Jump to content

Waqar

Recommended Posts

+1 rockyou.txt  Hashcat with rules, and a script that stuffs found PW's back into rockyou.txt

If you are doing hashcat, learn rules, combiner, and hybrid attacks.  Know your target.  Straight up dictionary is almost pointless (though local area code phone numbers and rockyou.txt get a *lot* of WiFi PWs in these parts)

 

Crackstaion.txt is all but useless (for a multi GB file), but have gotten a  few positives from it.  If you look at it, it has a TON of crap.  Like full windows path/filenames.  Its a bloody mess of junk.

Link to comment
Share on other sites

Some of these are pre-installed in kali, others not for size but have at it:

 

https://github.com/danielmiessler/SecLists/tree/master/Passwords

 

There are quire a few places like this for wordlists, just have to google for them. I've been using the above link for working on Vulnhub CTF's and have had decent success with them. You can also try tools like digininjas cewl and rsmangler combined with john the ripper to make wordlists for you. crunch is also a nice tool for making number and letter sets based on rules, but warning, files can get large quick if you don't pay attention to the rules and length, you will fill a HDD very quickly if not careful.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...