NETGEARXX wordlist 1.08

Extremely effective WPA default wordlist

  1. Demosthenes

    Demosthenes Well-Known Member
    VIP

    Joined:
    16 Apr 2014
    Messages:
    83
    Likes Received:
    14
    This wordlist was compiled by shaberu on hack forums, all I did to help was find some of the word combinations used for these routers.
    The list is specifically for netgear routers with the ESSID NETGEARXX, XX being 2 numbers as in 09 or 51 or something like that. The success rate with this list is very high. There are 7,230,000 combinations on this list.
    On a side note on this I have noticed that some have a ESSID like NETGEAR2, and with those the same words are used, but with only a single number on the end.
    Have fun with it, and if you have any luck with it, please give thanks.

    http://snk.to/f-ctcf298p


     
    • Like Like x 5
    • Agree Agree x 2
    • Winner Winner x 2
  2. kevsamiga

    kevsamiga Well-Known Member
    VIP

    Joined:
    15 Sep 2013
    Messages:
    405
    Likes Received:
    101
    Thanks. This dictionary works very good for me as I'm sure it will for others, found some more matches tested against this list...

    Saves days & days of time over fiddling with WPS reaver sessions, signal drifting in and out having to stop and start etc.

    Took less than 5 minutes to find the correct passphrase for a captured handshake in Elcomsoft WSA. It would have taken several days with reaver to achieve the same result, because all NETGEARXX boxes need a -d 10 parameter, any less than 10 seconds delay between pin attempts on NETGEARXX WPS trips a lockout. I discovered that one by trial and error. ;-)

    And for those NETGEARXX boxes with a firmware update to guard against such reaver attacks, the lockout is permanent until reset, which is quite silly in hindsight as it leads to an inadvertent DOS attack on the box affecting legit users trying to register with a genuine pin, but they now can't because the box is locked from someone else DOS'ing the WPS pin facility constantly every time the box is reset, continually tossing incorrect pins with reaver for a never ending lockout loop, So this heavy handed approach of the firmware, just creates a potential DOS attack by mistake, oops.

    This dictionary will get around that "little" reaver lockout problem...

    The only downside to WPA handshaking and dictionary, is if the default password has been changed to begin with, then dic will draw a blank and only Reaver will come to your rescue and save the day, and also reveal the pin code at the same time in case the password is changed later.

    However that being said, this is a high quality list which saves a bunch of time, and has a very high success rate against the many NETGEARXX boxes floating around, thanks again for this useful resource.

    Just need to find one now for NETGEAR DG834's (without the numbers at the end of SSID). The passwords for those are even more simple than NETGEARXX ones (1 lower case word + 2 numeric characters, or sometimes all 8 char uppercase HEX)
     
    #2 kevsamiga, 29 May 2014
    Last edited: 29 May 2014
    • Like Like x 2
  3. Demosthenes

    Demosthenes Well-Known Member
    VIP

    Joined:
    16 Apr 2014
    Messages:
    83
    Likes Received:
    14
    Glad I could be of help. I always like to share any knowledge I acquire with others. I will look into the other routers you mentioned, and let you know if I find anything for them.
    Thank you very much for the rating also. I notice you are good about sharing your projects with others, and I just wanted to contribute what I could.
     
  4. kevsamiga

    kevsamiga Well-Known Member
    VIP

    Joined:
    15 Sep 2013
    Messages:
    405
    Likes Received:
    101
    Gd, Gd,..We are all here to learn, even the ones who think they know everything already.

    And everybody likes something that is going to save them days of time, because it's no secret
    reaver is dog slow at times, not every box can do rapid pins without tripping a lockout or
    having a fit when the conditions turn bad.

    Knowledge is power as they say... :)

    Well I suppose that takes care of all NETGEARXX's, and the lazy people who don't bother to
    change the password on them...A very useful resource and high quality list posted hence the Winner award.
     
    • Like Like x 1
  5. adamic

    adamic Member

    Joined:
    6 Jun 2014
    Messages:
    2
    Likes Received:
    0
    Hmm I'm not getting the file from filesmack anyway you could put it up elsewhere? Thanks adamic
     
  6. Demosthenes

    Demosthenes Well-Known Member
    VIP

    Joined:
    16 Apr 2014
    Messages:
    83
    Likes Received:
    14
  7. adamic

    adamic Member

    Joined:
    6 Jun 2014
    Messages:
    2
    Likes Received:
    0
    Thanks for responding so fast. I'm using torch so I'll try a different browser.
    --- Double Post Merged, 6 Jun 2014 ---
    Worked in IE thanks Demosthenes, much appreciated.
     
  8. kevsamiga

    kevsamiga Well-Known Member
    VIP

    Joined:
    15 Sep 2013
    Messages:
    405
    Likes Received:
    101
    I've just had a revelation come to me for this dictionary, sat pondering on a Sunday afternoon. And it may save you some time and work Demosthenes in return. :)

    Since all NETGEARXX default passwords are composed of Adjective+Noun+3 digit decimal, why not just make a dictionary composed of all adjectives+nouns+all 0-999 combinations.

