Friday, January 13, 2012

Analysis Of The Cancao Nova Leak

Yet another site has been breached by hackers. An automated SQL injection tool was used to extract the data from the website. No signs of automated vulnerability scanning tools in the data.

2047 hashes were cracked out of 2641 hashes. That is 77.5%. Total amount of time spent: 22 minutes

The Results 

Length distribution
 
Average password length: 7.32489

Character distribution
 

Unique character distribution


Contained in common wordlists
 

Top 30 most common passwords


Top 30 longest passwords
 
Notes
The passwords reflect the religious nature of the site as well as the non-english origin of the site. I used a Spanish wordlist with  on the site to achieve maximum coverage.

No comments:

Post a Comment