Password usage by scripted hacking tools

Recently I decided to run a honeypot on a spare server I could get my hands on. I installed some software and let it log some things, just to check what would come by. What astonished me mostly was the use of passwords that came by. I always thought that they would just simply check a static list and you would get a near perfect list of passwords that was used over and over. I found out they are actually quite different every time.

In total I saw an total of 1561 different passwords in 100 captured sessions. A lot of the sessions also appear to be hit and run, they log in a few times and try several passwords. Even if they guess the password right, they just run away and be done with it. Not once they came back, even though 42 sessions hit the jackpot with the password (it’s really simple and it’s not even in the top 10 of most tried passwords).

The top 10 of most used password are these:

Nr Password Times of occurance
1 admin 166
2 PassWord 108
3 !qaz@wsx 71
3 p@ssw0rd 68
3 aa123456 68
3 password123 61
3 test123 31
3 P@ssw0rd1 61
3 Admin123!@# 61
3 P@$$w0rd 59

I’m still figuring out what I truly learned from this; do people truly use this kind of passwords? Or are this simple passwords that are just to easy to just try, just because there’s a remote chance someone uses these.

This entry was posted in Algemeen. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>