    That way, every "new" possible NETGEARXX password is covered, and there is no need to keep "adding" words to the list like "icyocean536" which wasn't in the dic until added wasting time since every adjective+noun+number combos there can ever possibly be is always covered every time with this method !

    So in effect the dictionary is COMPLETE and correct, and will ALWAYS find the key, because it always has all nouns and adjectives + number combos.

    I wouldn't know the resulting size of this compilation, or even where to find a complete list of nouns and adjectives, but plain .txt files compress pretty well these days, and HD's are large enough...
     
    #8 kevsamiga, 15 Jun 2014
    Last edited: 16 Jun 2014
  9. Demosthenes

    Demosthenes Well-Known Member
    VIP

    Joined:
    16 Apr 2014
    Messages:
    83
    Likes Received:
    14
    I know of one person who tried the above with no numbers. I ran it through cuda hascat with the ?d?d?d and could not find the password used on my first one (newlotus604). This list is 1GB uncompressed, the dictionary I have is 150MB uncompressed and it got the pass in 2.5 min.
    Theoretically what you say is possible, but there are certain combos used, I keep finding more and I will post the new one soon. I have been busy translating Dumpper 50.5 to English and will be posting it also.
    --- Double Post Merged, 16 Jun 2014 ---
    Here we go, as promised. Inside the zip file you will find 3 wordlists, one is just the words used with no numbers, I have seen a few routers that use this. There is another with all the words with 0-99 at the end of each word, again I have seen a few like this also, and last is all of the words with the most common 000-999 at the end of each.
    If you are curious as to how many words are on each list, I included that at the end of the readme file.

    Download here: http://snk.to/f-cdzjemfn
    --- Double Post Merged, 10 Aug 2014 ---
    I have once again updated and uploaded a new list that now has 19,333,000 words on it. Enjoy.

    http://snk.to/f-cdu8vi9h
     
    #9 Demosthenes, 16 Jun 2014
    Last edited: 10 Aug 2014
  10. kevsamiga

    kevsamiga Well-Known Member
    VIP

    Joined:
    15 Sep 2013
    Messages:
    405
    Likes Received:
    101
  11. Luxien

    Luxien Member

    Joined:
    23 Aug 2014
    Messages:
    1
    Likes Received:
    0
    Your wordlists are godlike and its about time someone did it. Thank you so much and millions owe you a debt of gratitude, should they search hard enough to find this post. Please if you can, I request one thing / recommend or tell me the command to type into crunch or w/e combination of programs to generate it myself.
    -The same wordlists or a dictionary with 4 digits at the end 0000-9999 and the first letter for the words capitalized.
    These are most common also in my location names or whatever with 4 digits at the end like a year for example (Joesmith1976) etc
    In fact in my opinion most man made passwords are names or a phrase followed by numbers or phone numbers specific for the area. ex (9171234567) etc

    These wordlists if compiled and spread throughout the community I guarantee would open alot of uncracked .cap files.
    Last example the wordlist containing 8 digits is 100% on the money most routers now sold are 8 digit numbers as the key. So those lists will save days of churning through lists that do not contain nothing near what the routers use. Research the target the first digits of the mac address of the router you can google and identify your router or target router. Based upon that you can find now search again and see a rough idea of what the format of the default passwords are on that particular model of router. Any way just want to pass on my knowledge to others. And continue to grow and learn more and more.
     
  12. kevsamiga

    kevsamiga Well-Known Member
    VIP

    Joined:
    15 Sep 2013
    Messages:
    405
    Likes Received:
    101
    Yes this resource is still is a very "godlike" thing to have. Any updates to this NETGEAR list recently since it was posted last year ?

    I think the gist of compiling dictionaries is "know thy target". The chances of finding it decrease proportionally the more you use. A big list is not necessarily a quality list, it could have foreign language passwords and other garbage which is useless and are no use to you in your country.

    Your just wasting electricity unless you shorten the odds and target effectively.

    If thy wifi owning neighbour is big a barcelona football team fan, then you start off your dictionary putting barcelona players names in etc. For generic targets you may increase your chances of success by using stolen/leaked password sets, because for those people who use the SAME password for everything and have ever had a linkedin, facebook, yahoo, myspace or gaming account and didn't bother to change their passord, all those have been leaked at one time or another.

    It's also my experience that most ppl are just lazy/stupid and use a word + numbers for passwords, or their 11 digit mobile phone numbers, because no one wants the hassle of remembering a complicated password (human nature to choose the minimalistic path that requires the least work to get the job done).

    Just by adding a few capitals and symbols into your password, you can lessen the chances of your key ever being found because they won't be in the dictionaries.
     
