Kali Linux Dictionary Word List Download
Lisandra Okumoto
This is a tutorial for newbies and anyone who hasn't yet used Crunch before. Crunch is a utility that is used to create wordlists using letters, numbers, and symbols for every possible combination or according to specific rules. I will be covering this command-line tool in great depth, dissecting each option and demonstrating its purpose. So to start off, in this demonstration I will not assume that you have a particular OS, other than to mention that I will only be covering those based on UNIX.
The min and max are the minimum and maximum lengths (respectively) for your desired wordlist. By default charset is not required, but you can use it to limit the characters of your wordlist to the ones you specify. If you choose to use charset then you must maintain the correct order, which is lowUP123@%# (lowercase letters, then uppercase letters, then numbers and finally symbols). You can skip any of them, but the order must always remain the same. Example:
A zipped syskey.txt wordlist starting with "aab14" and ending in "eed14" will be produced from the above. The reason why the start is not "aaa14" is because -d 2@ allows for only 2 duplicate lowercase letters. Adding -i would invert the results, and adding -e dde14 would stop after the line "dde14" (or "41edd" in the case of an inverted output) is produced.
Now that we have it all covered, you have access to limitless ways in which you could use Crunch during a penetration test. One could obviously point out that it acts great as a password generator, so in turn being useful for password cracking using let's say Hydra or John. I will divulge all of the uses of wordlists in a future tutorial, and other utilities that you could use to perfect the relevance of the contents of said wordlists, thereby enabling a more thorough approach to password cracking or other similar scenarios.
anyway. Maybe I should have just said, "Hey guys, can you help direct me to more guides and tutorials concerning wordlists and generating wordlists with specific rules? "Maybe even just a short response on ways you manipulate the syntax and stuff. Or advice on what helped you learn will be appreciated.
Kali linux is a distribution designed for penetration testing and computer forensics, both which involve password cracking. So you are right in thinking that word lists are involved in password cracking, however it's not brute force.
Brute force attacks try every combination of characters in order to find a password, while word lists are used in dictionary based attacks. Many people base their password on dictionary words, and word lists are used to supply the material for dictionary attacks. The reason you want to use dictionary attacks is that they are much faster than brute force attacks. If you have many passwords and you only want to crack one or two then this method can yield quick results, especially if the password hashes are from places where strong passwords are not enforced.
Those lists can be used to feed into several programs. So for instance aircrack-ng has an option -w where it takes a wordlist as argument. The password testing program John the Ripper also takes wordlists to accelerate the guessing.
In addition to what's already mentioned here, the wordlists are used in conjunction with some of the web app tools and things such as sqlmap. If you're looking for places to use them, download some of the "boot to root" VMs like Kioptrix and De-ICE and have a go at brute-ing some passwords.
As for specific lists for specific types of hacks - not really. Unless you're doing something targeted against a person you know some facts about (in which case you'll use something like CUPP - Common User Passwords Profiler - to generate a custom wordlist for that particular target).
so if I go through all of Kali Linux's word-lists and none of them is a match (WPA handshake capture)
I can only assume that it was a generated password and it has to be at least 8 characters and digits.
I searched for a word-list that has every possible password ever but I couldn't really find anything, so I decided to generate my own and I made a python script that would generate every possible password containing small/big letters and numbers, It would take forever to create an 8 character long password word-list, not to mention that It would require A LOT of space, i estimate somewhere from 600GB up to 6TB, for one 8 char long word-list.
Hi guys, I live in Italy and since I'm stuck and can't leave my home, I'm trying to learn something more about Kalilinux and training by trying to break through my wifi using airmon-ng / aircrack-ng. My question is: are wordlists really that good? How can it even be possible to find THAT exact password in THAT specific .txt file? A WPA2? That thing has 24 letter (upper and lower case) and numbers. How in the universe is It possible to find the same combination in a .txt file? A bruteforce attack would take way too much time and I don't even know where to start to create a wordlist like that. I can't understand how It works and how people get It to work fast. I know It could sound like a stupid question, but I'm just a noob and I'd really appreciate any help. Can someone help me? Thanks.
