Gemfile index bc9ba0183..df606e27e 100644 --- a/Gemfile +++ b/Gemfile @@ -33,6 +33,7 @@ gem 'ruby-graphviz' gem 'rsa' gem 'gpgmeh' gem 'digest-sha3', :git => "http://github.com/izetex/digest-sha3-ruby" +gem 'packetfu' #development only gems go here group :test, :development do diff --git a/Gemfile.lock b/Gemfile.lock index 214c26f37..1d2fd36da 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -91,6 +91,9 @@ GEM nori (2.6.0) ovirt-engine-sdk (4.2.4) json (>= 1, < 3) + packetfu (1.1.11) + pcaprub (~> 0.12) + pcaprub (0.12.4) pg (1.1.3) process_helper (0.1.2) puppet (6.0.0) @@ -162,6 +165,7 @@ DEPENDENCIES nokogiri nori ovirt-engine-sdk + packetfu pg process_helper programr! diff --git a/README-Creating-Bases.md b/README-Creating-Bases.md index f84c11f53..e2cada5eb 100644 --- a/README-Creating-Bases.md +++ b/README-Creating-Bases.md @@ -1,6 +1,6 @@ # Creating new SecGen bases -We encourage you to use the existing bases when developing scenarios. Introducing new base boxes require careful thought and testing of modules for compatibility. This guide is mostly indended for those who wish to extend SecGen onto further VDI platforms (in addition to VirtualBox, and oVirt), which involves recreating our existing base images on these other platforms. +We encourage you to use the existing bases when developing scenarios. Introducing new base boxes require careful thought and testing of modules for compatibility. This guide is mostly intended for those who wish to extend SecGen onto further VDI platforms (in addition to VirtualBox, and oVirt), which involves recreating our existing base images on these other platforms. When creating base images for SecGen, follow [guidelines on creating Vagrant base boxes](https://www.vagrantup.com/docs/boxes/base.html), with these additional considerations. @@ -15,8 +15,12 @@ When creating base images for SecGen, follow [guidelines on creating Vagrant bas Install VM guest tools software, to enable copy-paste between VMs, graphics, etc. +## Updating repository certificates + Occasionally we apt-get update; apt-get upgrade. This can be required to avoid package repo certificates from expiring; however, this does run the risk of breaking modules. +Alternatively, it may be possible to update the keys without updating other software: `sudo apt-key update` + ## Avoid SecGen leaving extra files on the VMs You should have these directories mounted as tmpfs, so that the files used by Vagrant to provision the VMs (including puppet files, SecGen module names, etc), don't get accidentally left on the VMs that are generated. - /tmp/ @@ -41,5 +45,5 @@ history -c history -w ``` -Finally package to upload: -vagrant package --base vmname --output packaged.box +Finally, on the host, package to upload: +`vagrant package --base vmname --output packaged.box` diff --git a/lib/helpers/constants.rb b/lib/helpers/constants.rb index 91a60ad14..5f5fc865d 100644 --- a/lib/helpers/constants.rb +++ b/lib/helpers/constants.rb @@ -44,6 +44,7 @@ WORDLISTS_DIR = "#{ROOT_DIR}/lib/resources/wordlists" LINELISTS_DIR = "#{ROOT_DIR}/lib/resources/linelists" BLACKLISTED_WORDS_FILE = "#{ROOT_DIR}/lib/resources/blacklisted_words/blacklist.txt" IMAGES_DIR = "#{ROOT_DIR}/lib/resources/images" +PASSWORDLISTS_DIR = "#{ROOT_DIR}/lib/resources/passwordlists" # Path to build puppet modules STDLIB_PUPPET_DIR = "#{MODULES_DIR}build/puppet/stdlib" diff --git a/lib/resources/passwordlists/jtrpassword.lst b/lib/resources/passwordlists/jtrpassword.lst new file mode 100644 index 000000000..588c64e74 --- /dev/null +++ b/lib/resources/passwordlists/jtrpassword.lst @@ -0,0 +1,3559 @@ +#!comment: This list has been compiled by Solar Designer of Openwall Project +#!comment: in 1996 through 2011. It is assumed to be in the public domain. +#!comment: +#!comment: This list is based on passwords most commonly seen on a set of Unix +#!comment: systems in mid-1990's, sorted for decreasing number of occurrences +#!comment: (that is, more common passwords are listed first). It has been +#!comment: revised to also include common website passwords from public lists +#!comment: of "top N passwords" from major community website compromises that +#!comment: occurred in 2006 through 2010. +#!comment: +#!comment: Last update: 2011/11/20 (3546 entries) +#!comment: +#!comment: For more wordlists, see http://www.openwall.com/wordlists/ +123456 +12345 +password +password1 +123456789 +12345678 +1234567890 +abc123 +computer +tigger +1234 +qwerty +money +carmen +mickey +secret +summer +internet +a1b2c3 +123 +service + +canada +hello +ranger +shadow +baseball +donald +harley +hockey +letmein +maggie +mike +mustang +snoopy +buster +dragon +jordan +michael +michelle +mindy +patrick +123abc +andrew +bear +calvin +changeme +diamond +fuckme +fuckyou +matthew +miller +tiger +trustno1 +alex +apple +avalon +brandy +chelsea +coffee +falcon +freedom +gandalf +green +helpme +linda +magic +merlin +newyork +soccer +thomas +wizard +asdfgh +bandit +batman +boris +butthead +dorothy +eeyore +fishing +football +george +happy +iloveyou +jennifer +jonathan +love +marina +master +missy +monday +monkey +natasha +ncc1701 +pamela +pepper +piglet +poohbear +pookie +rabbit +rachel +rocket +rose +smile +sparky +spring +steven +success +sunshine +victoria +whatever +zapata +8675309 +amanda +andy +angel +august +barney +biteme +boomer +brian +casey +cowboy +delta +doctor +fisher +island +john +joshua +karen +marley +orange +please +rascal +richard +sarah +scooter +shalom +silver +skippy +stanley +taylor +welcome +zephyr +111111 +aaaaaa +access +albert +alexander +andrea +anna +anthony +asdfjkl; +ashley +basketball +beavis +black +bob +booboo +bradley +brandon +buddy +caitlin +camaro +charlie +chicken +chris +cindy +cricket +dakota +dallas +daniel +david +debbie +dolphin +elephant +emily +friend +fucker +ginger +goodluck +hammer +heather +iceman +jason +jessica +jesus +joseph +jupiter +justin +kevin +knight +lacrosse +lakers +lizard +madison +mary +mother +muffin +murphy +nirvana +paris +pentium +phoenix +picture +rainbow +sandy +saturn +scott +shannon +shithead +skeeter +sophie +special +stephanie +stephen +steve +sweetie +teacher +tennis +test +test123 +tommy +topgun +tristan +wally +william +wilson +1q2w3e +654321 +666666 +a12345 +a1b2c3d4 +alpha +amber +angela +angie +archie +asdf +blazer +bond007 +booger +charles +christin +claire +control +danny +david1 +dennis +digital +disney +edward +elvis +felix +flipper +franklin +frodo +honda +horses +hunter +indigo +james +jasper +jeremy +julian +kelsey +killer +lauren +marie +maryjane +matrix +maverick +mayday +mercury +mitchell +morgan +mountain +niners +nothing +oliver +peace +peanut +pearljam +phantom +popcorn +princess +psycho +pumpkin +purple +randy +rebecca +reddog +robert +rocky +roses +salmon +samson +sharon +sierra +smokey +startrek +steelers +stimpy +sunflower +superman +support +sydney +techno +walter +willie +willow +winner +ziggy +zxcvbnm +alaska +alexis +alice +animal +apples +barbara +benjamin +billy +blue +bluebird +bobby +bonnie +bubba +camera +chocolate +clark +claudia +cocacola +compton +connect +cookie +cruise +douglas +dreamer +dreams +duckie +eagles +eddie +einstein +enter +explorer +faith +family +ferrari +flamingo +flower +foxtrot +francis +freddy +friday +froggy +giants +gizmo +global +goofy +happy1 +hendrix +henry +herman +homer +honey +house +houston +iguana +indiana +insane +inside +irish +ironman +jake +jasmin +jeanne +jerry +joey +justice +katherine +kermit +kitty +koala +larry +leslie +logan +lucky +mark +martin +matt +minnie +misty +mitch +mouse +nancy +nascar +nelson +pantera +parker +penguin +peter +piano +pizza +prince +punkin +pyramid +raymond +robin +roger +rosebud +route66 +royal +running +sadie +sasha +security +sheena +sheila +skiing +snapple +snowball +sparrow +spencer +spike +star +stealth +student +sunny +sylvia +tamara +taurus +teresa +theresa +thunderbird +tigers +tony +toyota +travel +tuesday +victory +viper1 +wesley +whisky +winnie +winter +wolves +xyz123 +zorro +123123 +1234567 +696969 +888888 +Anthony +Joshua +Matthew +Tigger +aaron +abby +abcdef +adidas +adrian +alfred +arthur +athena +austin +awesome +badger +bamboo +beagle +bears +beatles +beautiful +beaver +benny +bigmac +bingo +bitch +blonde +boogie +boston +brenda +bright +bubba1 +bubbles +buffy +button +buttons +cactus +candy +captain +carlos +caroline +carrie +casper +catch22 +chance +charity +charlotte +cheese +cheryl +chloe +chris1 +clancy +compaq +conrad +cooper +cooter +copper +cosmos +cougar +cracker +crawford +crystal +curtis +cyclone +dance +diablo +dollars +dookie +dumbass +dundee +elizabeth +eric +europe +farmer +firebird +fletcher +fluffy +france +freak1 +friends +fuckoff +gabriel +galaxy +gambit +garden +garfield +garnet +genesis +genius +godzilla +golfer +goober +grace +greenday +groovy +grover +guitar +hacker +harry +hazel +hector +herbert +horizon +hornet +howard +icecream +imagine +impala +jack +janice +jasmine +jason1 +jeanette +jeffrey +jenifer +jenni +jesus1 +jewels +joker +julie +julie1 +junior +justin1 +kathleen +keith +kelly +kelly1 +kennedy +kevin1 +knicks +larry1 +leonard +lestat +library +lincoln +lionking +london +louise +lucky1 +lucy +maddog +margaret +mariposa +marlboro +martin1 +marty +master1 +mensuck +mercedes +metal +midori +mikey +millie +mirage +molly +monet +money1 +monica +monopoly +mookie +moose +moroni +music +naomi +nathan +nguyen +nicholas +nicole +nimrod +october +olive +olivia +online +oscar +oxford +pacific +painter +peaches +penelope +pepsi +petunia +philip +phoenix1 +photo +pickle +player +poiuyt +porsche +porter +puppy +python +quality +raquel +raven +remember +robbie +robert1 +roman +rugby +runner +russell +ryan +sailing +sailor +samantha +savage +scarlett +school +sean +seven +shadow1 +sheba +shelby +shit +shoes +simba +simple +skipper +smiley +snake +snickers +sniper +snoopdog +snowman +sonic +spitfire +sprite +spunky +starwars +station +stella +stingray +storm +stormy +stupid +sunny1 +sunrise +surfer +susan +tammy +tango +tanya +teddy1 +theboss +theking +thumper +tina +tintin +tomcat +trebor +trevor +tweety +unicorn +valentine +valerie +vanilla +veronica +victor +vincent +viper +warrior +warriors +weasel +wheels +wilbur +winston +wisdom +wombat +xavier +yellow +zeppelin +1111 +1212 +Andrew +Family +Friends +Michael +Michelle +Snoopy +abcd1234 +abcdefg +abigail +account +adam +alex1 +alice1 +allison +alpine +andre1 +andrea1 +angel1 +anita +annette +antares +apache +apollo +aragorn +arizona +arnold +arsenal +asdfasdf +asdfg +asdfghjk +avenger +baby +babydoll +bailey +banana +barry +basket +batman1 +beaner +beast +beatrice +bella +bertha +bigben +bigdog +biggles +bigman +binky +biology +bishop +blondie +bluefish +bobcat +bosco +braves +brazil +bruce +bruno +brutus +buffalo +bulldog +bullet +bullshit +bunny +business +butch +butler +butter +california +carebear +carol +carol1 +carole +cassie +castle +catalina +catherine +cccccc +celine +center +champion +chanel +chaos +chelsea1 +chester1 +chicago +chico +christian +christy +church +cinder +colleen +colorado +columbia +commander +connie +cookies +cooking +corona +cowboys +coyote +craig +creative +cuddles +cuervo +cutie +daddy +daisy +daniel1 +danielle +davids +death +denis +derek +design +destiny +diana +diane +dickhead +digger +dodger +donna +dougie +dragonfly +dylan +eagle +eclipse +electric +emerald +etoile +excalibur +express +fender +fiona +fireman +flash +florida +flowers +foster +francesco +francine +francois +frank +french +fuckface +gemini +general +gerald +germany +gilbert +goaway +golden +goldfish +goose +gordon +graham +grant +gregory +gretchen +gunner +hannah +harold +harrison +harvey +hawkeye +heaven +heidi +helen +helena +hithere +hobbit +ibanez +idontknow +integra +ireland +irene +isaac +isabel +jackass +jackie +jackson +jaguar +jamaica +japan +jenny1 +jessie +johan +johnny +joker1 +jordan23 +judith +julia +jumanji +kangaroo +karen1 +kathy +keepout +keith1 +kenneth +kimberly +kingdom +kitkat +kramer +kristen +laura +laurie +lawrence +lawyer +legend +liberty +light +lindsay +lindsey +lisa +liverpool +lola +lonely +louis +lovely +loveme +lucas +madonna +malcolm +malibu +marathon +marcel +maria1 +mariah +mariah1 +marilyn +mario +marvin +maurice +maxine +maxwell +me +meggie +melanie +melissa +melody +mexico +michael1 +michele +midnight +mike1 +miracle +misha +mishka +molly1 +monique +montreal +moocow +moore +morris +mouse1 +mulder +nautica +nellie +newton +nick +nirvana1 +nissan +norman +notebook +ocean +olivier +ollie +oranges +oregon +orion +panda +pandora +panther +passion +patricia +pearl +peewee +pencil +penny +people +percy +person +peter1 +petey +picasso +pierre +pinkfloyd +polaris +police +pookie1 +poppy +power +predator +preston +q1w2e3 +queen +queenie +quentin +ralph +random +rangers +raptor +reality +redrum +remote +reynolds +rhonda +ricardo +ricardo1 +ricky +river +roadrunner +robinhood +rocknroll +rocky1 +ronald +roxy +ruthie +sabrina +sakura +sally +sampson +samuel +sandra +santa +sapphire +scarlet +scorpio +scott1 +scottie +scruffy +seattle +serena +shanti +shark +shogun +simon +singer +skull +skywalker +slacker +smashing +smiles +snowflake +snuffy +soccer1 +soleil +sonny +spanky +speedy +spider +spooky +stacey +star69 +start +steven1 +stinky +strawberry +stuart +sugar +sundance +superfly +suzanne +suzuki +swimmer +swimming +system +taffy +tarzan +teddy +teddybear +terry +theatre +thunder +thursday +tinker +tootsie +tornado +tracy +tricia +trident +trojan +truman +trumpet +tucker +turtle +tyler +utopia +voyager +warcraft +warlock +warren +water +wayne +wendy +williams +willy +winona +woody +woofwoof +wrangler +wright +xfiles +xxxxxx +yankees +yvonne +zebra +zenith +zigzag +zombie +zxc123 +zxcvb +000000 +007007 +11111 +11111111 +123321 +171717 +181818 +1a2b3c +1chris +4runner +54321 +55555 +6969 +7777777 +789456 +88888888 +Alexis +Bailey +Charlie +Chris +Daniel +Dragon +Elizabeth +HARLEY +Heather +Jennifer +Jessica +Jordan +KILLER +Nicholas +Password +Princess +Purple +Rebecca +Robert +Shadow +Steven +Summer +Sunshine +Superman +Taylor +Thomas +Victoria +abcd123 +abcde +accord +active +africa +airborne +alfaro +alicia +aliens +alina +aline +alison +allen +aloha +alpha1 +althea +altima +amanda1 +amazing +america +amour +anderson +andre +andrew1 +andromeda +angels +angie1 +annie +anything +apple1 +apple2 +applepie +april +aquarius +ariane +ariel +arlene +artemis +asdf1234 +asdfjkl +ashley1 +ashraf +ashton +asterix +attila +autumn +avatar +babes +bambi +barbie +barney1 +barrett +bball +beaches +beanie +beans +beauty +becca +belize +belle +belmont +benji +benson +bernardo +berry +betsy +betty +bigboss +bigred +billy1 +birdie +birthday +biscuit +bitter +blackjack +blah +blanche +blood +blowjob +blowme +blueeyes +blues +bogart +bombay +boobie +boots +bootsie +boxers +brandi +brent +brewster +bridge +bronco +bronte +brooke +brother +bryan +bubble +buddha +budgie +burton +butterfly +byron +calendar +calvin1 +camel +camille +campbell +camping +cancer +canela +cannon +carbon +carnage +carolyn +carrot +cascade +catfish +cathy +catwoman +cecile +celica +change +chantal +charger +cherry +chiara +chiefs +china +chris123 +christ1 +christmas +christopher +chuck +cindy1 +cinema +civic +claude +clueless +cobain +cobra +cody +colette +college +colors +colt45 +confused +cool +corvette +cosmo +country +crusader +cunningham +cupcake +cynthia +dagger +dammit +dancer +daphne +darkstar +darren +darryl +darwin +deborah +december +deedee +deeznuts +delano +delete +demon +denise +denny +desert +deskjet +detroit +devil +devine +devon +dexter +dianne +diesel +director +dixie +dodgers +doggy +dollar +dolly +dominique +domino +dontknow +doogie +doudou +downtown +dragon1 +driver +dude +dudley +dutchess +dwight +eagle1 +easter +eastern +edith +edmund +eight +element +elissa +ellen +elliot +empire +enigma +enterprise +erin +escort +estelle +eugene +evelyn +explore +family1 +fatboy +felipe +ferguson +ferret +ferris +fireball +fishes +fishie +flight +florida1 +flowerpot +forward +freddie +freebird +freeman +frisco +fritz +froggie +froggies +frogs +fucku +future +gabby +games +garcia +gaston +gateway +george1 +georgia +german +germany1 +getout +ghost +gibson +giselle +gmoney +goblin +goblue +gollum +grandma +gremlin +grizzly +grumpy +guess +guitar1 +gustavo +haggis +haha +hailey +halloween +hamilton +hamlet +hanna +hanson +happy123 +happyday +hardcore +harley1 +harriet +harris +harvard +health +heart +heather1 +heather2 +hedgehog +helene +hello1 +hello123 +hellohello +hermes +heythere +highland +hilda +hillary +history +hitler +hobbes +holiday +holly +honda1 +hongkong +hootie +horse +hotrod +hudson +hummer +huskies +idiot +iforget +iloveu +impact +indonesia +irina +isabelle +israel +italia +italy +jackie1 +jacob +jakey +james1 +jamesbond +jamie +jamjam +jeffrey1 +jennie +jenny +jensen +jesse +jesse1 +jester +jethro +jimbob +jimmy +joanna +joelle +john316 +jordie +jorge +josh +journey +joyce +jubilee +jules +julien +juliet +junebug +juniper +justdoit +karin +karine +karma +katerina +katie +katie1 +kayla +keeper +keller +kendall +kenny +ketchup +kings +kissme +kitten +kittycat +kkkkkk +kristi +kristine +labtec +laddie +ladybug +lance +laurel +lawson +leader +leland +lemon +lester +letter +letters +lexus1 +libra +lights +lionel +little +lizzy +lolita +lonestar +longhorn +looney +loren +lorna +loser +lovers +loveyou +lucia +lucifer +lucky14 +maddie +madmax +magic1 +magnum +maiden +maine +management +manson +manuel +marcus +maria +marielle +marine +marino +marshall +martha +maxmax +meatloaf +medical +megan +melina +memphis +mermaid +miami +michel +michigan +mickey1 +microsoft +mikael +milano +miles +millenium +million +miranda +miriam +mission +mmmmmm +mobile +monkey1 +monroe +montana +monty +moomoo +moonbeam +morpheus +motorola +movies +mozart +munchkin +murray +mustang1 +nadia +nadine +napoleon +nation +national +nestle +newlife +newyork1 +nichole +nikita +nikki +nintendo +nokia +nomore +normal +norton +noway +nugget +number9 +numbers +nurse +nutmeg +ohshit +oicu812 +omega +openup +orchid +oreo +orlando +packard +packers +paloma +pancake +panic +parola +parrot +partner +pascal +patches +patriots +paula +pauline +payton +peach +peanuts +pedro1 +peggy +perfect +perry +peterpan +philips +phillips +phone +pierce +pigeon +pink +pioneer +piper1 +pirate +pisces +playboy +pluto +poetry +pontiac +pookey +popeye +prayer +precious +prelude +premier +puddin +pulsar +pussy +pussy1 +qwert +qwerty12 +qwertyui +rabbit1 +rachelle +racoon +rambo +randy1 +ravens +redman +redskins +reggae +reggie +renee +renegade +rescue +revolution +richard1 +richards +richmond +riley +ripper +robby +roberts +rock +rocket1 +rockie +rockon +roger1 +rogers +roland +rommel +rookie +rootbeer +rosie +rufus +rusty +ruthless +sabbath +sabina +safety +saint +samiam +sammie +sammy +samsam +sandi +sanjose +saphire +sarah1 +saskia +sassy +saturday +science +scooby +scoobydoo +scooter1 +scorpion +scotty +scouts +search +september +server +seven7 +sexy +shaggy +shanny +shaolin +shasta +shayne +shelly +sherry +shirley +shorty +shotgun +sidney +simba1 +sinatra +sirius +skate +skipper1 +skyler +slayer +sleepy +slider +smile1 +smitty +smoke +snakes +snapper +snoop +solomon +sophia +space +sparks +spartan +spike1 +sponge +spurs +squash +stargate +starlight +stars +steph1 +steve1 +stevens +stewart +stone +stranger +stretch +strong +studio +stumpy +sucker +suckme +sultan +summit +sunfire +sunset +super +superstar +surfing +susan1 +sutton +sweden +sweetpea +sweety +swordfish +tabatha +tacobell +taiwan +tamtam +tanner +target +tasha +tattoo +tequila +terry1 +texas +thankyou +theend +thompson +thrasher +tiger2 +timber +timothy +tinkerbell +topcat +topher +toshiba +tototo +travis +treasure +trees +tricky +trish +triton +trombone +trouble +trucker +turbo +twins +tyler1 +ultimate +unique +united +ursula +vacation +valley +vampire +vanessa +venice +venus +vermont +vicki +vicky +victor1 +vincent1 +violet +violin +virgil +virginia +vision +volley +voodoo +vortex +waiting +wanker +warner +water1 +wayne1 +webster +weezer +wendy1 +western +white +whitney +whocares +wildcat +william1 +wilma +window +winniethepooh +wolfgang +wolverine +wonder +xxxxxxxx +yamaha +yankee +yogibear +yolanda +yomama +yvette +zachary +zebras +zxcvbn +00000000 +121212 +1234qwer +131313 +13579 +90210 +99999999 +ABC123 +action +amelie +anaconda +apollo13 +artist +asshole +benoit +bernard +bernie +bigbird +blizzard +bluesky +bonjour +caesar +cardinal +carolina +cesar +chandler +chapman +charlie1 +chevy +chiquita +chocolat +coco +cougars +courtney +dolphins +dominic +donkey +dusty +eminem +energy +fearless +forest +forever +glenn +guinness +hotdog +indian +jared +jimbo +johnson +jojo +josie +kristin +lloyd +lorraine +lynn +maxime +memory +mimi +mirror +nebraska +nemesis +network +nigel +oatmeal +patton +pedro +planet +players +portland +praise +psalms +qwaszx +raiders +rambo1 +rancid +shawn +shelley +softball +speedo +sports +ssssss +steele +steph +stephani +sunday +tiffany +tigre +toronto +trixie +undead +valentin +velvet +viking +walker +watson +young +babygirl +pretty +hottie +teamo +987654321 +naruto +spongebob +daniela +princesa +christ +blessed +single +qazwsx +pokemon +iloveyou1 +iloveyou2 +fuckyou1 +hahaha +poop +blessing +blahblah +blink182 +123qwe +trinity +passw0rd +google +looking +spirit +iloveyou! +qwerty1 +onelove +mylove +222222 +ilovegod +football1 +loving +emmanuel +1q2w3e4r +red123 +blabla +112233 +hallo +spiderman +simpsons +monster +november +brooklyn +poopoo +darkness +159753 +pineapple +chester +1qaz2wsx +drowssap +monkey12 +wordpass +q1w2e3r4 +coolness +11235813 +something +alexandra +estrella +miguel +iloveme +sayang +princess1 +555555 +999999 +alejandro +brittany +alejandra +tequiero +antonio +987654 +00000 +fernando +corazon +cristina +kisses +myspace +rebelde +babygurl +alyssa +mahalkita +gabriela +pictures +hellokitty +babygirl1 +angelica +mahalko +mariana +eduardo +andres +ronaldo +inuyasha +adriana +celtic +samsung +angelo +456789 +sebastian +karina +hotmail +0123456789 +barcelona +cameron +slipknot +cutiepie +50cent +bonita +maganda +babyboy +natalie +cuteako +javier +789456123 +123654 +bowwow +portugal +777777 +volleyball +january +cristian +bianca +chrisbrown +101010 +sweet +panget +benfica +love123 +lollipop +camila +qwertyuiop +harrypotter +ihateyou +christine +lorena +andreea +charmed +rafael +brianna +aaliyah +johncena +lovelove +gangsta +333333 +hiphop +mybaby +sergio +metallica +myspace1 +babyblue +badboy +fernanda +westlife +sasuke +steaua +roberto +slideshow +asdfghjkl +santiago +jayson +5201314 +jerome +gandako +gatita +babyko +246810 +sweetheart +chivas +alberto +valeria +nicole1 +12345678910 +leonardo +jayjay +liliana +sexygirl +232323 +amores +anthony1 +bitch1 +fatima +miamor +lover +lalala +252525 +skittles +colombia +159357 +manutd +123456a +britney +katrina +christina +pasaway +mahal +tatiana +cantik +0123456 +teiubesc +147258369 +natalia +francisco +amorcito +paola +angelito +manchester +mommy1 +147258 +amigos +marlon +linkinpark +147852 +diego +444444 +iverson +andrei +justine +frankie +pimpin +fashion +bestfriend +england +hermosa +456123 +102030 +sporting +hearts +potter +iloveu2 +number1 +212121 +truelove +jayden +savannah +hottie1 +ganda +scotland +ilovehim +shakira +estrellita +brandon1 +sweets +familia +love12 +omarion +monkeys +loverboy +elijah +ronnie +mamita +999999999 +broken +rodrigo +westside +mauricio +amigas +preciosa +shopping +flores +isabella +martinez +elaine +friendster +cheche +gracie +connor +valentina +darling +santos +joanne +fuckyou2 +pebbles +sunshine1 +gangster +gloria +darkangel +bettyboop +jessica1 +cheyenne +dustin +iubire +a123456 +purple1 +bestfriends +inlove +batista +karla +chacha +marian +sexyme +pogiako +jordan1 +010203 +daddy1 +daddysgirl +billabong +pinky +erika +skater +nenita +tigger1 +gatito +lokita +maldita +buttercup +bambam +glitter +123789 +sister +zacefron +tokiohotel +loveya +lovebug +bubblegum +marissa +cecilia +lollypop +nicolas +puppies +ariana +chubby +sexybitch +roxana +mememe +susana +baller +hotstuff +carter +babylove +angelina +playgirl +sweet16 +012345 +bhebhe +marcos +loveme1 +milagros +lilmama +beyonce +lovely1 +catdog +armando +margarita +151515 +loves +202020 +gerard +undertaker +amistad +capricorn +delfin +cheerleader +password2 +PASSWORD +lizzie +matthew1 +enrique +badgirl +141414 +dancing +cuteme +amelia +skyline +angeles +janine +carlitos +justme +legolas +michelle1 +cinderella +jesuschrist +ilovejesus +tazmania +tekiero +thebest +princesita +lucky7 +jesucristo +buddy1 +regina +myself +lipgloss +jazmin +rosita +chichi +pangit +mierda +741852963 +hernandez +arturo +silvia +melvin +celeste +pussycat +gorgeous +honeyko +mylife +babyboo +loveu +lupita +panthers +hollywood +alfredo +musica +hawaii +sparkle +kristina +sexymama +crazy +scarface +098765 +hayden +micheal +242424 +0987654321 +marisol +jeremiah +mhine +isaiah +lolipop +butterfly1 +xbox360 +madalina +anamaria +yourmom +jasmine1 +bubbles1 +beatriz +diamonds +friendship +sweetness +desiree +741852 +hannah1 +bananas +julius +leanne +marie1 +lover1 +twinkle +february +bebita +87654321 +twilight +imissyou +pollito +ashlee +cookie1 +147852369 +beckham +simone +nursing +torres +damian +123123123 +joshua1 +babyface +dinamo +mommy +juliana +cassandra +redsox +gundam +0000 +ou812 +dave +golf +molson +Monday +newpass +thx1138 +1 +Internet +coke +foobar +abc +fish +fred +help +ncc1701d +newuser +none +pat +dog +duck +duke +floyd +guest +joe +kingfish +micro +sam +telecom +test1 +7777 +absolut +babylon5 +backup +bill +bird33 +deliver +fire +flip +galileo +gopher +hansolo +jane +jim +mom +passwd +phil +phish +porsche911 +rain +red +sergei +training +truck +video +volvo +007 +1969 +5683 +Bond007 +Friday +Hendrix +October +Taurus +aaa +alexandr +catalog +challenge +clipper +coltrane +cyrano +dan +dawn +dean +deutsch +dilbert +e-mail +export +ford +fountain +fox +frog +gabriell +garlic +goforit +grateful +hoops +lady +ledzep +lee +mailman +mantra +market +mazda1 +metallic +ncc1701e +nesbitt +open +pete +quest +republic +research +supra +tara +testing +xanadu +xxxx +zaphod +zeus +0007 +1022 +10sne1 +1973 +1978 +2000 +2222 +3bears +Broadway +Fisher +Jeanne +Killer +Knight +Master +Pepper +Sierra +Tennis +abacab +abcd +ace +acropolis +amy +anders +avenir +basil +bass +beer +ben +bliss +blowfish +boss +bridges +buck +bugsy +bull +cannondale +canon +catnip +chip +civil +content +cook +cordelia +crack1 +cyber +daisie +dark1 +database +deadhead +denali +depeche +dickens +emmitt +entropy +farout +farside +feedback +fidel +firenze +fish1 +fletch +fool +fozzie +fun +gargoyle +gasman +gold +graphic +hell +image +intern +intrepid +jeff +jkl123 +joel +johanna1 +kidder +kim +king +kirk +kris +lambda +leon +logical +lorrie +major +mariner +mark1 +max +media +merlot +midway +mine +mmouse +moon +mopar +mortimer +nermal +nina +olsen +opera +overkill +pacers +packer +picard +polar +polo +primus +prometheus +public +radio +rastafarian +reptile +rob +robotech +rodeo +rolex +rouge +roy +ruby +salasana +scarecrow +scout +scuba1 +sergey +skibum +skunk +sound +starter +sting1 +sunbird +tbird +teflon +temporal +terminal +the +thejudge +time +toby +today +tokyo +tree +trout +vader +val +valhalla +windsurf +wolf +wolf1 +xcountry +yoda +yukon +1213 +1214 +1225 +1313 +1818 +1975 +1977 +1991 +1kitty +2001 +2020 +2112 +2kids +333 +4444 +5050 +57chevy +7dwarfs +Animals +Ariel +Bismillah +Booboo +Boston +Carol +Computer +Creative +Curtis +Denise +Eagles +Esther +Fishing +Freddy +Gandalf +Golden +Goober +Hacker +Harley +Henry +Hershey +Jackson +Jersey +Joanna +Johnson +Katie +Kitten +Liberty +Lindsay +Lizard +Madeline +Margaret +Maxwell +Money +Monster +Pamela +Peaches +Peter +Phoenix +Piglet +Pookie +Rabbit +Raiders +Random +Russell +Sammy +Saturn +Skeeter +Smokey +Sparky +Speedy +Sterling +Theresa +Thunder +Vincent +Willow +Winnie +Wolverine +aaaa +aardvark +abbott +acura +admin +admin1 +adrock +aerobics +agent +airwolf +ali +alien +allegro +allstate +altamira +altima1 +andrew! +ann +anne +anneli +aptiva +arrow +asdf;lkj +assmunch +baraka +barnyard +bart +bartman +beasty +beavis1 +bebe +belgium +beowulf +beryl +best +bharat +bichon +bigal +biker +bilbo +bills +bimmer +biochem +birdy +blinds +blitz +bluejean +bogey +bogus +boulder +bourbon +boxer +brain +branch +britain +broker +bucks +buffett +bugs +bulls +burns +buzz +c00per +calgary +camay +carl +cat +cement +cessna +chad +chainsaw +chameleon +chang +chess +chinook +chouette +chronos +cicero +circuit +cirque +cirrus +clapton +clarkson +class +claudel +cleo +cliff +clock +color +comet +concept +concorde +coolbean +corky +cornflake +corwin +cows +crescent +cross +crowley +cthulhu +cunt +current +cutlass +daedalus +dagger1 +daily +dale +dana +daytek +dead +decker +dharma +dillweed +dipper +disco +dixon +doitnow +doors +dork +doug +dutch +effie +ella +elsie +engage +eric1 +ernie1 +escort1 +excel +faculty +fairview +faust +fenris +finance +first +fishhead +flanders +fleurs +flute +flyboy +flyer +franka +frederic +free +front242 +frontier +fugazi +funtime +gaby +gaelic +gambler +gammaphi +garfunkel +garth +gary +gateway2 +gator1 +gibbons +gigi +gilgamesh +goat +godiva +goethe +gofish +good +gramps +gravis +gray +greed +greg +greg1 +greta +gretzky +guido +gumby +h2opolo +hamid +hank +hawkeye1 +health1 +hello8 +help123 +helper +homerj +hoosier +hope +huang +hugo +hydrogen +ib6ub9 +insight +instructor +integral +iomega +iris +izzy +jazz +jean +jeepster +jetta1 +joanie +josee +joy +julia2 +jumbo +jump +justice4 +kalamazoo +kali +kat +kate +kerala +kids +kiwi +kleenex +kombat +lamer +laser +laserjet +lassie1 +leblanc +legal +leo +life +lions +liz +logger +logos +loislane +loki +longer +lori +lost +lotus +lou +macha +macross +madoka +makeitso +mallard +marc +math +mattingly +mechanic +meister +mercer +merde +merrill +michal +michou +mickel +minou +mobydick +modem +mojo +montana3 +montrose +motor +mowgli +mulder1 +muscle +neil +neutrino +newaccount +nicklaus +nightshade +nightwing +nike +none1 +nopass +nouveau +novell +oaxaca +obiwan +obsession +orville +otter +ozzy +packrat +paint +papa +paradigm +pass +pavel +peterk +phialpha +phishy +piano1 +pianoman +pianos +pipeline +plato +play +poetic +print +printing +provider +qqq111 +quebec +qwer +racer +racerx +radar +rafiki +raleigh +rasta1 +redcloud +redfish +redwing +redwood +reed +rene +reznor +rhino +ripple +rita +robocop +robotics +roche +roni +rossignol +rugger +safety1 +saigon +satori +saturn5 +schnapps +scotch +scuba +secret3 +seeker +services +sex +shanghai +shazam +shelter +sigmachi +signal +signature +simsim +skydive +slick +smegma +smiths +smurfy +snow +sober1 +sonics +sony +spazz +sphynx +spock +spoon +spot +sprocket +starbuck +steel +stephi +sting +stocks +storage +strat +strato +stud +student2 +susanna +swanson +swim +switzer +system5 +t-bone +talon +tarheel +tata +tazdevil +tester +testtest +thisisit +thorne +tightend +tim +tom +tool +total +toucan +transfer +transit +transport +trapper +trash +trophy +tucson +turbo2 +unity +upsilon +vedder +vette +vikram +virago +visual +volcano +walden +waldo +walleye +webmaster +wedge +whale1 +whit +whoville +wibble +will +wombat1 +word +world +x-files +xxx123 +zack +zepplin +zoltan +zoomer +123go +21122112 +5555 +911 +FuckYou +Fuckyou +Gizmo +Hello +Michel +Qwerty +Windows +angus +aspen +ass +bird +booster +byteme +cats +changeit +christia +christoph +classroom +cloclo +corrado +dasha +fiction +french1 +fubar +gator +gilles +gocougs +hilbert +hola +home +judy +koko +lulu +mac +macintosh +mailer +mars +meow +ne1469 +niki +paul +politics +pomme +property +ruth +sales +salut +scrooge +skidoo +spain +surf +sylvie +symbol +forum +rotimi +god +saved +2580 +1998 +xxx +1928 +777 +info +a +netware +sun +tech +doom +mmm +one +ppp +1911 +1948 +1996 +5252 +Champs +Tuesday +bach +crow +don +draft +hal9000 +herzog +huey +jethrotull +jussi +mail +miki +nicarao +snowski +1316 +1412 +1430 +1952 +1953 +1955 +1956 +1960 +1964 +1qw23e +22 +2200 +2252 +3010 +3112 +4788 +6262 +Alpha +Bastard +Beavis +Cardinal +Celtics +Cougar +Darkman +Figaro +Fortune +Geronimo +Hammer +Homer +Janet +Mellon +Merlot +Metallic +Montreal +Newton +Paladin +Peanuts +Service +Vernon +Waterloo +Webster +aki123 +aqua +aylmer +beta +bozo +car +chat +chinacat +cora +courier +dogbert +eieio +elina1 +fly +funguy +fuzz +ggeorge +glider1 +gone +hawk +heikki +histoire +hugh +if6was9 +ingvar +jan +jedi +jimi +juhani +khan +lima +midvale +neko +nesbit +nexus6 +nisse +notta1 +pam +park +pole +pope +pyro +ram +reliant +rex +rush +seoul +skip +stan +sue +suzy +tab +testi +thelorax +tika +tnt +toto1 +tre +wind +x-men +xyz +zxc +369 +Abcdef +Asdfgh +Changeme +NCC1701 +Zxcvbnm +demo +doom2 +e +good-luck +homebrew +m1911a1 +nat +ne1410s +ne14a69 +zhongguo +sample123 +0852 +basf +OU812 +!@#$% +informix +majordomo +news +temp +trek +!@#$%^ +!@#$%^&* +Pentium +Raistlin +adi +bmw +law +m +new +opus +plus +visa +www +y +zzz +1332 +1950 +3141 +3533 +4055 +4854 +6301 +Bonzo +ChangeMe +Front242 +Gretel +Michel1 +Noriko +Sidekick +Sverige +Swoosh +Woodrow +aa +ayelet +barn +betacam +biz +boat +cuda +doc +hal +hallowell +haro +hosehead +i +ilmari +irmeli +j1l2t3 +jer +kcin +kerrya +kissa2 +leaf +lissabon +mart +matti1 +mech +morecats +paagal +performa +prof +ratio +ship +slip +stivers +tapani +targas +test2 +test3 +tula +unix +user1 +xanth +!@#$%^& +1701d +@#$%^& +Qwert +allo +dirk +go +newcourt +nite +notused +sss diff --git a/lib/resources/passwordlists/ncrackpassword.lst b/lib/resources/passwordlists/ncrackpassword.lst new file mode 100644 index 000000000..514808c6f --- /dev/null +++ b/lib/resources/passwordlists/ncrackpassword.lst @@ -0,0 +1,5083 @@ +#!comment: ***********************IMPORTANT NMAP LICENSE TERMS************************ +#!comment: * * +#!comment: * The Nmap Security Scanner is (C) 1996-2010 Insecure.Com LLC. Nmap is * +#!comment: * also a registered trademark of Insecure.Com LLC. This program is free * +#!comment: * software; you may redistribute and/or modify it under the terms of the * +#!comment: * GNU General Public License as published by the Free Software * +#!comment: * Foundation; Version 2 with the clarifications and exceptions described * +#!comment: * below. This guarantees your right to use, modify, and redistribute * +#!comment: * this software under certain conditions. If you wish to embed Nmap * +#!comment: * technology into proprietary software, we sell alternative licenses * +#!comment: * (contact sales@insecure.com). Dozens of software vendors already * +#!comment: * license Nmap technology such as host discovery, port scanning, OS * +#!comment: * detection, and version detection. * +#!comment: * * +#!comment: * Note that the GPL places important restrictions on "derived works", yet * +#!comment: * it does not provide a detailed definition of that term. To avoid * +#!comment: * misunderstandings, we consider an application to constitute a * +#!comment: * "derivative work" for the purpose of this license if it does any of the * +#!comment: * following: * +#!comment: * o Integrates source code from Nmap * +#!comment: * o Reads or includes Nmap copyrighted data files, such as * +#!comment: * nmap-os-db or nmap-service-probes. * +#!comment: * o Executes Nmap and parses the results (as opposed to typical shell or * +#!comment: * execution-menu apps, which simply display raw Nmap output and so are * +#!comment: * not derivative works.) * +#!comment: * o Integrates/includes/aggregates Nmap into a proprietary executable * +#!comment: * installer, such as those produced by InstallShield. * +#!comment: * o Links to a library or executes a program that does any of the above * +#!comment: * * +#!comment: * The term "Nmap" should be taken to also include any portions or derived * +#!comment: * works of Nmap. This list is not exclusive, but is meant to clarify our * +#!comment: * interpretation of derived works with some common examples. Our * +#!comment: * interpretation applies only to Nmap--we don't speak for other people's * +#!comment: * GPL works. * +#!comment: * * +#!comment: * If you have any questions about the GPL licensing restrictions on using * +#!comment: * Nmap in non-GPL works, we would be happy to help. As mentioned above, * +#!comment: * we also offer alternative license to integrate Nmap into proprietary * +#!comment: * applications and appliances. These contracts have been sold to dozens * +#!comment: * of software vendors, and generally include a perpetual license as well * +#!comment: * as providing for priority support and updates as well as helping to * +#!comment: * fund the continued development of Nmap technology. Please email * +#!comment: * sales@insecure.com for further information. * +#!comment: * * +#!comment: * As a special exception to the GPL terms, Insecure.Com LLC grants * +#!comment: * permission to link the code of this program with any version of the * +#!comment: * OpenSSL library which is distributed under a license identical to that * +#!comment: * listed in the included COPYING.OpenSSL file, and distribute linked * +#!comment: * combinations including the two. You must obey the GNU GPL in all * +#!comment: * respects for all of the code used other than OpenSSL. If you modify * +#!comment: * this file, you may extend this exception to your version of the file, * +#!comment: * but you are not obligated to do so. * +#!comment: * * +#!comment: * If you received these files with a written license agreement or * +#!comment: * contract stating terms other than the terms above, then that * +#!comment: * alternative license agreement takes precedence over these comments. * +#!comment: * * +#!comment: * Source is provided to this software because we believe users have a * +#!comment: * right to know exactly what a program is going to do before they run it. * +#!comment: * This also allows you to audit the software for security holes (none * +#!comment: * have been found so far). * +#!comment: * * +#!comment: * Source code also allows you to port Nmap to new platforms, fix bugs, * +#!comment: * and add new features. You are highly encouraged to send your changes * +#!comment: * to nmap-dev@insecure.org for possible incorporation into the main * +#!comment: * distribution. By sending these changes to Fyodor or one of the * +#!comment: * Insecure.Org development mailing lists, it is assumed that you are * +#!comment: * offering the Nmap Project (Insecure.Com LLC) the unlimited, * +#!comment: * non-exclusive right to reuse, modify, and relicense the code. Nmap * +#!comment: * will always be available Open Source, but this is important because the * +#!comment: * inability to relicense code has caused devastating problems for other * +#!comment: * Free Software projects (such as KDE and NASM). We also occasionally * +#!comment: * relicense the code to third parties as discussed above. If you wish to * +#!comment: * specify special license conditions of your contributions, just say so * +#!comment: * when you send them. * +#!comment: * * +#!comment: * This program is distributed in the hope that it will be useful, but * +#!comment: * WITHOUT ANY WARRANTY; without even the implied warranty of * +#!comment: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * +#!comment: * General Public License v2.0 for more details at * +#!comment: * http://www.gnu.org/licenses/gpl-2.0.html , or in the COPYING file * +#!comment: * included with Nmap. * +#!comment: * * +#!comment: ***************************************************************************/ +123456 +12345 +123456789 +password +iloveyou +princess +1234567 +12345678 +abc123 +nicole +daniel +babygirl +monkey +lovely +jessica +654321 +michael +qwerty +111111 +ashley +000000 +iloveu +michelle +tigger +sunshine +chocolate +password1 +soccer +anthony +friends +purple +butterfly +angel +jordan +liverpool +justin +123123 +fuckyou +loveme +football +secret +andrea +carlos +jennifer +joshua +bubbles +superman +1234567890 +hannah +amanda +loveyou +pretty +andrew +basketball +angels +flower +tweety +hello +playboy +elizabeth +charlie +hottie +tinkerbell +samantha +chelsea +barbie +lovers +jasmine +brandon +teamo +666666 +shadow +melissa +matthew +eminem +robert +danielle +forever +family +computer +jonathan +dragon +whatever +987654321 +cookie +vanessa +summer +naruto +sweety +spongebob +joseph +junior +softball +taylor +yellow +mickey +lauren +daniela +princesa +alexandra +jesus +alexis +william +thomas +estrella +miguel +beautiful +angela +mylove +patrick +poohbear +iloveme +sakura +adrian +destiny +alexander +christian +121212 +america +sayang +dancer +monica +112233 +richard +diamond +555555 +princess1 +orange +steven +carolina +louise +rangers +789456 +999999 +snoopy +11111 +nathan +hunter +shorty +gabriel +killer +cherry +buster +sandra +alejandro +george +brittany +alejandra +patricia +rachel +cheese +7777777 +159753 +tequiero +arsenal +ginger +dolphin +david +heather +antonio +peanut +blink182 +pokemon +stephanie +222222 +sweetie +pepper +maggie +victoria +chicken +beauty +987654 +00000 +honey +rainbow +fernando +corazon +cristina +kisses +manuel +rebelde +baseball +angel1 +heaven +ricardo +martin +55555 +babygurl +greenday +november +123321 +mother +123abc +madison +alyssa +batman +mahalkita +morgan +december +september +asshole +mariposa +maria +bailey +gabriela +iloveyou2 +pamela +jeremy +shannon +gemini +kimberly +sophie +pictures +jessie +claudia +hellokitty +austin +babygirl1 +angelica +victor +horses +harley +tiffany +mahalko +booboo +mariana +eduardo +courtney +andres +kissme +iloveyou1 +chris +ronaldo +peaches +october +precious +inuyasha +888888 +veronica +master +james +banana +adriana +prince +cutie +jesus1 +freedom +friend +crystal +zxcvbnm +oliver +samsung +edward +celtic +diana +kenneth +scooby +angelo +rebecca +carmen +jackie +sebastian +456789 +spiderman +johnny +karina +christopher +school +0123456789 +orlando +august +barcelona +samuel +slipknot +cameron +monkey1 +mustang +bitch +cutiepie +casper +adidas +kevin +50cent +bonita +brenda +kitten +babyboy +maganda +karen +isabel +natalie +123654 +internet +cuteako +sarah +789456123 +javier +bowwow +777777 +marvin +fuckoff +portugal +laura +tigers +jasper +denise +silver +rockstar +nicholas +chester +volleyball +january +flowers +tintin +alicia +bianca +cristian +smokey +chrisbrown +101010 +garfield +dennis +sweet +cassie +strawberry +asdfgh +francis +696969 +panget +benfica +love123 +lollipop +qwertyuiop +olivia +cancer +charles +camila +superstar +midnight +vincent +harrypotter +ihateyou +apples +monique +christine +jordan23 +scorpio +mercedes +aaaaaa +nirvana +lorena +charmed +icecream +abigail +mexico +pookie +katherine +andreea +fucker +rafael +welcome +benjamin +brianna +lovelove +abcdef +131313 +aaliyah +johncena +gangsta +brooke +333333 +metallica +hiphop +sergio +mybaby +julian +dakota +travis +love +michael1 +sabrina +jeffrey +stephen +babyblue +catherine +badboy +jackson +fernanda +westlife +blondie +simple +smiley +melanie +sasuke +fluffy +dolphins +roberto +steaua +teresa +piglet +jason +newyork +asdfghjkl +ronald +minnie +slideshow +muffin +88888888 +raymond +5201314 +letmein +santiago +jayson +jerome +gandako +gatita +246810 +popcorn +babyko +kitty +ladybug +sweetheart +alberto +leslie +chivas +jenny +cookies +dexter +nicole1 +valeria +christ +leonardo +12345678910 +rockon +232323 +jayjay +anthony1 +marcus +liliana +lalala +babydoll +sexygirl +amores +scooter +bitch1 +chris1 +fatima +eeyore +single +miamor +natasha +lover +252525 +happy +skittles +159357 +cocacola +brooklyn +winnie +colombia +123456a +manutd +teddybear +britney +linda +london +christina +katrina +albert +grace +marie +lakers +pasaway +mahal +tatiana +0123456 +charlotte +147258369 +cantik +hahaha +teiubesc +natalia +smile +francisco +elephant +stupid +genesis +amorcito +manchester +paola +shelby +angelito +turtle +147258 +snickers +kelsey +hockey +mommy1 +xavier +claire +amigos +marina +147852 +linkinpark +marlon +spider +fuckyou1 +qazwsx +brandy +garcia +diego +bonnie +sharon +444444 +rabbit +disney +bandit +andrei +frankie +iverson +54321 +pimpin +soccer1 +justine +red123 +england +fashion +dallas +bestfriend +phoenix +emily +danny +456123 +hermosa +allison +guitar +102030 +lucky1 +wilson +potter +miranda +pumpkin +monster +camille +sporting +number1 +hearts +katie +iloveu2 +player +212121 +sparky +people +savannah +truelove +hottie1 +scotland +nelson +jayden +jasmin +timothy +canada +ganda +onelove +barney +bubble +smiles +parola +ilovehim +shakira +thunder +brandon1 +estrellita +florida +sweets +motorola +evelyn +nikki +matrix +love12 +familia +elijah +monkeys +joanna +omarion +lucky +999999999 +emmanuel +ronnie +loverboy +broken +mamita +jackass +maryjane +rodrigo +yankees +california +westside +justin1 +tennis +jamaica +mauricio +trinity +amigas +preciosa +shopping +mariah +hello1 +bradley +isabella +flores +starwars +kathleen +sunflower +hector +jorge +sammy +robbie +cupcake +compaq +connor +gracie +elaine +loser +abcdefg +valentina +cheche +martinez +melody +friendster +fuckyou2 +darling +jamie +candy +joanne +santos +millie +dominic +pebbles +blessed +biteme +sunshine1 +swimming +taurus +aaron +tyler +ferrari +loving +gangster +gloria +snowball +dreams +kitkat +darkangel +cheyenne +sweetpea +a123456 +darren +megan +dustin +jessica1 +cynthia +violet +bettyboop +kelly +purple1 +iubire +nothing +sydney +sophia +bestfriends +zachary +jordan1 +batista +apple +inlove +froggy +oscar +chacha +010203 +karla +marian +gerald +skater +billabong +sexyme +pogiako +daddy1 +carebear +raiders +daddysgirl +charlie1 +erika +pinky +ashley1 +tigger1 +money +google +nenita +gatito +buttercup +green +amber +lokita +maldita +bambam +nichole +darkness +bella +glitter +123789 +dreamer +sister +lindsey +cooper +willow +fuckme +zacefron +tokiohotel +lindsay +lovebug +loveya +marissa +bubblegum +passion +123qwe +nicolas +cecilia +lollypop +kristine +anderson +butter +caroline +puppies +chubby +ariana +mario +raquel +sierra +sammie +lonely +miller +mememe +kristen +susana +sexybitch +scorpion +carter +roxana +stacey +baller +hotstuff +angelina +eagles +babylove +rocker +chance +james1 +012345 +sweet16 +stella +football1 +playgirl +marcos +qwerty1 +gustavo +bhebhe +rocky +loveme1 +kayla +booger +milagros +daddy +11111111 +catdog +lovely1 +williams +freddy +lolita +lilmama +beyonce +1234 +armando +202020 +undertaker +margarita +151515 +caitlin +PASSWORD +loves +gerard +password2 +bryan +zxcvbn +amistad +yamaha +vampire +dance +capricorn +trustno1 +delfin +georgia +martha +matthew1 +skyline +lizzie +hotdog +ireland +cheerleader +andrew1 +tristan +tamara +scoobydoo +money1 +sheila +badgirl +enrique +janine +chiquita +justme +amelia +141414 +dancing +cuteme +kittycat +angeles +legolas +carlitos +xxxxxx +harvey +jesuschrist +maddie +israel +remember +angie +michelle1 +lester +cinderella +ashton +thebest +patches +genius +ilovejesus +deedee +cowboys +tazmania +peewee +paloma +janice +lucky7 +happy1 +buddy1 +april +walter +miriam +tekiero +princesita +jesucristo +myself +regina +felipe +tinker +awesome +chichi +rosita +boomer +lipgloss +jazmin +david1 +pangit +arturo +molly +741852963 +animal +penguin +mierda +melvin +celeste +hernandez +silvia +simpsons +pussycat +00000000 +winter +hardcore +gateway +gorgeous +johnson +mylife +honeyko +babyboo +loveu +spencer +hollywood +lupita +crazy +panthers +ilovegod +trixie +valerie +alfredo +hawaii +musica +kristina +sparkle +please +daisy +scarface +murphy +098765 +nikita +wesley +sexymama +hailey +hayden +poopoo +debbie +micheal +0987654321 +242424 +pineapple +christmas +jeremiah +lolipop +marisol +lawrence +chloe +cesar +butterfly1 +sheena +qwert +isaiah +yourmom +mhine +bubbles1 +blonde +barbara +brian +jimmy +xbox360 +united +madalina +marley +chicago +anamaria +trouble +sandy +beatriz +whitney +diamonds +pauline +741852 +jasmine1 +sweetness +pantera +friendship +87654321 +bananas +julius +shadow1 +desiree +anita +tucker +hannah1 +marie1 +leanne +twinkle +lover1 +birthday +panther +february +123123123 +donald +twilight +shelly +bobby +eugene +cookie1 +simone +bebita +abcd1234 +147852369 +bullshit +beckham +ashlee +imissyou +iloveyou! +pollito +catalina +damian +andre +joshua1 +perfect +moomoo +nursing +torres +daniel1 +dinamo +autumn +juliana +babyface +cassandra +mommy +titanic +drpepper +sexylady +bitches +852456 +buddy +14344 +mendoza +robert1 +animals +coffee +alison +mariel +marcela +samson +gerardo +cowboy +bethany +blossom +harold +serenity +cutie1 +bulldogs +amanda1 +paradise +willie +simpleplan +paulina +fabian +kucing +1111111 +hollister +ILOVEYOU +reggie +diesel +lovehurts +pisces +tyrone +rodriguez +element +calvin +chanel +patito +kaylee +piolin +peterpan +143143 +dianne +stars +marshall +salvador +mitchell +sanchez +joseluis +jason1 +tanner +grandma +dancer1 +always +helena +bulldog +diosesamor +181818 +derrick +sweet1 +theresa +ashleigh +margaret +love4ever +thumper +chinita +alexandru +thuglife +mihaela +trisha +brownie +1q2w3e4r +aquarius +shane +phillip +amormio +aaaaa +kitty1 +heart +panda +creative +yvonne +rosario +morena +sammy1 +marius +donkey +bigboy +lorraine +hayley +archie +kaitlyn +danger +gregory +esther +babycakes +frances +hamster +tweety1 +1q2w3e +arnold +gerrard +sexy123 +parker +maverick +superman1 +catarina +taylor1 +pickles +trevor +marco +police +babies +brittney +11223344 +virginia +speedy +rockme +sports +boston +lorenzo +italia +black +sofia +yasmin +godisgood +audrey +dominique +roxanne +rocku +happiness +asdfg +jenjen +shorty1 +chrissy +nadine +giggles +753951 +tyler1 +cuddles +castillo +fantasy +joyjoy +darwin +summer1 +maxwell +rosebud +beautiful1 +pelusa +toyota +golden +12341234 +justice +kittykat +fabiola +faith +mickey1 +russell +cristo +jocelyn +ghetto +junjun +cheer +babygurl1 +julio +madison1 +cuteko +rascal +wildcats +rooney +curtis +bloods +alisha +kayleigh +college +william1 +sarita +rochelle +macmac +gabrielle +gilbert +mississippi +diablo +mickeymouse +passw0rd +hello123 +singer +soledad +naughty +friends1 +buttons +franklin +unicorn +gwapako +123654789 +marilyn +prettygirl +philip +vanilla +jellybean +elizabeth1 +pretty1 +yolanda +australia +busted +camilo +johanna +hershey +bismillah +pinkie +love13 +bigdaddy +cricket +holas +7654321 +ramona +carla +jacob +9876543210 +pink123 +pedro +photos +erick +briana +montana +hilary +callum +tiger +watermelon +shirley +sapphire +warren +ihateu +loveme2 +emerald +rahasia +dragons +lourdes +juancarlos +PRINCESS +janelle +therock +scotty +tania +douglas +dylan +cheer1 +latina +slayer +lovergirl +yoyoyo +lucky13 +papito +pikachu +nascar +lavender +asshole1 +breanna +22222 +idontknow +yellow1 +winston +aurora +iluvme +little +teamomucho +poohbear1 +010101 +krystal +hunter1 +flower1 +emanuel +belinda +iloveu1 +valentine +hotgirl +goddess +shithead +cindy +cuties +diamond1 +171717 +damien +kittens +rocky1 +merlin +copper +babyphat +peanut1 +pickle +rangers1 +ballet +wendy +coolgirl +caramelo +0000000000 +charlene +iceman +142536 +volcom +maymay +kingkong +selena +lucero +houston +baby123 +music +teacher +1435254 +alexa +windows +angelita +paula +love1 +wicked +special +shaggy +guadalupe +boogie +kissmyass +crazy1 +incubus +buster1 +connie +madonna +handsome +lovelife +billy +candy1 +1qaz2wsx +esmeralda +norman +dayana +myname +iloveme1 +ranger +loulou +richie +yahoo +chelsea1 +sexybabe +phoebe +nathaniel +peter +spongebob1 +2cute4u +converse +ramirez +a12345 +falloutboy +spanky +rayray +kristin +124578 +dianita +1111111111 +eunice +goldfish +marisa +family1 +tommy +hotchick +angel123 +080808 +liberty +sagitario +linkin +sexy12 +sassy1 +sniper +jesse +walker +161616 +danica +cutegirl +lacoste +campanita +harry +gothic +password123 +realmadrid +marlboro +molly1 +chicken1 +atlanta +kelvin +juventus +peace +mookie +ronaldinho +0000000 +preston +newcastle +sassy +esteban +arthur +giovanni +maribel +moises +12345a +nintendo +stefan +leelee +mahalkoh +fresita +951753 +champion +snuggles +erica +tequieromucho +bernard +austin1 +shutup +nissan +soulmate +celticfc +ecuador +tagged +iverson3 +hotpink +thomas1 +fatboy +taytay +missy +honey1 +loser1 +michel +playboy1 +lunita +nicola +nancy +brandi +steelers +southside +blueeyes +arlene +random +mackenzie +alexia +tiger1 +rachelle +michele +winner +judith +goober +ernesto +spirit +landon +blahblah +mamapapa +carrie +pierre +282828 +darius +edgar +maurice +99999 +chocolate1 +unique +111222 +cosita +morales +hermione +starlight +kennedy +dimples +coolcat +rivera +katelyn +rodney +stanley +moonlight +iluvu +viviana +something +gonzalez +esperanza +softball1 +love22 +newlife +bunny +children +skippy +marlene +baby12 +france +father +abcde +234567 +swordfish +snowflake +nigger +77777 +dillon +fucku +shasha +doraemon +helpme +ingrid +romance +kathryn +runescape +domino +pitbull +ricky +geraldine +dimple +allstar +cooldude +bhaby +tweetybird +134679 +pakistan +cassidy +godbless +paramore +ballin +jermaine +jefferson +smudge +chopper +julie +karate +romania +sunset +seventeen +hummer +mariela +garrett +emotional +alonso +computer1 +bitchy +loveless +daisy1 +puppy +smallville +freddie +clover +peluche +yugioh +mykids +blue123 +annie +mexico1 +meghan +thailand +cherries +andreita +ximena +goldie +basket +bella1 +vanesa +dragon1 +070707 +kaykay +groovy +joyce +blueberry +gladys +maggie1 +acuario +262626 +boricua +janjan +eclipse +marjorie +blue22 +whatever1 +sponge +kendra +coconut +amber1 +destiny1 +cameron1 +blabla +negrita +angelbaby +theone +booboo1 +kevin1 +dipset +alexis1 +191919 +danilo +kirsty +cheryl +harmony +samantha1 +ragnarok +warrior +aileen +cheeky +serena +babyboy1 +granny +john316 +abraham +green1 +ilovemyself +wrestling +dragonfly +guillermo +fender +blacky +mikey +bintang +nathan1 +bonbon +poopie +alfonso +punkrock +michaela +miracle +online +mollie +brother +yourock +wizard +jazmine +manunited +carlo +love69 +munchkin +christy +harley1 +rock you +iloveboys +success +karlita +bogdan +jillian +supergirl +mmmmmm +patrick1 +catalin +doggie +melisa +bugsbunny +hollie +jennifer1 +lilwayne +alianza +athena +moreno +bailey1 +violeta +puppylove +maureen +emilio +makayla +gymnastics +casey +ilovechris +heyhey +holly +rachael +milkshake +butthead +mathew +bullet +asdasd +159951 +kenny +jupiter +juanita +1password +steven1 +chandler +goodgirl +kenzie +alfred +harrison +virgin +baseball1 +eternity +caramel +pepper1 +manuela +ingeras +lasvegas +seven7 +katkat +mckenzie +redrose +asdfjkl; +estefania +estrela +love14 +godislove +jajaja +elena +lenlen +geminis +danny1 +stinky +duncan +keisha +aubrey +holiday +starfish +wallace +danielle1 +jaguar +felicia +santana +florin +ariel +scrappy +popeye +america1 +ginger1 +argentina +fishing +mayra +hehehe +blackie +chelle +joseph1 +2hot4u +badass +luisa +deanna +knight +myangel +lampard +freaky +rihanna +colleen +aaron1 +fiorella +killer1 +sarah1 +denisa +yesenia +scott +sailormoon +redsox +junior1 +monday +microsoft +joana +kathy +monika +golfinho +holden +dragoste +baxter +futbol +love11 +teddy +billie +gonzales +mermaid +qwe123 +josephine +dramaqueen +carol +frank +ABC123 +welcome1 +sasha +sugar +arianna +kirsten +carito +yankee +ludacris +clayton +yvette +carina +sexylove +jonjon +computadora +Password +forever1 +coolio +logitech +callie +melissa1 +fucku2 +alaska +clifford +manson +ilovematt +berenice +momdad +honduras +gordon +friday +steph +tracey +divina +liverpoolfc +dwayne +ilovejosh +stevie +bruno +roland +ronaldo7 +lovesucks +password12 +sublime +joejonas +rebeca +kisskiss +mibebe +corona +1212312121 +richard1 +conejo +redneck +thegame +fergie +nacional +vivian +valentin +272727 +8675309 +simona +hotmama +evanescence +change +love101 +loveu2 +maxine +88888 +aventura +cristi +henry +eastside +lizard +cristiano +morris +cleopatra +brayan +drowssap +dalton +lollol +wolves +963852 +fernandez +annette +legend +luisito +mahalq +shalom +blanca +motherfucker +orange1 +pablo +vegeta +martina +stewart +fabulous +love21 +yanyan +marcelo +alvin +howard +noodles +cuttie +maryann +gabby +555666 +tequila +dolphin1 +cherry1 +raiders1 +warriors +maximus +marines +prettyme +jersey +smelly +agosto +roberta +jennie +carlos1 +heather1 +sexy69 +single1 +medina +missy1 +tricia +saints +leonard +romeo +kawasaki +nightmare +candice +randy +brendan +cheetah +platinum +090909 +denver +hercules +juliet +messenger +kimkim +suzanne +iluvyou +kendall +everton +filipa +kieran +castro +pirates +jesus7 +love23 +asd123 +grandad +snowman +456456 +yousuck +bubba1 +jonas +antonia +mother1 +jetaime +cintaku +jacqueline +honeybee +amore +falcon +drummer +turkey +phantom +freedom1 +charmaine +alvaro +romero +passport +qazwsxedc +freckles +rocknroll +mystuff +german +leticia +celine +madeline +bubba +mandy +edison +shiela +steve +ruben +pancho +julia +dulce +sweetgirl +fuckit +Princess +cracker +sayangku +ashanti +angel12 +promise +020202 +kenshin +franco +rocket +andreia +ericka +taekwondo +ismael +logan +alexandre +melinda +smokey1 +chingy +private +surfer +jeremy1 +juanito +laptop +picture +isabelle +jacob1 +hamilton +mustang1 +trinidad +precious1 +angel2 +arcangel +ganteng +budlight +peaches1 +harris +cowgirl +loveyou2 +spooky +sixteen +newyork1 +student +iluvu2 +doodle +apple1 +blessed1 +confused +renato +1bitch +nokia +biatch +virgo +loveable +cheese1 +jesusfreak +stormy +shawn +tootsie +bobmarley +paris +rommel +shauna +jerry +pink +delete +felicidad +lynlyn +babykoh +kayla1 +thalia +marion +anything +sexybaby +rolando +rainbow1 +valencia +lizbeth +minime +colorado +triskelion +poison +yomama +ilovemike +maemae +scruffy +chucky +cellphone +aldrin +punkin +queen +divine +florence +slimshady +liverpool1 +lovers1 +swimmer +pimpin1 +ewanko +gizmo1 +dondon +sisters +galaxy +hazel +forget +pussy +tasha +loveyou1 +a1b2c3 +rey619 +insane +stitch +cristal +aries +sidney +maricel +soloyo +lauren1 +jackson1 +madrid +emily1 +rowena +321654 +mnbvcxz +gunner +dorothy +country +malibu +applepie +skyler +vodafone +maimai +jonathan1 +nataly +babes +chloe1 +454545 +password3 +jonasbrothers +greenday1 +bryant +system +eminem1 +motocross +hanson +penelope +nickjonas +beatrice +philips +pavilion +magandaako +hitman +cruzazul +germany +paige +laurita +kagome +qwerty123 +hihihi +stuart +nemesis +getmoney +paolita +filipe +alabama +redhead +theused +sherry +mypassword +princes +morado +cinta +gizmo +doctor +edwin +shanice +kakashi +psycho +beverly +morgan1 +avril +marijuana +121314 +irock +weed420 +scooby1 +bigred +bonjovi +escorpion +lucas +amazing +church +regine +fatcat +jamie1 +monalisa +love15 +rakista +jenna +DANIEL +password! +oscar1 +stardust +nevaeh +marimar +xander +robinson +eddie +ilove +shannon1 +myfamily +johana +trandafir +wonderful +super +jenifer +skipper +telefon +lifesucks +potpot +dance1 +bowwow1 +13579 +benson +chivas1 +wolverine +mobile +tonton +georgina +allen +tinker1 +grapes +devils +zoey101 +gibson +misty +aishiteru +jaime +angel13 +tattoo +conner +bernie +milton +bamboo +fofinha +american +respect +katie1 +abercrombie +cinnamon +marcel +cathy +astig +love143 +pink12 +iloveme2 +georgiana +alondra +candyfloss +brittany1 +snoopy1 +winniethepooh +050505 +bobby1 +dietcoke +g-unit +alyssa1 +donnie +poop +broncos +emilia +famous +cowboys1 +eleven +cedric +amalia +iloveryan +langga +963852741 +flamingo +wordpass +falcons +mypics +sprite +suzuki +moocow +angeleyes +antony +payton +spoiled +monkey2 +madden +marine +fuckoff1 +raven +poncho +abcdefgh +black1 +alina +princess2 +nathalie +303030 +nelly +kimmie +shawty +krissy +tomtom +sheryl +deborah +emerson +emogirl +mikaela +pinky1 +denisse +kittie +manman +292929 +noodle +renee +donna +sonia +chantelle +devil +bratz +camaro +meandyou +420420 +capricornio +elamor +puertorico +behappy +theman +hotboy +lillian +magdalena +chelsey +irene +makaveli +skateboard +octubre +window +123 +noviembre +1123581321 +newport +tiffany1 +carebears +samsam +pencil +lestat +lionking +gabriella +kenken +brianna1 +007007 +bombon +music1 +personal +skyblue +wedding +marianne +southpark +anjing +soccer12 +sexy13 +nikki1 +brasil +chikita +bonjour +asawako +mitch +jesse1 +duckie +naynay +mariajose +iforgot +maritza +scooter1 +xiomara +ilovemom +ivonne +girlfriend +simpson +jamjam +lovable +hannahmontana +soccer10 +desire +rodolfo +ilovepink +powers +wisdom +michigan +mylove1 +sunday +perrito +brazil +smackdown +pillow +marcia +conejita +scarlet +yankees1 +ssssss +rockers +boobies +josue +sexyboy +lopez +graham +ilovejoe +BABYGIRL +armani +billybob +sherwin +445566 +kkkkkk +arizona +batman1 +enigma +nadia +denden +killua +dingdong +believe +english +burbuja +leandro +savage +pepito +timmy +lennon +kristy +135790 +zzzzzz +astrid +philly +blingbling +789789 +playstation +sparkles +charity +jenny1 +magic +queenie +crystal1 +bigdog +loquita +missyou +naruto1 +george1 +victory +flaquita +sucker +frogger +bobbie +lilman +azerty +dickhead +chelseafc +bluesky +beatles +dalejr +kellie +honeys +babygirl2 +dakota1 +baby +anastasia +barbie1 +jewels +priscilla +pandora +jjjjjj +jimenez +subaru +muhammad +hammer +longhorns +racing +lilbit +danielita +lol123 +sexygurl +donovan +brayden +boyfriend +rammstein +dylan1 +coldplay +carmelo +noelle +panasonic +celtic1888 +libertad +leonel +778899 +zidane +eileen +campbell +565656 +estrellas +terrell +borboleta +delacruz +surfing +gwapa +johnpaul +jeanette +jimena +little1 +corina +soccer13 +spring +diciembre +peachy +12344321 +hallo +gordita +johnnydepp +sexsex +princess12 +shamrock +biscuit +gangsta1 +apollo +krista +ladybug1 +johnny1 +porter +lamejor +secret1 +poppy +898989 +althea +sophie1 +thankyou +player1 +1478963 +mittens +amizade +aol123 +knights +pinklady +malcolm +soccer7 +romina +losers +030303 +classof08 +maria1 +senior +nofear +cotton +killme +rooster +kimberley +louie +canela +toshiba +netball +jared +sexy101 +allan +060606 +lacrosse +corvette +laguna +retard +rosie +jimmy1 +scarlett +francesca +paulo +jeffhardy +sexyback +joejoe +twister +mariam +cristy +bernardo +latoya +love16 +teodio +saturn +cloud9 +tarzan +alexandria +megan1 +becky +bautista +vicky +jester +rosemary +indian +pookie1 +avatar +keith +nibbles +alice +jimbob +dawson +renata +belle +password7 +hassan +daniella +tabitha +mohamed +maddog +gillian +lemons +darlene +sweetie1 +smile1 +cosmin +kickass +soccer11 +celular +johnjohn +guatemala +manzana +blood +corey +gators +manolo +sugar1 +suckit +jakarta +flakita +brooklyn1 +margarida +angeline +shelley +hollister1 +dandan +russel +trigger +halloween +bluemoon +spunky +jeffery +lilly +death +classof09 +shibby +kingdom +titans +bloodz +patty +carson +mamacita +skylar +987456 +libra +star123 +skeeter +kiara +senior06 +redred +toffee +jazzy +lizeth +lottie +mallory +christian1 +hacker +dragonball +declan +5555555 +charly +kermit +daphne +brian1 +traviesa +stupid1 +ilovejohn +alvarez +rhiannon +daredevil +cartoon +pokemon1 +power +africa +acmilan +nugget +pippin +666999 +ilovenick +peanuts +12121212 +44444 +pizza +pinkpink +9999999 +nellie +lilfizz +patrice +ilovehim1 +shayne +ilovesam +emopunk +carmela +eliana +herman +mercury +yandel +heartbreaker +pepsi1 +peyton +love08 +rockstar1 +valentino +mamasita +lilian +girlie +avrillavigne +attitude +loredana +qwertyu +jehova +skate +joaquin +simon +evolution +samurai +misty1 +logan1 +married +lucia +nigga +mivida +desmond +diane +florida1 +159159 +sadie +angels1 +female +tootie +battle +patricio +betty +stefania +my3kids +forest +tommy1 +outlaw +soldier +sadie1 +456852 +squirt +lanena +travis1 +ethan +nicoleta +tigers1 +pandas +clarinet +kisses1 +qwaszx +papamama +pasword +cheesecake +bridget +manila +pornstar +joker +salazar +jeanne +larissa +ellie +faithful +collin +glamorous +septiembre +onlyme +bernadette +pinkpanther +mumdad +lavigne +girlpower +carolyn +mexican +faith1 +sexy1 +eastenders +gymnast +sandy1 +elliot +love07 +packers +razvan +hellomoto +kimmy +sunny +prissy +indonesia +nayeli +mygirl +angelic +natalie1 +qweasd +naomi +jamesbond +33333 +runner +backspace +bebito +nicholas1 +keyboard +bhabes +puppy1 +carmel +mattie +catcat +hilaryduff +shania +happy123 +1234qwer +sylvester +teddy1 +detroit +victoria1 +hinata +pirate +JESSICA +matias +georgie +dougie +candace +bastard +andrea1 +fuckers +brutus +honda +ilovealex +brooke1 +telephone +kawaii +derek +isaac +shortie +alexander1 +frosty +meagan +melina +iloveben +chemical +charley +vikings +chrisb +manchesterunited +megaman +siobhan +charmed1 +pollo +j123456 +CARLOS +wassup +miguelito +kristian +soccer2 +water +rainbows +thompson +jericho +258456 +fucking +medicina +febrero +tigger2 +love01 +renee1 +cat123 +55555555 +enamorada +lexmark +morrison +habibi +1lover +jackie1 +qqqqqq +louise1 +giselle +oranges +bumblebee +NICOLE +perros +randall +tamahome +goodies +cutiepie1 +7894561230 +firefly +clarence +babyangel +rocio +unknown +thirteen +margie +pepsi +yahooo +nenalinda +amarillo +deftones +benjie +westham +jaypee +domingo +yadira +captain +extreme +blondie1 +soccer9 +lemonade +together +paolo +iloveyou3 +dumbass +skater1 +daddyyankee +dallas1 +secrets +adelina +lancer +mamamia +monkey123 +alex123 +mikey1 +carrot +matematica +playmate +littleman +sexy14 +cassie1 +digital +jessie1 +texas1 +ANGEL +nestor +forgot +bunny1 +gerardway +felix +girlsrule +annabelle +murray +fucklove +qwertyui +redskins +stonecold +i love you +lassie +sexy +irish +flames +123456j +potato +bombom +kaitlin +porkchop +mybaby1 +terry +malachi +rebecca1 +killers +renren +mommy2 +clarissa +bleach +julieta +anime +123456789a +perro +holland +vicente +raluca +popstar +solomon +lewis +gracia +fucker1 +spitfire +salome +angelz +beanie +osito +wildcat +watson +nicky +elvis +digimon +floricienta +china +vanessa1 +paopao +tobias +strong +blazer +blackrose +malaysia +darrell +janeth +14789632 +iamthebest +pumas +susan +future +security +kikay +casanova +roseann +spike +josiah +darryl +master1 +maricar +caitlyn +airforce +poochie +froggie +lance +roses +teamobb +lebron +mushroom +flowerpower +reading +penguins +reynaldo +forever21 +mumanddad +braves +cherokee +babybaby +infinity +monster1 +mommie +gemma +blue12 +blessing +classof07 +iamcool +klapaucius +freak +glenda +bobesponja +whiskers +simba +chipper +samara +digger +lucifer +cortez +poopy +567890 +crazygirl +osiris +therese +washington +warcraft +1princess +zombie +pangga +angel01 +mustangs +pinkgirl +goodbye +sabina +central +amylee +colton +latino +dangerous +gabriel1 +theking +love06 +napoleon +richmond +oklahoma +summer06 +sooners +explorer +butterflies +siemens +pudding +araceli +damaris +babybear +redbull +sterling +penny +1loveyou +goodluck +angel7 +753159 +jesus777 +abc1234 +love10 +frankie1 +mystery +porsche +kelly1 +carpediem +junebug +gordito +robin +pazaway +22222222 +powerpuff +dayday +midnight1 +chaparra +lincoln +janet +dalejr8 +love1234 +m123456 +baby13 +hanna +magnolia +sally +horses1 +guerrero +lamont +bunnies +tottenham +ASHLEY +memories +wanker +dream +laloca +hillary +mychemicalromance +rachel1 +ANTHONY +werty +1122334455 +arsenal1 +sasha1 +molina +adriano +matilda +flipper +fanny +milena +sheldon +lesley +stoner +kaiser +locura +chickens +chris123 +LOVELY +jessy +seven +becca +brebre +metal +monse +monique1 +babygirl12 +marita +browneyes +julissa +chester1 +billy1 +calculator +rebekah +lightning +sharks +banana1 +britt +youandme +starbucks +chuckie +olimpia +bluebird +sandiego +dollar +catwoman +mikayla +humberto +aaliyah1 +asdf1234 +dragonballz +123457 +dolores +magodeoz +clinton +maniez +789123 +koolaid +heaven1 +fireman +candycane +reyes +whatsup +eduard +angelique +redhot +223344 +johnathan +charles1 +2sexy4u +123456m +lesbian +snowwhite +rebels +lebron23 +slipknot1 +ilovejames +poodle +5555555555 +rangersfc +hooters +limegreen +fallen +adrienne +rusty1 +maddison +sleepy +cartman +jojojo +grecia +hotrod +Jessica +terrance +iloveadam +shayshay +chino +scottie +chavez +aguilar +violin +66666 +aberdeen +rogelio +blablabla +whiskey +99999999 +casey1 +te amo +yourmom1 +jhonatan +mirela +xxxxx +gareth +bentley +claudio +micaela +mariano +fatass +imissu +cookies1 +chobits +singing +monkey12 +school1 +loveko +yazmin +holahola +marcus1 +vargas +webster +love24 +fuckyou! +chase +asdfasdf +kristel +password. +****** +rootbeer +hamish +verito +carajo +shelby1 +sylvia +bowling +wanted +yahoo1 +deathnote +danielito +shiloh +misterio +evelin +nevermind +alucard +147896325 +kissme1 +edward1 +gunners +MICHAEL +tacobell +tyson +eleanor +sam123 +tantan +mafalda +rosemarie +charming +celtic1 +haley +lovehate +mahalcoh +cashmoney +usa123 +shayla +rosado +warning +larisa +363636 +jazzy1 +button +selene +science +boobie +starburst +rakizta +jeter2 +livestrong +burton +camera +jayden1 +turner +jesica +blake +antonio1 +viridiana +mountain +98765 +penis +lololo +denise1 +pussy1 +seanpaul +haters +password5 +1234abcd +juancho +agustin +ulises +sinead +popcorn1 +smarties +friendly +jaycee +boomboom +gatinha +memory +jomblo +909090 +zachary1 +josefina +sampson +holly1 +analyn +040404 +wonder +courtney1 +ilovesex +blackcat +oliver1 +dookie +bandit1 +56789 +billiejoe +123456789123456 +greeneyes +iloveyou. +321321 +sexychick +pucca +sk8ter +queens +maroon5 +kenny1 +iminlove +786786 +323232 +riley +gameboy +cinthia +emiliano +dannyboy +minnie1 +elisha +quincy +prayer +mildred +iloveyou7 +raider +gundam +umbrella +watever +boycrazy +hellboy +soccer3 +funny +philippines +krishna +pacman +trunks +casper1 +ciara +laura1 +rocks +cougars +patriots +wayne +beaver +angel11 +soccer4 +baller1 +orlando1 +badminton +hottie101 +someone +212224 +cougar +helen +larry +monkey7 +369369 +clouds +fercho +gracie1 +elliott +johncena1 +ronron +compaq1 +indiana +rolltide +jingjing +foster +123698745 +mylene +serendipity +flowers1 +teadoro +fisher +sexybeast +versace +yenyen +blonde1 +juggalo +vagina +lipstick +q1w2e3 +monroe +samira +amoremio +justdoit +love18 +lynette +stargirl +holla +heartbroken +redrum +fluffy1 +changeme +chiqui +survivor +rebelde1 +puppys +angeli +rukawa +ILOVEU +meowmeow +147147 +inuyasha1 +timberlake +reebok +amsterdam +tiesto +khulet +eliza +hurley +12369874 +energy +rusty +airforce1 +kobe24 +treasure +jordyn +yummy +cupcake1 +bob123 +bookie +secreto +hogwarts +herbert +placebo +rupert +pelota +bradpitt +aussie +kipper +neopets +kingston +thesims +roger +freestyle +Michael +trenton +Password1 +chucho +787878 +rugrats +teamobebe +simba1 +love09 +shawna +estefany +alone +meredith +TEAMO +lakers1 +griffin +honda1 +elijah1 +pleasure +bbbbbb +girls +martin1 +blackjack +kitten1 +babypink +felicity +loveit +walmart +tiago +shanna +dracula +biggie +kontol +leilani +asakapa +killa +313131 +pa55word +paintball +ilovedan +yasmine +andreas +blades +myhoney +soccer14 +gutierrez +mister +business +playboy123 +mendez +loveforever +engineer +fotos +jonalyn +my2kids +memphis +aimee +dddddd +skinny +adonis +freeman +maximo +wateva +shawn1 +alex +andrey +stefanie +chantal +marquis +789654 +bacardi +pablito +candygirl +angelface +villanueva +gateway1 +lilangel +amote +dustin1 +general +prince1 +nolove +brandy1 +pppppp +12qwaszx +webcam +1234560 +cheerleading +snoopdogg +JORDAN +gonzalo +marihuana +superstar1 +collins +solange +panama +dulcemaria +patience +weezer +roscoe +maryjoy +raphael +underground +boricua1 +123456k +spikey +firebird +romeo1 +1314520 +aliyah +ilovedavid +01234 +artist +snickers1 +penny1 +sunrise +access +25252525 +brodie +emelec +redman +summer07 +waters +highschool +rebel +cherish +godzilla +juanjose +poiuyt +princess13 +maryrose +jumong +imcute +anabel +navarro +fresa +mouse +mummy +sweetiepie +yumyum +vladimir +7895123 +olivia1 +shane1 +doggy +bribri +mason +juicy +19871987 +andromeda +mario1 +party +sweetlove +corazones +tomboy +sexy11 +lovegod +bitch123 +grandma1 +ferreira +vampires +selina +harry1 +raven1 +smarty +skittles1 +sexy15 +guitar1 +turtle1 +elvira +pringles +poppop +looney +tulips +devin +654123 +jhonny +sirena +dieguito +oswaldo +puppydog +benji +pink11 +sexbomb +street +morangos +lavinia +snoopdog +jackass1 +bishop +carlita +angelgirl +pebbles1 +angela1 +love4u +adrian1 +619619 +apples1 +muffin1 +19891989 +icecream1 +alegria +beauty1 +lilone +kaycee +woaini +ANDREA +ethan1 +shitface +franky +scott1 +spiderman1 +candle +kathmandu +johndeere +muppet +leeann +sunny1 +gwapo +ilove? +snakes +venezuela +goodboy +jonathon +blueangel +pink13 +stephen1 +herrera +minerva +texas +thanks +beaner +hendrix +myheart +gianna +lillie +myboys +mygirls +claudiu +education +imsexy +butter1 +twins2 +aerosmith +rovers +ironmaiden +trinity1 +321654987 +alinutza +pendejo +rashad +because +amethyst +bloody +francine +superpets +vinnie +cheekymonkey +stargate +pumpkin1 +zxcvb +raerae +honesty +miguelangel +caleb +ernest +dog123 +pereira +angel3 +love17 +march +qazxsw +senior07 +chinito +makeup +striker +federico +panda1 +chantel +misael +queen1 +singapore +joaninha +wazzup +buddha +markie +nguyen +craig +hunnie +my2girls +karolina +angel5 +giraffe +tangina +badboys +victor1 +imcool +jesus123 +homero +eighteen +voodoo +miley +gwapoko +happydays +isabela +darnell +1a2b3c +reggae +stephy +aguila +lashay +diogo +account +badger +fighter +deadman +pisica +kamote +angel22 +chippy +gretchen +tammy +buffy +tyson1 +sweetangel +jasper1 +jarule +martini +antonella +summer08 +pompom +silvana +papichulo +sexual +fucku1 +password11 +ivette +sherman +trooper +brokenheart +yuliana +printer +francia +floppy +soccer5 +terrence +peluchin +max123 +smirnoff +villevalo +ironman +smiley1 +adolfo +benny +monita +glenn +dodgers +boxing +muerte +negrito +movies +ilovemymom +jaylen +goodcharlotte +laurence +babydoll1 +dante +bounce +chico +tanya +bigdick +ionutz +timothy1 +honeykoh +vince +homies +bradley1 +glamour +juanpablo +nelly1 +19921992 +soylamejor +kangaroo +stefany +iubita +alesana +tropical +smile4me +garden +nigga1 +metoyou +april1 +caballo +family5 +stephanie1 +slide +angel14 +bigbird +annmarie +yahoo.com +keegan +mozart +ashlyn +julieann +cheska +eddie1 +gabby1 +ilovemyfamily +idunno +calderon +lizzy +finalfantasy +MICHELLE +class09 +breezy +dipset1 +ilovejake +temple +classof06 +marquez +karito +peaceout +astonvilla +dodong +sexygirl1 +buddie +zxcvbnm,./ +ricky1 +chunky +jesussaves +davids +leigh +photo +sexyass +malagu +my2boys +ionela +princess7 +polaris +spartan +tripleh +tyrell +bratz1 +allie +fireball +herbie +cornelia +bumbum +marianita +escape +mike +eagles1 +madmax +bobbob +kambal +maxmax +silent +luciana +ramones +tribal +winxclub +revenge +hearty +benito +milkyway +llllll +cinthya +contraseƱa +liezel +thunder1 +badman +christie +ichigo +kentucky +reagan +mafer +cherie +peanutbutter +zamora +delicious +sparrow +leonor +woohoo +addison +daughter +coolman +sporty +mydear +narnia +password13 +adrianna +savannah1 +burger +shasta +fiesta +trouble1 +angel101 +mason1 +estela +backstreet +anakin +jessa +giants +1jesus +arianne +rosie1 +star +q1w2e3r4 +topgun +naenae +auburn +369852 +password4 +pamelita +jologs +godfather +lilred +baby14 +imagine +silver1 +boobear +maddie1 +savanna +jesusc +riley1 +babycoh +playboi +grumpy +itachi +pink22 +french +friends4ever +whisper +buffalo +aguilas +xoxoxo +ilovemark +luisteamo +tarheels +hongkong +alissa +monkey3 +sparky1 +timmy1 +journey +musical +horse +19861986 +bigman +nichole1 +alanna +jhenny +gordon24 +youtube +lovingyou +monopoly +maradona +summertime +crazy4u +543210 +ritinha +chinchin +candyman +presario +haylee +jaiden +delfines +jungle +roxygirl +kristi +running +soccer15 +walalang +mileycyrus +cabbage +ariane +rosales +green123 +brown +bhabie +coolness +immortal +patches1 +cancel +neneng +sixers +salinas +lilmama1 +505050 +ilovetom +23456 +PASSWORD1 +salvation +oooooo +oliveira +broken1 +pegasus +chevelle +bennett +history +emokid +ralph +jessika +irving +gotohell +geronimo +froggy1 +mom123 +punker +topher +smooth +soccer8 +pokpok +praise +grace1 +ilovejason +jackson5 +damion +fcporto +principe +whocares +ioana +cheers +livelife +lucian +mayang +james123 +princess3 +angel21 +fourteen +cielo +popopo +dublin +prinsesa +dodger +kassandra +magaly +69696969 +rhonda +oldnavy +rastaman +twinkie +souljaboy +ramon +island +123987 +jensen +hudson +bigbrother +ranita +chihuahua +111213 +thatshot +dwight +elmejor +mission +innocent +momanddad +spike1 +gunit +pancake +lorenz +dominick +sebas +soccer6 +abcd123 +devil666 +ravens +hitler +pampam +poppy1 +fabio +disturbed +beloved +babygirl13 +newton +colombia1 +123789456 +cristiana +bellota +doglover +candies +newzealand +samanta +emachines +tierra +monkeybutt +pancakes +jacky +information +denzel +zander +cierra +itzel +barbiegirl +harlem +chase1 +hawaiian +alessandro +Daniel +pothead +lorenita +marygrace +demons +karencita +pioneer +james23 +morenita +kittys +debora +my3sons +booger1 +iulian +celina +jesuslovesme +waterfall +cowboy1 +passwords +katty +complicated +choclate +fatman +perlita +gisela +iloveyou12 +star12 +sailor +gerrard8 +asdfghjk +angell +hotshot +paige1 +midget +1angel +cooper1 +monitor +estrada +afrodita +asdfghj +baby08 +viking +frederick +dutchess +xavier1 +lionel +alicia1 +clueless +cookiemonster +benedict +piggy +graciela +sharpay +predator +class07 +poptart +jesuss +258963 +tornado +kelley +1blood +222333 +peter1 +madness +packard +hotbabe +dudley +angel16 +a1b2c3d4 +guinness +fuckface +monica1 +millwall +baby1 +sandrita +trumpet +wachtwoord +awesome1 +kamila +pineda +123456s +garnet +silvestre +qweasdzxc +qwer1234 +ilovedogs +melany +blue13 +kahitano +einstein +sexy01 +gwapoako +19931993 +coleman +111111111 +qwerty12 +makulit +marielle +pearl +miguel1 +jonny +mcdonalds +manager +molly123 +pingpong +allyson +bertha +thinkpink +mango +angel10 +timber +groovychick +QWERTY +pollita +looser +enter +omarion1 +tennis1 +willy +people1 +control +tortuga +turtles +chelsie +cannabis +sandoval +nicole2 +redroses +chris12 +lollies +siempre +teresita +original +budweiser +hibernian +edwards +guitarra +biology +steph1 +apple123 +classic +cabrera +solotu +mifamilia +godlovesme +hamtaro +jelly +marta +doodles +reaper +create +mommy3 +jomar +rafaela +bighead +erwin +brendon +ninja +ilovekyle +mandy1 +linda1 +Nicole +sexybitch1 +mercado +s123456 +nature +MONKEY +coyote +JASMINE +alvarado +bearbear +elisa +honeyz +keekee +doggies +family4 +usher +pinkish +ezekiel +blizzard +elisabeth +monyet +friendsforever +skywalker +richelle +bond007 +labebe +wordlife +lovebug1 +000001 +marsha +sassygirl +laurie +maricris +maiden +happyfeet +mysterio +monkeys1 +jones +mariah1 +water1 +blue32 +luckydog +delgado +sosexy +momof3 +monkey13 +venice +littlebit +birdie +tanisha +pisicuta +meggie +estefani +elefante +aquino +princess123 +bitch69 +pizza1 +19941994 +belleza +valery +sweety1 +sahara +bessie +annie1 +Jordan +matty +glasgow +bubulina +mybabies +hailey1 +19851985 +dejavu +mohammed +boobs +georgia1 +antoine +aquamarine +nineteen +carissa +maricela +fabolous +deejay +hunnybunny +akatsuki +negro +latrice +poiuytrewq +ibanez +snowboard +chico1 +killbill +maisie +hondacivic +angelus +savior +manny +alessandra +bryan1 +baybee +aleja +carebear1 +eloisa +independent +mmmmm +lowrider +bball +madman +lalito +141516 +search +oakland +kamikaze +brooks +devon +1q2w3e4r5t +juanes +arielle +shaun +candie +twiggy +ash123 +priscila +cool123 +eragon +bubble1 +corbin +hello12 +gotmilk +lilly1 +fairies +flipflop +Michelle +minniemouse +teetee +AMERICA +duchess +grandpa +ortega +cutify +bernice +nicolle +gilberto +tasha1 +hilton +ripcurl +maxpower +subway +nickolas +connor1 +terminator +dionne +buffy1 +dorian +louis +carnell +aaaaaaaa +chicky +sandra1 +hello2 +florentina +LOVEME +catdog1 +nicole12 +corey1 +amorsito +padilla +lovemom +snowball1 +nookie +beach +telefono +nanita +kimerald +velvet +mamama +hoover +wonderland +fantastic +josie +987456321 +palmtree +gordo +bitches1 +catfish +lovelygirl +deandre +disneyland +escola +teddybear1 +assassin +burberry +ignacio +143444 +volume +paixao +camelia +ramiro +baby07 +456321 +gracey +TWEETY +hello! +memyselfandi +kassie +guzman +tenten +angel15 +hellothere +happybunny +nobody +nessa +notebook +volley +metalica +ferret +cheyanne +integra +putangina +crackers +jamielee +capslock +sparks +bunnyboo +bigmama +baby11 +luckyme +courage +cancun +joselito +fresas +Anthony +sexy16 +joselyn +babygal +loraine +kameron +alonzo +chiquito +1qazxsw2 +lovehim +smitty +indigo +bonnie1 +target +kansas +minina +abegail +bigfoot +1truelove +alohomora +colt45 +diamante +JOSHUA +77777777 +hustler +wwwwww +bhabycoh +pandabear +hellow +cobain +gavin +sierra1 +nikolas +computador +lissette +bobcat +k123456 +chicks +henderson +baby01 +muneca +giovanna +edgardo +jamila +jesusislord +rancid +candys +twins +onepiece +roberts +peekaboo +ibrahim +gerson +chuchu +venus +dixie1 +blink +hardrock +beebee +sexymama1 +counter +jeffrey1 +dottie +ojitos +leopard +bluebell +anahi +lilkim +semperfi +pizzas +crybaby +magnum +newman +avalon +jazzie +angel07 +JUNIOR +young1 +honest +1029384756 +jehovah +scream +lamborghini +Liverpool +ESTRELLA +soccer16 +smokie +class08 +booty +elvis1 +chronic +xtreme +smile123 +loveis +fraser +eatshit +deleon +darkside +satan666 +marvel +784512 +splash +steve1 +ilovecats +raymond1 +blanco +cutie123 +stephany +monmon +escorpio +balong +squall +abigail1 +tanner1 +09876 +qaz123 +tucker1 +labtec +lights +suicide +tracy +chargers +southern +peace1 +university +bluestar +alex12 +lloyd +pacheco +Danielle +casino +benjamin1 +julian1 +carola +alfie +lianne +queenbee +universal +336699 +jerson +monserrat +thelma +monkey11 +braveheart +JESUS +JUSTIN +shadmoss +sandro +aragorn +vernon +princess11 +rosalie +horse1 +carlito +224466 +jerico +nightwish +BRANDON +888999 +angie1 +alemania +angel23 +marques +loved1 +preety +blue +isaiah1 +chicago1 +anaconda +januari +june23 +gorillaz +dolphins1 +labrador +gandalf +campos +micah +lucille +sexyred +amerika +...... +magic1 +lacrimosa +italian +heyheyhey +PRINCESA +lilromeo +noelia +Tigger +andre1 +trojans +6543210 +reddog +spongecola +123456c +stronger +hotlips +redwings +andreina +456654 +bigboy1 +kitty123 +mongoose +sonny +steelers1 +honeyq +newpassword +badboy1 +miller1 +element1 +helloo +teamomiamor +sabrina1 +matilde +chinese +iuliana +revolution +metallica1 +tekieromucho +jonatan +asasas +godsmack +eugenia +summer05 +foxylady +fantasia +321456 +smithy +wertyu +jellybeans +redsox1 +pooper +june28 +1234554321 +disney1 +natali +thesims2 +bball1 +abbie +castle +muslim +smith +rosalinda +soccer22 +yomomma +roderick +cccccc +bling +squirrel +janina +murder +planet +denis +chikis +kendrick +francisca +212224236 +ferguson +525252 +rabbits +chandra +orlandobloom +teodora +sweetypie +2222222 +tomato +rasta +2sweet +bonethugs +sagitarius +passions +techno +heroes +jamal +juliocesar +j12345 +19881988 +yessica +western +lokito +polarbear +nigger1 +onelove1 +chance1 +estrelinha +brianne +milano +anarchy +heavenly +235689 +butterfly2 +sexkitten +sexygal +losangeles +19951995 +koolkat +nextel +missie +jokers +spencer1 +oicu812 +pass123 +piscis +houston1 +nathaly +123456t +harriet +yankees2 +FUCKYOU +crips +1babygirl +sexysexy +123456b +toronto +holler +spotty +19841984 +dirtbike +#1bitch +fossil +rockandroll +brenda1 +michell +hellohello +powder +sausage +edith +gogirl +derick +TIGGER +celica +sirenita +love33 +quiksilver +ihateyou1 +daryl +playboy69 +ventura +leavemealone +iloveluke +super1 +wiggles +consuelo +camilita +MIGUEL +ladybird +limpbizkit +privacy +petewentz +gusanito +jayjay1 +princess01 +snapple +stewie +ducky +rasmus +inlove1 +letmein1 +biteme1 +karen1 +fernandes +brujita +sister1 +apache +LIVERPOOL +durango +universidad +sissy1 +lilsexy +heidi +louisa +isabella1 +newnew +lickme +cutie12 +1a2b3c4d +felicidade +honeypie +supernova +joselin +speaker +lobster +tigger12 +perla +annann +spears +ineedyou +10203040 +19911991 +chango +poetry +brennan +iloveyou4 +jayvee +japanese +jimmie +twisted +aracely +usher1 +blondy +rapper +roselyn +Jennifer +zxcvbnm1 +camara +destinee +gogogo +mateo +timberland +dickies +chevy1 +teamare +Brandon +slamdunk +malena +shaina +henry14 +imthebest +latina1 +dixie +powell +ronnel +damnit +robbie1 +christina1 +bandung +soccer17 +class06 +startrek +bouncer +chiquis +ALEXIS +rockets +angelie +ciocolata +pasion +candy123 +pascual +softball12 +wolfpack +gamecube +manuelito diff --git a/modules/encoders/bases/base64/secgen_metadata.xml b/modules/encoders/bases/base64/secgen_metadata.xml index f4c2ebb81..885670d40 100644 --- a/modules/encoders/bases/base64/secgen_metadata.xml +++ b/modules/encoders/bases/base64/secgen_metadata.xml @@ -15,7 +15,9 @@ windows low - Encoded using Base64. Decoding tools available online e.g. https://www.base64decode.org/ + Encoded using Base64. Decoding tools available online e.g. https://www.base64decode.org/ + From Kali, decode using the following command: 'echo yourbase64 | base64 --decode' + strings_to_encode base64_options diff --git a/modules/encoders/string/hex/secgen_metadata.xml b/modules/encoders/string/hex/secgen_metadata.xml index 7a16cb119..18b708062 100644 --- a/modules/encoders/string/hex/secgen_metadata.xml +++ b/modules/encoders/string/hex/secgen_metadata.xml @@ -17,6 +17,7 @@ Convert the hexadecimal (base 16) string into its ASCII value, character by character in sets of 2. Use an ascii table e.g. http://www.asciitable.com OR an online converter e.g. https://www.branah.com/ascii-converter + From Kali, use the following command: 'echo yourhex | xxd -r -p' strings_to_encode diff --git a/modules/generators/flag/flag_8char_hex/flag_8char_hex.pp b/modules/generators/flag/flag_8char_hex/flag_8char_hex.pp new file mode 100644 index 000000000..e69de29bb diff --git a/modules/generators/flag/flag_8char_hex/manifests/.no_puppet b/modules/generators/flag/flag_8char_hex/manifests/.no_puppet new file mode 100644 index 000000000..e69de29bb diff --git a/modules/generators/flag/flag_8char_hex/secgen_local/local.rb b/modules/generators/flag/flag_8char_hex/secgen_local/local.rb new file mode 100644 index 000000000..da9bd7532 --- /dev/null +++ b/modules/generators/flag/flag_8char_hex/secgen_local/local.rb @@ -0,0 +1,16 @@ +#!/usr/bin/ruby +require_relative '../../../../../lib/objects/local_string_generator.rb' +class HexGenerator < StringGenerator + def initialize + super + self.module_name = 'Random Hex Generator' + end + + def generate + require 'securerandom' + flag = SecureRandom.hex.slice(1..8) + self.outputs << "flag{#{flag}}" + end +end + +HexGenerator.new.run diff --git a/modules/generators/flag/flag_8char_hex/secgen_metadata.xml b/modules/generators/flag/flag_8char_hex/secgen_metadata.xml new file mode 100644 index 000000000..1b5988006 --- /dev/null +++ b/modules/generators/flag/flag_8char_hex/secgen_metadata.xml @@ -0,0 +1,24 @@ + + + + Random 8 Character Hex Generator + Jason Zeller + Z. Cliffe Schreuders + MIT + Uses Ruby's SecureRandom to generate a message made up of hex digits (a-f0-9). Then this has been + shortened to 8 characters. Designed for ease of use specifically with CTFd, when copy/paste is not available. + + + flag_generator + flag_ctfd + local_calculation + linux + windows + + http://ruby-doc.org/stdlib-2.2.2/libdoc/securerandom/rdoc/SecureRandom.html#method-c-hex + + generated_strings + + \ No newline at end of file diff --git a/modules/generators/image/scenario_image/manifests/.no_puppet b/modules/generators/image/scenario_image/manifests/.no_puppet new file mode 100644 index 000000000..e69de29bb diff --git a/modules/generators/image/scenario_image/scenario_image.pp b/modules/generators/image/scenario_image/scenario_image.pp new file mode 100644 index 000000000..e69de29bb diff --git a/modules/generators/image/scenario_image/secgen_local/local.rb b/modules/generators/image/scenario_image/secgen_local/local.rb new file mode 100644 index 000000000..4439674a2 --- /dev/null +++ b/modules/generators/image/scenario_image/secgen_local/local.rb @@ -0,0 +1,36 @@ +#!/usr/bin/ruby +require 'base64' +require_relative '../../../../../lib/objects/local_string_encoder.rb' +class ImageGenerator < StringEncoder + attr_accessor :image_filename + + def initialize + super + self.module_name = 'Scenario Image Generator' + self.image_filename = '' + end + +def encode_all + filepath = "#{IMAGES_DIR}/scenario/#{image_filename}" + file_contents = File.binread(filepath) + self.outputs << Base64.strict_encode64(file_contents) + end + + def get_options_array + super + [['--image_filename', GetoptLong::REQUIRED_ARGUMENT]] + end + + def process_options(opt, arg) + super + case opt + when '--image_filename' + self.image_filename << arg; + end + end + + def encoding_print_string + 'Scenario image generator: ' + self.image_filename + end +end + +ImageGenerator.new.run \ No newline at end of file diff --git a/modules/generators/image/scenario_image/secgen_metadata.xml b/modules/generators/image/scenario_image/secgen_metadata.xml new file mode 100644 index 000000000..ec2b6a04a --- /dev/null +++ b/modules/generators/image/scenario_image/secgen_metadata.xml @@ -0,0 +1,20 @@ + + + + Scenario Image Generator + Jason Zeller + MIT + Selects a specific image from the lib/resources/images/scenario directory in base64 format. + + scenario_image_generator + local_calculation + linux + windows + + image_filename + + base64_encoded_image + + \ No newline at end of file diff --git a/modules/generators/network/pcap/manifests/.no_puppet b/modules/generators/network/pcap/manifests/.no_puppet new file mode 100644 index 000000000..e69de29bb diff --git a/modules/generators/network/pcap/pcap.pp b/modules/generators/network/pcap/pcap.pp new file mode 100644 index 000000000..2cdc7c601 --- /dev/null +++ b/modules/generators/network/pcap/pcap.pp @@ -0,0 +1 @@ +require pcap::init diff --git a/modules/generators/network/pcap/secgen_local/local.rb b/modules/generators/network/pcap/secgen_local/local.rb new file mode 100644 index 000000000..b98b3b900 --- /dev/null +++ b/modules/generators/network/pcap/secgen_local/local.rb @@ -0,0 +1,122 @@ +#!