Download Rockyou.txt 2023 _VERIFIED_
Donahue Merculief
I've been fumbling through the world of Information Security by going through the HTB challenges, and I've come across an issue I just can't seem to find an answer for. During one of the challenges I'm trying to crack a zip password using JTR using the rockyou.txt wordlist as when I use the standard one it goes to incremental. However, JTR finishes in 0.01s with a message that I can't seem to find the meaning for. I first started by getting the hash:
John is not cracking the hash and not giving you a password, either because the hash got corrupted by bash being confused with some special characters or simply because the plaintext is not in rockyou.txt.
Because the password file in NOT called rockyou.txt but is split in to smaller ones like rockyou-10
-35 etc.
try to actually browse the password list folder to see what you have to work with. But rockyou.txt does 100% not work as not a file there exist on in the SecList as it is Millions of passwords and GIGA bytes of data.
On a brand new installation of Kali Linux, you can find the RockYou password list under: /usr/share/wordlists/rockyou.txt.gz
To extract this list: gzip -d rockyou.txt.gz
When the file is finished extracting, we should end up with: rockyou.txt
The total size of this file is 134MB -- of text. It's huge. As I mentioned previously, it contains over 14 million passwords. To use this file in its whole form is a last resort but we can easily create smaller lists using the head command. The RockYou list is in order of most used passwords and if we use head to extract the first 10, first 100, first 1000, or first 10000, we are literally getting the most popular in order.
Depending upon the specific situation, the speed at which we process through our list will vary greatly. If we're using the entire RockYou list for cracking a sha512crypt hash using a basic Graphics Processing Unit (GPU), we could be waiting for a very long time. This is a situation where we might use the top 100, top 1000, or even top 10000 before we resort to the entire list. If the hash is MD5, the process will move along much faster and we might want to start with a larger list. I have multiple lists already generated and I decide which list to use based on the situation.
Word lists really aren't much different and we can find those under: /usr/share/wordlists/[SOME DIRECTORY]
The two most common locations:
/usr/share/wordlists/dirb
/usr/share/wordlists/dirbuster
There are some pretty solid lists in both of these directories and I like to combine them into one larger list. Again, like the RockYou list, bigger is not necessarily better but if I'm looking for the sledgehammer, I'll go for the combined list.
Up until now, I've been talking like password lists and word lists are separate entities but they are essentially the same -- they are lists. For the sake of convenience, and not necessarily betterment, we are using these stock lists. Taking a more targeted approach might be a better option.
Indulge me for a moment as I go off on a tangent --
IBM's first CEO was Thomas J. Watson. If you look throughout IBM, you will see the name Watson appear in a number of forms. A Google search for "IBM Watson" brings up their "question-answering computer system". I first learned of the name Watson from ns.watson.ibm.com which is an IBM name server I used for many years because it was very reliable -- that is until it stopped taking public DNS requests.
The point being that it's not uncommon to see words and names recycled throughout a business. Server names, directory names, and passwords, could all be names gleaned from a company website. With the name Watson being so prevalent throughout the IBM world, how many passwords do you think had some variation of Watson?
Back on point --
At the very least, if I'm fuzzing or performing a brute force attack, among the lists I'm using is one that I've generated from the company's public facing sites uing Cewl:
cewl -w fakedomains.txt -d 3 -m 6
-w = output file
-d = depth
-m = minimum word length
Using wc, we created a list with 4162 words. When we look at the first 20, it looks like a word list! We can mutate this list in a number of ways but for now, let's stick to the basics. When I grep through my largest word list and RockYou, I'm already finding words in our targeted list that do not appear in either of the larger lists. 4162 goes a lot faster than 14 million!
Another good thing to do would be to download the rockyou password list
from skullsecurity. Take like the top 5000 out of it as it is already
sorted by most frequently used to least. If a device is encrypted this
will save you tons of time as there is no 5 password then wait limiter.
Here
is a script that will grab rockyou.txt and create a payload for you in
linux. Right now it does wait 30 seconds after every 5 passwords. I'm
adding an option to not wait 30 seconds as if attacking the encryption
logon screen.
I didn't want to waste my time and computation power on hashing and cracking passwords, so I skipped this step and downloaded the rockyou.txt wordlist. It is around 134MB in size and contains around 14M passwords. The notes state Best list available; huge, stolen unencrypted, but there was no particular reason for choosing this one. I always assumed that wordlists would be free of duplicates, but this assumption didn't hold for this one, so I removed them first:
df19127ead