Password Dictionary Where To Download And How To Make Them


Kali password dictionary

These hacking dictionaries are already present o Kali Linux. So we can safely use it without download anything.

RockYou (/usr/share/wordlists/rockyou) is the most popular pentest dictionary for any business. It can also be used for WiFi, but I recommend that you first clean up inappropriate passwords using the same pw-inspector.

So if you are using Kali Linux before you download any password dictionary you may check rockyou password list that comes in every kali Linux image.

You can use it to perform a dictionary attack, at least try the one you have before you download a new one.

Kali Linux provides some Password dictionary files as part of its standard installation named rockyou.txt.
you can find that file here :

/usr/share/wordlists/rockyou .txt.gz

if this one doesn’t work check the end of this article and you will find what you want.
but for now let’s check rockyou.txt.gz.

So let’s take a copy of rockyou.txt.gz to root directory
To do so write this command:

cp /usr/share/wordlists/rockyou .txt.gz .

Now to unzip rockyou wordlist type:

gunzip rockyou.txt.gz

you will get a new file rockyou.txt
To know how many passwords this file contains type:

wc -l rockyou.txt

The password inside this file include password’s with more and less then 8 characters
so if you want to use it for WPA2 Penetration Testing you should make a dictionary that contains passwords with minimum 8 characters so it becomes a wpa dictionary and Make sure you have a monitor mode wifi adapter that support WPA2 cracking
To do that type this command :

cat rockyou.txt | sort | uniq | pw-inspector -m 8 -M 63 > rockyoulist.txt

rockyoulist.txt contains 9606665 passwords that’s a huge list
I called mine rockyoulist.txt but maybe you should call it passwordlist.txt if you are making it for WiFi penetration or anything you want just remember it.

Password dictionary :

Password attacks can be divided into two large groups: a hash attack and an attempt to pick up a password for authentication. We will not dwell on their characteristics in detail. Since password dictionary attack is possible in both groups.

So we come to the most important thing – where to get the dictionaries. Different tasks require different dictionaries:

if we brute force login to a remote service, then we need not very large dictionaries, but with the most common usernames and passwords. This is due to the fact that most network services have a customized brute force protection. Those. so that our IP is not blocked by an automatic script, we must make a long interval between attempts. It will take a lot of time, so it makes sense to start only with the most popular sets of words;

Bruteforcing a Wi-Fi network password (in an intercepted handshake), we still need a high-quality dictionary with popular passwords, but the larger the dictionary, the better, especially if you have medium or strong hardware;

Enjoy 👍❤️

Related Posts

Post a Comment

Subscribe Our Newsletter