/usr/bin/ruby +$: << File.expand_path("../../lib", __FILE__) +require_relative '../../../../../lib/objects/local_string_encoder.rb' +require 'packetfu' +require 'faker' +require 'rubygems' + +class PcapGenerator < StringEncoder + attr_accessor :strings_to_leak + + def initialize + super + self.module_name = 'PCAP Generator / Builder' + self.strings_to_leak = [] + end + + def packetgen(type, data) + if type == 'tcp' + # Create TCP Packet + pkt = PacketFu::TCPPacket.new + pkt.tcp_dst=rand(1..1023) + elsif type == 'udp' + # Create UDP Packet + pkt = PacketFu::UDPPacket.new + pkt.udp_dst=rand(1..1023) + end + # Create fake mac addresses for sender and receiver + pkt.eth_saddr=Faker::Internet.mac_address + pkt.eth_daddr=Faker::Internet.mac_address + # Create fake Public IP addresses for sender and receiver + pkt.ip_src=PacketFu::Octets.new.read_quad(Faker::Internet.ip_v4_address) + pkt.ip_dst=PacketFu::Octets.new.read_quad(Faker::Internet.ip_v4_address) + pkt.payload = data + pkt.recalc + end + + def datagen + data_types = [ + Faker::Dota.quote, + Faker::BackToTheFuture.quote, + Faker::BojackHorseman.quote, + Faker::ChuckNorris.fact, + Faker::DrWho.quote, + Faker::DumbAndDumber.quote, + Faker::FamilyGuy.quote, + Faker::Friends.quote, + Faker::GameOfThrones.quote, + Faker::HitchhikersGuideToTheGalaxy.quote, + Faker::HowIMetYourMother.quote, + Faker::Lebowski.quote, + Faker::MostInterestingManInTheWorld.quote, + Faker::RickAndMorty.quote, + Faker::Simpsons.quote, + Faker::StrangerThings.quote, + Faker::TheITCrowd.quote + ] + data_types.sample.dump.to_s + end + + def encode_all + # Create an array of packets + random_number = rand (26..75) + count = 0 + @pcaps = [] + + # Generate 25 initial packets + 25.times do + packet_type = ['tcp', 'udp'].sample + pkt = packetgen(packet_type, datagen) + @pcaps << pkt + count += 1 + end + + # Now generate random packets till we get to our random_number + while count < random_number + packet_type = ['tcp', 'udp'].sample + pkt = packetgen(packet_type, datagen) + @pcaps << pkt + count += 1 + end + + # Now add our strings_to_leak packet + strings = self.strings_to_leak.join("\n") + pkt = packetgen(packet_type, strings) + @pcaps << pkt + count += 1 + + # Finish generating packets till we have 100 + while count < 101 + packet_type = ['tcp', 'udp'].sample + pkt = packetgen(packet_type, datagen) + @pcaps << pkt + count += 1 + end + # Put packets in pcap file and return contents. + file_contents = '' + pfile = PacketFu::PcapFile.new + pcap_file_path = GENERATORS_DIR + 'network/pcap/files/packet.pcap' + res = pfile.array_to_file(:filename => pcap_file_path, :array => @pcaps, :append => true) + file_contents = File.binread(pcap_file_path) + File.delete(pcap_file_path) + self.outputs << Base64.strict_encode64(file_contents) + end + + def get_options_array + super + [['--strings_to_leak', GetoptLong::OPTIONAL_ARGUMENT]] + end + + def process_options(opt, arg) + super + case opt + when '--strings_to_leak' + self.strings_to_leak << arg; + end + end + + def encoding_print_string + 'strings_to_leak: ' + self.strings_to_leak.to_s + end +end + +PcapGenerator.new.run \ No newline at end of file diff --git a/modules/generators/network/pcap/secgen_metadata.xml b/modules/generators/network/pcap/secgen_metadata.xml new file mode 100644 index 000000000..9ad75b600 --- /dev/null +++ b/modules/generators/network/pcap/secgen_metadata.xml @@ -0,0 +1,24 @@ + + + + pcap File Generator + Jason Zeller + MIT + pcap generator. Wraps strings_to_leak (commonly used with a flag generators for CTF) in an Ethernet + packet. Output is a base64 encoded file. + + + + pcap_generator + linux + + strings_to_leak + + + + + + base64_pcap_file + diff --git a/modules/generators/passwords/custom_list_password/custom_list_password.pp b/modules/generators/passwords/custom_list_password/custom_list_password.pp new file mode 100644 index 000000000..e69de29bb diff --git a/modules/generators/passwords/custom_list_password/manifests/.no_puppet b/modules/generators/passwords/custom_list_password/manifests/.no_puppet new file mode 100644 index 000000000..e69de29bb diff --git a/modules/generators/passwords/custom_list_password/secgen_local/local.rb b/modules/generators/passwords/custom_list_password/secgen_local/local.rb new file mode 100644 index 000000000..ad579c7b3 --- /dev/null +++ b/modules/generators/passwords/custom_list_password/secgen_local/local.rb @@ -0,0 +1,35 @@ +#!/usr/bin/ruby +require_relative '../../../../../lib/objects/local_string_generator.rb' + +class CustomPasswordGenerator < StringGenerator + attr_accessor :list_name + + def initialize + super + self.module_name = 'Custom List Password Generator' + self.list_name = '' + end + + def generate + self.outputs << File.readlines("#{PASSWORDLISTS_DIR}/#{list_name}").sample.chomp + end + + def get_options_array + super + [['--list_name', GetoptLong::REQUIRED_ARGUMENT]] + end + + def process_options(opt, arg) + super + case opt + when '--list_name' + self.list_name << arg; + end + end + + def encoding_print_string + 'list_name: ' + self.list_name.to_s + print_string_padding + end + +end + +CustomPasswordGenerator.new.run \ No newline at end of file diff --git a/modules/generators/passwords/custom_list_password/secgen_metadata.xml b/modules/generators/passwords/custom_list_password/secgen_metadata.xml new file mode 100644 index 000000000..8b3b4ce5c --- /dev/null +++ b/modules/generators/passwords/custom_list_password/secgen_metadata.xml @@ -0,0 +1,25 @@ + + + Custom List Generator + Jason Zeller + MIT + Allows you to specify custom password list to generate from. + Available password lists are located in: lib/resources/passwordlists + + + password_generator + custom_list_password + linux + windows + + list_name + + + jtrpassword.lst + + + generated_passwords + + \ No newline at end of file diff --git a/modules/generators/structured_content/person/secgen_local/local.rb b/modules/generators/structured_content/person/secgen_local/local.rb index 20a5d94e8..49e446d26 100644 --- a/modules/generators/structured_content/person/secgen_local/local.rb +++ b/modules/generators/structured_content/person/secgen_local/local.rb @@ -12,6 +12,8 @@ class PersonHashBuilder < StringEncoder attr_accessor :account attr_accessor :credit_card attr_accessor :national_insurance_number + attr_accessor :age + attr_accessor :profession def initialize super @@ -25,6 +27,8 @@ class PersonHashBuilder < StringEncoder self.credit_card = '' self.national_insurance_number = '' self.account = [] + self.age = '' + self.profession = '' end def encode_all @@ -35,6 +39,8 @@ class PersonHashBuilder < StringEncoder person_hash['email_address'] = self.email_address person_hash['credit_card'] = self.credit_card person_hash['national_insurance_number'] = self.national_insurance_number + person_hash['age'] = self.age + person_hash['profession'] = self.profession if self.account != [] account = JSON.parse(self.account[0]) @@ -57,7 +63,9 @@ class PersonHashBuilder < StringEncoder ['--password', GetoptLong::REQUIRED_ARGUMENT], ['--credit_card', GetoptLong::REQUIRED_ARGUMENT], ['--national_insurance_number', GetoptLong::REQUIRED_ARGUMENT], - ['--account', GetoptLong::OPTIONAL_ARGUMENT]] + ['--account', GetoptLong::OPTIONAL_ARGUMENT], + ['--age', GetoptLong::REQUIRED_ARGUMENT], + ['--profession', GetoptLong::REQUIRED_ARGUMENT]] end def process_options(opt, arg) @@ -81,6 +89,10 @@ class PersonHashBuilder < StringEncoder self.national_insurance_number << arg; when '--account' self.account << arg; + when '--age' + self.age << arg; + when '--profession' + self.profession << arg; end end @@ -93,6 +105,8 @@ class PersonHashBuilder < StringEncoder 'password: ' + self.password.to_s + print_string_padding + 'credit_card: ' + self.credit_card.to_s + print_string_padding + 'national_insurance_number: ' + self.national_insurance_number.to_s + print_string_padding + + 'age: ' + self.age.to_s + print_string_padding + + 'profession: ' + self.profession.to_s + print_string_padding + 'account: ' + self.account.to_s end end diff --git a/modules/generators/structured_content/person/secgen_metadata.xml b/modules/generators/structured_content/person/secgen_metadata.xml index 227c250e8..31c1eefd0 100644 --- a/modules/generators/structured_content/person/secgen_metadata.xml +++ b/modules/generators/structured_content/person/secgen_metadata.xml @@ -19,6 +19,8 @@ email_address username password + age + profession account @@ -47,6 +49,19 @@ + + + + 18 + + + 85 + + + + + + person diff --git a/modules/services/unix/http/parameterised_website/manifests/install.pp b/modules/services/unix/http/parameterised_website/manifests/install.pp index aa7587fb6..dbff9dc53 100644 --- a/modules/services/unix/http/parameterised_website/manifests/install.pp +++ b/modules/services/unix/http/parameterised_website/manifests/install.pp @@ -33,6 +33,7 @@ class parameterised_website::install { $strings_to_leak = $secgen_parameters['strings_to_leak'] $images_to_leak = $secgen_parameters['images_to_leak'] + $images_mode = $secgen_parameters['images_mode'] $security_audit = $secgen_parameters['security_audit'] $acceptable_use_policy = str2bool($secgen_parameters['host_acceptable_use_policy'][0]) @@ -138,10 +139,19 @@ class parameterised_website::install { } if $images_to_leak { - ::secgen_functions::leak_files{ 'parameterised_website-image-leak': - storage_directory => $docroot, - images_to_leak => $images_to_leak, - leaked_from => "parameterised_website", + if $images_mode { + ::secgen_functions::leak_files { 'parameterised_website-image-leak-mode': + storage_directory => $docroot, + images_to_leak => $images_to_leak, + mode => $images_mode, + leaked_from => "parameterised_website", + } + } else { + ::secgen_functions::leak_files { 'parameterised_website-image-leak': + storage_directory => $docroot, + images_to_leak => $images_to_leak, + leaked_from => "parameterised_website", + } } } diff --git a/modules/services/unix/http/parameterised_website/secgen_metadata.xml b/modules/services/unix/http/parameterised_website/secgen_metadata.xml index b8327732f..35370f16d 100644 --- a/modules/services/unix/http/parameterised_website/secgen_metadata.xml +++ b/modules/services/unix/http/parameterised_website/secgen_metadata.xml @@ -28,6 +28,9 @@ visible_tabs hidden_tabs + + images_mode + port theme diff --git a/modules/services/unix/http/parameterised_website/templates/subtemplates/main_container.html.erb b/modules/services/unix/http/parameterised_website/templates/subtemplates/main_container.html.erb index 880bf5559..c238cace4 100644 --- a/modules/services/unix/http/parameterised_website/templates/subtemplates/main_container.html.erb +++ b/modules/services/unix/http/parameterised_website/templates/subtemplates/main_container.html.erb @@ -27,7 +27,7 @@ <% # Default style -%> <% else -%> <% @main_page_paragraph_content.each do |pg| -%> -

<%= pg %>

+ <%= pg %> <% end -%>
<% end -%> diff --git a/modules/utilities/unix/system/leak_to_file/leak_to_file.pp b/modules/utilities/unix/system/leak_to_file/leak_to_file.pp new file mode 100644 index 000000000..07f9b6a34 --- /dev/null +++ b/modules/utilities/unix/system/leak_to_file/leak_to_file.pp @@ -0,0 +1 @@ +require leak_to_file::init diff --git a/modules/utilities/unix/system/leak_to_file/manifests/init.pp b/modules/utilities/unix/system/leak_to_file/manifests/init.pp new file mode 100644 index 000000000..fd031dfdd --- /dev/null +++ b/modules/utilities/unix/system/leak_to_file/manifests/init.pp @@ -0,0 +1,23 @@ +class leak_to_file::init { + $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file) + + $leaked_filename = $secgen_parameters['leaked_filename'][0] + $base64_file = $secgen_parameters['base64_file'][0] + + if $secgen_parameters['account'] and $secgen_parameters['account'] != '' { + $account = $secgen_parameters['account'][0] + $username = $account['username'] + $storage_directory = "/home/$username/" + } else { + $username = 'root' + $storage_directory = $secgen_parameters['storage_directory'][0] + } + + leak_to_file::leak_file { '$storage_directory/$leaked_filename': + leaked_filename => $leaked_filename, + storage_directory => $storage_directory, + base64_file => $base64_file, + owner => $username, + group => $username, + } +} \ No newline at end of file diff --git a/modules/utilities/unix/system/leak_to_file/manifests/leak_file.pp b/modules/utilities/unix/system/leak_to_file/manifests/leak_file.pp new file mode 100644 index 000000000..5798930b7 --- /dev/null +++ b/modules/utilities/unix/system/leak_to_file/manifests/leak_file.pp @@ -0,0 +1,21 @@ +define leak_to_file::leak_file($leaked_filename, $storage_directory, $base64_file, $owner = 'root', $group = 'root', $mode = '0660', $leaked_from = '' ) { + if ($leaked_filename != ''){ + $path_to_leak = "$storage_directory/$leaked_filename" + + # create the directory tree, incase the file name has extra layers of directories + exec { "$leaked_from-$path_to_leak-mkdir": + path => ['/bin', '/usr/bin', '/usr/local/bin', '/sbin', '/usr/sbin'], + command => "mkdir -p `dirname $path_to_leak`;chown $owner. `dirname $path_to_leak`", + provider => shell, + } + + # Create file. + file { $path_to_leak: + ensure => present, + owner => $owner, + group => $group, + mode => $mode, + content => base64('decode', $base64_file) + } + } + } diff --git a/modules/utilities/unix/system/leak_to_file/secgen_metadata.xml b/modules/utilities/unix/system/leak_to_file/secgen_metadata.xml new file mode 100644 index 000000000..cc06edbf3 --- /dev/null +++ b/modules/utilities/unix/system/leak_to_file/secgen_metadata.xml @@ -0,0 +1,35 @@ + + + + Leak base64 to file + Puppet Labs + Jason Zeller + MIT + Leak base64 to a file where specified by storage_directory. + + system + linux + + + https://forge.puppet.com/puppetlabs/accounts + + leaked_filename + base64_file + storage_directory + account + + + + + + + + + + + /var/log + + + \ No newline at end of file diff --git a/modules/vulnerabilities/unix/ctf/pcap_file/manifests/init.pp b/modules/vulnerabilities/unix/ctf/pcap_file/manifests/init.pp new file mode 100644 index 000000000..2ff895b28 --- /dev/null +++ b/modules/vulnerabilities/unix/ctf/pcap_file/manifests/init.pp @@ -0,0 +1,23 @@ +class pcap_file::init { + $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file) + + $leaked_filename = $secgen_parameters['leaked_filename'][0] + $base64_file = $secgen_parameters['base64_file'][0] + + if $secgen_parameters['account'] and $secgen_parameters['account'] != '' { + $account = parsejson($secgen_parameters['account'][0]) + $username = $account['username'] + $storage_directory = "/home/$username/" + } else { + $username = 'root' + $storage_directory = $secgen_parameters['storage_directory'][0] + } + + leak_to_file::leak_file { $leaked_filename: + leaked_filename => $leaked_filename, + storage_directory => $storage_directory, + base64_file => $base64_file, + owner => $username, + group => $username, + } +} \ No newline at end of file diff --git a/modules/vulnerabilities/unix/ctf/pcap_file/pcap_file.pp b/modules/vulnerabilities/unix/ctf/pcap_file/pcap_file.pp new file mode 100644 index 000000000..d8f18550a --- /dev/null +++ b/modules/vulnerabilities/unix/ctf/pcap_file/pcap_file.pp @@ -0,0 +1 @@ +require pcap_file::init diff --git a/modules/vulnerabilities/unix/ctf/pcap_file/secgen_metadata.xml b/modules/vulnerabilities/unix/ctf/pcap_file/secgen_metadata.xml new file mode 100644 index 000000000..1ea1a9e5a --- /dev/null +++ b/modules/vulnerabilities/unix/ctf/pcap_file/secgen_metadata.xml @@ -0,0 +1,44 @@ + + + + pcap file + Jason Zeller + MIT + Release a pcap file with a flag, into storage_directory. + Can specify an account file is owned by or defaults to root. + + + pcap + system + none + local + linux + + + base64_file + leaked_filename + account + storage_directory + + + + + + + capture.pcap + + + + /var/log + + + A pcap file has been leaked with a message inside a packet. + Use sftp to copy file to Kali. Then, use Wireshark to find message/flag. + + + utilities/unix/system/leak_to_file + + + \ No newline at end of file diff --git a/modules/vulnerabilities/unix/ctf/zip_file/manifests/init.pp b/modules/vulnerabilities/unix/ctf/zip_file/manifests/init.pp new file mode 100644 index 000000000..dda075e30 --- /dev/null +++ b/modules/vulnerabilities/unix/ctf/zip_file/manifests/init.pp @@ -0,0 +1,23 @@ +class zip_file::init { + $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file) + + $leaked_filename = $secgen_parameters['leaked_filename'][0] + $base64_file = $secgen_parameters['base64_file'][0] + + if $secgen_parameters['account'] and $secgen_parameters['account'] != '' { + $account = parsejson($secgen_parameters['account'][0]) + $username = $account['username'] + $storage_directory = "/home/$username/" + } else { + $username = 'root' + $storage_directory = $secgen_parameters['storage_directory'][0] + } + + leak_to_file::leak_file { $leaked_filename: + leaked_filename => $leaked_filename, + storage_directory => $storage_directory, + base64_file => $base64_file, + owner => $username, + group => $username, + } +} \ No newline at end of file diff --git a/modules/vulnerabilities/unix/ctf/zip_file/secgen_metadata.xml b/modules/vulnerabilities/unix/ctf/zip_file/secgen_metadata.xml new file mode 100644 index 000000000..aab093d2b --- /dev/null +++ b/modules/vulnerabilities/unix/ctf/zip_file/secgen_metadata.xml @@ -0,0 +1,53 @@ + + + + Zip File + Jason Zeller + MIT + Release a zip file with a flag. Password optional. + Can specify an account file is owned by or defaults to root. + + + zip_file + system + none + local + linux + + + base64_file + leaked_filename + account + storage_directory + + + + + + + jtrpassword.lst + + + + + + + + protected.zip + + + + /var/log + + + A zip file has been leaked with a flag. + If using a password, use the default dictionary from '/usr/share/john/password.lst'. + Use the following command: fcrackzip -u -D -p /usr/share/john/password.lst filename.zip + + + utilities/unix/system/leak_to_file + + + \ No newline at end of file diff --git a/modules/vulnerabilities/unix/ctf/zip_file/zip_file.pp b/modules/vulnerabilities/unix/ctf/zip_file/zip_file.pp new file mode 100644 index 000000000..a93fa49bc --- /dev/null +++ b/modules/vulnerabilities/unix/ctf/zip_file/zip_file.pp @@ -0,0 +1 @@ +require zip_file::init diff --git a/modules/vulnerabilities/unix/system/jtr_crackable_user_account/jtr_crackable_user_account.pp b/modules/vulnerabilities/unix/system/jtr_crackable_user_account/jtr_crackable_user_account.pp new file mode 100644 index 000000000..a927027d5 --- /dev/null +++ b/modules/vulnerabilities/unix/system/jtr_crackable_user_account/jtr_crackable_user_account.pp @@ -0,0 +1 @@ +require jtr_crackable_user_account::init diff --git a/modules/vulnerabilities/unix/system/jtr_crackable_user_account/manifests/account.pp b/modules/vulnerabilities/unix/system/jtr_crackable_user_account/manifests/account.pp new file mode 100644 index 000000000..5ba14b983 --- /dev/null +++ b/modules/vulnerabilities/unix/system/jtr_crackable_user_account/manifests/account.pp @@ -0,0 +1,51 @@ +define jtr_crackable_user_account::account($username, $password, $super_user, $strings_to_leak, $leaked_filenames) { + # ::accounts::user changes permissions on group, passwd, shadow etc. so needs to run before + if defined('writable_groups::config') { + include ::writable_groups::config + $writable_groups = [File['/etc/group']] + } else { $writable_groups = [] } + + if defined('writable_passwd::config') { + include ::writable_passwd::config + $writable_passwd = [File['/etc/passwd']] + } else { $writable_passwd = [] } + + if defined('writable_shadow::config') { + include ::writable_shadow::config + $writable_shadow = [File['/etc/shadow']] + } else { $writable_shadow = [] } + + $misconfigurations = concat($writable_groups, $writable_passwd, $writable_shadow) + + # Add user account + ::accounts::user { $username: + shell => '/bin/bash', + password => pw_hash($password, 'SHA-512', 'mysalt'), + managehome => true, + before => $misconfigurations, + } + + # sort groups if sudo add to conf + if $super_user { + exec { "add-$username-to-sudoers": + path => ['/bin', '/usr/bin', '/usr/local/bin', '/sbin', '/usr/sbin'], + command => "echo '$username ALL=(ALL) ALL' >> /etc/sudoers", + } + } + + if $password == '' { + exec { "remove_password_from_account_$username": + command => "/usr/bin/passwd -d $username", + require => Accounts::User[$username], + } + } + + # Leak strings in a text file in the users home directory + ::secgen_functions::leak_files { "$username-file-leak": + storage_directory => "/home/$username/", + leaked_filenames => $leaked_filenames, + strings_to_leak => $strings_to_leak, + owner => $username, + leaked_from => "accounts_$username", + } +} \ No newline at end of file diff --git a/modules/vulnerabilities/unix/system/jtr_crackable_user_account/manifests/init.pp b/modules/vulnerabilities/unix/system/jtr_crackable_user_account/manifests/init.pp new file mode 100644 index 000000000..8122c1d20 --- /dev/null +++ b/modules/vulnerabilities/unix/system/jtr_crackable_user_account/manifests/init.pp @@ -0,0 +1,14 @@ +class jtr_crackable_user_account::init { + $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file) + + $account = parsejson($secgen_parameters['account'][0]) + $username = $account['username'] + + ::jtr_crackable_user_account::account { "jtr_crackable_user_account_$username": + username => $username, + password => $secgen_parameters['password'][0], + super_user => str2bool($account['super_user']), + strings_to_leak => $secgen_parameters['strings_to_leak'], + leaked_filenames => $secgen_parameters['leaked_filenames'] + } +} \ No newline at end of file diff --git a/modules/vulnerabilities/unix/system/jtr_crackable_user_account/secgen_metadata.xml b/modules/vulnerabilities/unix/system/jtr_crackable_user_account/secgen_metadata.xml new file mode 100644 index 000000000..0ecac7379 --- /dev/null +++ b/modules/vulnerabilities/unix/system/jtr_crackable_user_account/secgen_metadata.xml @@ -0,0 +1,56 @@ + + + + JtR Crackable User Account + Jason Zeller + MIT + Unprivileged user account with a password from John the Ripper default dictionary. + For use with training specifically on John the Ripper. + + + system + user_rwx + local + linux + + leaked_filenames + strings_to_leak + account + password + flag_password + + + + + + + + + jtrpassword.lst + + + + + + + + + + + + + + + Password is susceptible to cracking. Try to obtain /etc/passwd and /etc/shadow. + Use John the Ripper to crack password. + Use the following command: 'john -wordlist=/usr/share/john/password.lst yourhashfile' + + + utilities/unix/system/accounts + + + + + \ No newline at end of file diff --git a/modules/vulnerabilities/unix/system/ncrack_crackable_user_account/manifests/account.pp b/modules/vulnerabilities/unix/system/ncrack_crackable_user_account/manifests/account.pp new file mode 100644 index 000000000..16c69e9b5 --- /dev/null +++ b/modules/vulnerabilities/unix/system/ncrack_crackable_user_account/manifests/account.pp @@ -0,0 +1,51 @@ +define ncrack_crackable_user_account::account($username, $password, $super_user, $strings_to_leak, $leaked_filenames) { + # ::accounts::user changes permissions on group, passwd, shadow etc. so needs to run before + if defined('writable_groups::config') { + include ::writable_groups::config + $writable_groups = [File['/etc/group']] + } else { $writable_groups = [] } + + if defined('writable_passwd::config') { + include ::writable_passwd::config + $writable_passwd = [File['/etc/passwd']] + } else { $writable_passwd = [] } + + if defined('writable_shadow::config') { + include ::writable_shadow::config + $writable_shadow = [File['/etc/shadow']] + } else { $writable_shadow = [] } + + $misconfigurations = concat($writable_groups, $writable_passwd, $writable_shadow) + + # Add user account + ::accounts::user { $username: + shell => '/bin/bash', + password => pw_hash($password, 'SHA-512', 'mysalt'), + managehome => true, + before => $misconfigurations, + } + + # sort groups if sudo add to conf + if $super_user { + exec { "add-$username-to-sudoers": + path => ['/bin', '/usr/bin', '/usr/local/bin', '/sbin', '/usr/sbin'], + command => "echo '$username ALL=(ALL) ALL' >> /etc/sudoers", + } + } + + if $password == '' { + exec { "remove_password_from_account_$username": + command => "/usr/bin/passwd -d $username", + require => Accounts::User[$username], + } + } + + # Leak strings in a text file in the users home directory + ::secgen_functions::leak_files { "$username-file-leak": + storage_directory => "/home/$username/", + leaked_filenames => $leaked_filenames, + strings_to_leak => $strings_to_leak, + owner => $username, + leaked_from => "accounts_$username", + } +} \ No newline at end of file diff --git a/modules/vulnerabilities/unix/system/ncrack_crackable_user_account/manifests/init.pp b/modules/vulnerabilities/unix/system/ncrack_crackable_user_account/manifests/init.pp new file mode 100644 index 000000000..534e17f8c --- /dev/null +++ b/modules/vulnerabilities/unix/system/ncrack_crackable_user_account/manifests/init.pp @@ -0,0 +1,14 @@ +class ncrack_crackable_user_account::init { + $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file) + + $account = parsejson($secgen_parameters['account'][0]) + $username = $account['username'] + + ::ncrack_crackable_user_account::account { "ncrack_crackable_user_account_$username": + username => $username, + password => $secgen_parameters['password'][0], + super_user => str2bool($account['super_user']), + strings_to_leak => $secgen_parameters['strings_to_leak'], + leaked_filenames => $secgen_parameters['leaked_filenames'] + } +} \ No newline at end of file diff --git a/modules/vulnerabilities/unix/system/ncrack_crackable_user_account/ncrack_crackable_user_account.pp b/modules/vulnerabilities/unix/system/ncrack_crackable_user_account/ncrack_crackable_user_account.pp new file mode 100644 index 000000000..61d041be5 --- /dev/null +++ b/modules/vulnerabilities/unix/system/ncrack_crackable_user_account/ncrack_crackable_user_account.pp @@ -0,0 +1 @@ +require ncrack_crackable_user_account::init \ No newline at end of file diff --git a/modules/vulnerabilities/unix/system/ncrack_crackable_user_account/secgen_metadata.xml b/modules/vulnerabilities/unix/system/ncrack_crackable_user_account/secgen_metadata.xml new file mode 100644 index 000000000..4d168c772 --- /dev/null +++ b/modules/vulnerabilities/unix/system/ncrack_crackable_user_account/secgen_metadata.xml @@ -0,0 +1,55 @@ + + + + NCRACK Crackable User Account + Jason Zeller + MIT + Unprivileged user account with a password from nCrack dictionary. + + system + user_rwx + local + linux + + leaked_filenames + strings_to_leak + account + password + flag_password + username + + + + + + + + + ncrackpassword.lst + + + + + + + + + + + + + + + Password is susceptible to cracking. + Use nCrack to crack password. If you don't know the username, try using the /usr/share/ncrack/minimal.usr dictionary. + Use the following command: 'ncrack -v --user username -P /usr/share/ncrack/default.pwd host_ip:22' + + + utilities/unix/system/accounts + + + + + \ No newline at end of file diff --git a/scenarios/examples/vulnerability_examples/crackable_user_accounts.xml b/scenarios/examples/vulnerability_examples/crackable_user_accounts.xml new file mode 100644 index 000000000..7878bd1a3 --- /dev/null +++ b/scenarios/examples/vulnerability_examples/crackable_user_accounts.xml @@ -0,0 +1,103 @@ + + + + + Crackable User Accounts Example + Jason Zeller + + + This scenario gives examples of crackable user accounts based on certain passwords. + + + ctf + easy + + + server + + + + + + + + ncrackpassword.lst + + + + + jtrpassword.lst + + + + + + + + + + + + + + + + passwords + + + + + passwords + + + + + flag_here + + + So, you think you are an expert huh? I wonder if you can figure out my password. + This account password is also a flag. For example, if the password is "123456" the flag is: flag{123456} + Here is a flag for finding this message: + + + + + + guest + + + + + + + + + + + + + passwords + + + + + passwords + + + + + flag_here + + + So, you think you are an expert huh? I wonder if you can figure out my password. + This account password is also a flag. For example, if the password is "123456" the flag is: flag{123456} + Here is a flag for finding this message: + + + + + + + diff --git a/scenarios/examples/vulnerability_examples/ctf_module_examples/pcap_file.xml b/scenarios/examples/vulnerability_examples/ctf_module_examples/pcap_file.xml new file mode 100644 index 000000000..a37752f67 --- /dev/null +++ b/scenarios/examples/vulnerability_examples/ctf_module_examples/pcap_file.xml @@ -0,0 +1,43 @@ + + + + + pcap_file Example + Jason Zeller + + + This scenario demonstrates leaking a pcap file with a flag embedded and cleartext. + + + ctf + easy + + + server + + + + + + + + + + ******SECRET*******From now on, make sure that all network traffic is properly encrypted.******SECRET****** + + + + + + capture.pcap + + + /var/log + + + + + + diff --git a/scenarios/examples/vulnerability_examples/ctf_module_examples/zip_file.xml b/scenarios/examples/vulnerability_examples/ctf_module_examples/zip_file.xml new file mode 100644 index 000000000..6447b17dd --- /dev/null +++ b/scenarios/examples/vulnerability_examples/ctf_module_examples/zip_file.xml @@ -0,0 +1,50 @@ + + + + + zip_file Example + Jason Zeller + + + This scenario demonstrates leaking a zip file with a flag embedded and zip can be password protected. + + + ctf + easy + + + server + + + + + + + + + + jtrpassword.lst + + + + + + + Congratulations you have cracked our protected zip file. We wish there was more information here but we are just not that smart. Here is a flag for your troubles. + + + + + + protected.zip + + + /var/log + + + + + +