Ticker

6/recent/ticker-posts

Password Dictionary Where To Download And How To Make Them

 🌀 Password Dictionary Where To Download And How To Make Them 🌀


Kali password dictionary


These hacking dictionaries are already present o Kali Linux. So we can safely use it without download anything.


RockYou (/usr/share/wordlists/rockyou) is the most popular pentest dictionary for any business. It can also be used for WiFi, but I recommend that you first clean up inappropriate passwords using the same pw-inspector.


So if you are using Kali Linux before you download any password dictionary you may check rockyou password list that comes in every kali Linux image.


You can use it to perform a dictionary attack, at least try the one you have before you download a new one.


Kali Linux provides some Password dictionary files as part of its standard installation named rockyou.txt.

you can find that file here :


/usr/share/wordlists/rockyou .txt.gz


if this one doesn’t work check the end of this article and you will find what you want.

but for now let’s check rockyou.txt.gz.


So let’s take a copy of rockyou.txt.gz to root directory

To do so write this command:


cp /usr/share/wordlists/rockyou .txt.gz .


Now to unzip rockyou wordlist type:


gunzip rockyou.txt.gz


you will get a new file rockyou.txt

To know how many passwords this file contains type:


wc -l rockyou.txt


The password inside this file include password’s with more and less then 8 characters

so if you want to use it for WPA2 Penetration Testing you should make a dictionary that contains passwords with minimum 8 characters so it becomes a wpa dictionary and Make sure you have a monitor mode wifi adapter that support WPA2 cracking

To do that type this command :


cat rockyou.txt | sort | uniq | pw-inspector -m 8 -M 63 > rockyoulist.txt


rockyoulist.txt contains 9606665 passwords that’s a huge list

I called mine rockyoulist.txt but maybe you should call it passwordlist.txt if you are making it for WiFi penetration or anything you want just remember it.


Password dictionary :

http://weakpass.com/


Password attacks can be divided into two large groups: a hash attack and an attempt to pick up a password for authentication. We will not dwell on their characteristics in detail. Since password dictionary attack is possible in both groups.


So we come to the most important thing – where to get the dictionaries. Different tasks require different dictionaries:


if we brute force login to a remote service, then we need not very large dictionaries, but with the most common usernames and passwords. This is due to the fact that most network services have a customized brute force protection. Those. so that our IP is not blocked by an automatic script, we must make a long interval between attempts. It will take a lot of time, so it makes sense to start only with the most popular sets of words;


Bruteforcing a Wi-Fi network password (in an intercepted handshake), we still need a high-quality dictionary with popular passwords, but the larger the dictionary, the better, especially if you have medium or strong hardware;


Enjoy 👍❤️

Post a Comment

0 Comments