password hangover

Just saw the Hangover 2. – funny (and true) bit on passwords…

as an international drug dealer tranfers money between accounts:

“your password is bologna1?”

“it used to be bologna, but they make you include a stupid number now”

*facepalm*

sadly (… or happily, depending on your perspective  :] ) , weak passwords are still common…. metasploit has some awesome modules to test passwords:

jcran@disko:~/framework/modules$ find . |grep _login | grep -v svn

• ./auxiliary/scanner/snmp/snmp_login.rb
• ./auxiliary/scanner/mssql/mssql_login.rb
• ./auxiliary/scanner/postgres/postgres_login.rb
• ./auxiliary/scanner/http/wordpress_login_enum.rb
• ./auxiliary/scanner/http/axis_login.rb
• ./auxiliary/scanner/http/tomcat_mgr_login.rb
• ./auxiliary/scanner/http/http_login.rb
• ./auxiliary/scanner/http/frontpage_login.rb
• ./auxiliary/scanner/ftp/ftp_login.rb
• ./auxiliary/scanner/vnc/vnc_login.rb
• ./auxiliary/scanner/ssh/ssh_login_pubkey.rb
• ./auxiliary/scanner/ssh/ssh_login.rb
• ./auxiliary/scanner/telnet/telnet_login.rb
• ./auxiliary/scanner/sap/sap_mgmt_con_brute_login.rb
• ./auxiliary/scanner/lotus/lotus_domino_login.rb
• ./auxiliary/scanner/mysql/mysql_login.rb
• ./auxiliary/scanner/rservices/rsh_login.rb
• ./auxiliary/scanner/rservices/rlogin_login.rb
• ./auxiliary/scanner/rservices/rexec_login.rb
• ./auxiliary/scanner/smb/smb_login.rb
• ./auxiliary/scanner/oracle/isqlplus_login.rb
• ./auxiliary/scanner/oracle/oracle_login.rb
• ./auxiliary/fuzzers/tds/tds_login_username.rb
• ./auxiliary/fuzzers/tds/tds_login_corrupt.rb
• ./auxiliary/fuzzers/smb/smb_ntlm1_login_corrupt.rb
• ./auxiliary/admin/oracle/oracle_login.rb
• ./exploits/windows/imap/mailenable_login.rb
• ./exploits/windows/imap/mercury_login.rb
• ./exploits/windows/http/hp_power_manager_login.rb