    #12 kevsamiga, 25 Jan 2015
    Last edited: 25 Jan 2015
  13. gearjunkie

    gearjunkie Well-Known Member
    VIP

    Joined:
    28 Aug 2014
    Messages:
    449
    Likes Received:
    139
    I have a few NETGEARXX captures here that did not match anything from the Netgear word list compiled by Demothenes. In an effort to reduce my backlog and also help the community here, I am going to work on finding new verified adjectives and nouns. I would appreciate anyone who can help me in one of two ways:

    1. Let me know of any new and verified adjectives and nouns from a NETGEARXX router that is not in the current list
    OR
    2. Post your undiscovered NETGEARXX captures so that I can run them through new adjectives and nouns and hopefully get some results back.

    I will be working on this for a week or so and will upload the new word list after I am done.
     
    #13 gearjunkie, 4 Feb 2015
    Last edited: 4 Feb 2015
  14. doughboy

    doughboy Active Member

    Joined:
    9 Feb 2015
    Messages:
    8
    Likes Received:
    0
     
  15. Mr. Penguin

    Mr. Penguin Administrator
    Staff Member Admin Moderator VIP

    Joined:
    18 May 2012
    Messages:
    3,096
    Likes Received:
    1,199
    Found on the net

    WNDR3800
    vastcoconut260
    NETGEAR37

    NETGEAR34
    sillybug772

    NETGEAR62
    friendlyjade842

    JNR3000
    NETGEAR53
    magicalwater421

    OPTUSXXXXXX DG834GSP v3
    20 char 15 cap Alpha + 5 numeric
     
  16. gearjunkie

    gearjunkie Well-Known Member
    VIP

    Joined:
    28 Aug 2014
    Messages:
    449
    Likes Received:
    139
    Thanks. I think some of them may already be in the existing list but I will make sure that the missing ones are added.
     
    • Like Like x 1
  17. doughboy

    doughboy Active Member

    Joined:
    9 Feb 2015
    Messages:
    8
    Likes Received:
    0
    I was attempting to upload a NETGEARXX capture, not mimic thee. The file may need cleaned. Thanks
     

    Attached Files:

  18. gearjunkie

    gearjunkie Well-Known Member
    VIP

    Joined:
    28 Aug 2014
    Messages:
    449
    Likes Received:
    139
    Thanks for being the first to upload a NETGEARXX capture. The WPA key is below:

    NETGEAR22:28c68eba9f32:cc95d7219759:freshpotato787

    Here are the latest NETGEARXX word lists. Additional words were found with the help from the users here, other forums, and me going through new nouns and verbs. Special thanks to shaberu, @Demosthenes, and others who had worked and contributed to this word list. As it stands now, it is around 95% effective (for me) at discovering the password. I only have one NETGEARXX capture left which I could not find the password; and for all I know, it might have been changed from the default.

    You can download the latest NETGEARXX word lists

    Included in the archive are 5 files:
    adjective.txt - all the verified adjectives
    noun.txt - all the verified nouns
    adjective_noun.txt - combinations of the adjectives + nouns
    adjective_noun_1digit.txt - combinations of the adjectives + nouns + 1 digit
    adjective_noun_3digit.txt - combinations of the adjectives + nouns + 3 digits

    I did correct what I believe are errors from the previous word lists:
    cleaver - this is not a noun and highly likely 'clever' was mispelled so I removed it as 'clever' is already present
    thristy - fixed spelling to 'thirsty'
    wilde - this is not a noun and highly likely 'wild' was mispelled so I removed it as 'wild' is already present

    If you have a NETGEARXX capture that could not be solved with this list, please upload the capture so that I can test it with new adjectives and nouns.
     
    #18 gearjunkie, 10 Feb 2015
    Last edited by a moderator: 22 Feb 2015
  19. Demosthenes

    Demosthenes Well-Known Member
    VIP

    Joined:
    16 Apr 2014
    Messages:
    83
    Likes Received:
    14
    just to let you know, I set up a new router for a friend about 1 year ago and his default WPA key was wildemountain896, so wilde is used.
     
    #19 Demosthenes, 15 Feb 2015
    Last edited by a moderator: 15 Feb 2015
  20. aetos

    aetos Active Member

    Joined:
    7 May 2014
    Messages:
    13
    Likes Received:
    2
    this one
     

    Attached Files:

Loading...
  • About Us

    We are a community mixed with professionals and beginners with an interest in wireless security, auditing and pentesting. Feel free to check out and upload resources.


    You can also find us on: Twitter and Facebook

  • Donate to Us

    Did you find our forums useful? Feel free to donate Bitcoin to us using the form below. Those who donate the equivlent of $10 USD or more will be upgraded to VIP membership. Don't have Bitcoin? Use your credit card to GO VIP here. Don't want to fork out some coin? There are other ways to GO VIP. Bitcoin: 1LMTGSoTyJWXuy2mQkHfgMzD7ez74x1Z8K