Common.txt is the wordlist that comes with the Fern program, but any wordlist you download or have created on your own can be used by hitting the Browse button and pointing Fern to the alternative wordlist file.
Hi Sir! Could you tell me please, how much time does Fern WIFI Cracker takes if I bruteforce WPA encryption with WPS flaw in condition of processing power 2.2 Ghz dual cored AMD Turion microprocessor? While I was cracking WPA with dictionary attack on Airocrack-ng it shows 500 words per second. Can I guess same indications on Fern Cracker or is it cracks less combinations because my microprocessor is generating them? Do you have some articles about WPS cracks and How it works on Fern WIFI Cracker?
Now we can start using hashcat with the rockyou wordlist to crack the MD5 hashes. The rockyou wordlist comes pre-installed with Kali. If you are not using Kali you can use another wordlist, or download it from here.
The stock Kali Linux distribution contains a number of password and word lists. The most notable password list, RockYou, is from a breach that occurred in 2009. The biggest revelation to come from this breach was the frequency of the most basic passwords. The top five most used passwords in RockYou are:
123456
12345
123456789
password
iloveyou
In total, there were 32 million passwords in the RockYou breach but in the Kali version of this list, there are only 14 million passwords.
On a brand new installation of Kali Linux, you can find the RockYou password list under: /usr/share/wordlists/rockyou.txt.gz
To extract this list: gzip -d rockyou.txt.gz
When the file is finished extracting, we should end up with: rockyou.txt
The total size of this file is 134MB -- of text. It's huge. As I mentioned previously, it contains over 14 million passwords. To use this file in its whole form is a last resort but we can easily create smaller lists using the head command. The RockYou list is in order of most used passwords and if we use head to extract the first 10, first 100, first 1000, or first 10000, we are literally getting the most popular in order.
Depending upon the specific situation, the speed at which we process through our list will vary greatly. If we're using the entire RockYou list for cracking a sha512crypt hash using a basic Graphics Processing Unit (GPU), we could be waiting for a very long time. This is a situation where we might use the top 100, top 1000, or even top 10000 before we resort to the entire list. If the hash is MD5, the process will move along much faster and we might want to start with a larger list. I have multiple lists already generated and I decide which list to use based on the situation.
Word lists really aren't much different and we can find those under: /usr/share/wordlists/[SOME DIRECTORY]
The two most common locations:
/usr/share/wordlists/dirb
/usr/share/wordlists/dirbuster
There are some pretty solid lists in both of these directories and I like to combine them into one larger list. Again, like the RockYou list, bigger is not necessarily better but if I'm looking for the sledgehammer, I'll go for the combined list.
Up until now, I've been talking like password lists and word lists are separate entities but they are essentially the same -- they are lists. For the sake of convenience, and not necessarily betterment, we are using these stock lists. Taking a more targeted approach might be a better option.
Indulge me for a moment as I go off on a tangent --
IBM's first CEO was Thomas J. Watson. If you look throughout IBM, you will see the name Watson appear in a number of forms. A Google search for "IBM Watson" brings up their "question-answering computer system". I first learned of the name Watson from ns.watson.ibm.com which is an IBM name server I used for many years because it was very reliable -- that is until it stopped taking public DNS requests.
The point being that it's not uncommon to see words and names recycled throughout a business. Server names, directory names, and passwords, could all be names gleaned from a company website. With the name Watson being so prevalent throughout the IBM world, how many passwords do you think had some variation of Watson?
Back on point --
At the very least, if I'm fuzzing or performing a brute force attack, among the lists I'm using is one that I've generated from the company's public facing sites uing Cewl:
cewl -w fakedomains.txt -d 3 -m 6
-w = output file
-d = depth
-m = minimum word length
Using wc, we created a list with 4162 words. When we look at the first 20, it looks like a word list! We can mutate this list in a number of ways but for now, let's stick to the basics. When I grep through my largest word list and RockYou, I'm already finding words in our targeted list that do not appear in either of the larger lists. 4162 goes a lot faster than 14 million!