Wordlists For Hacking

Wordlists for Hacking

What are Wordlists?

Normally, when we use Facebook, we need to enter username and password to log into our account.

Like darn it. If someone knows your username and password, they can log into your account. So you know that password is important.

So let's say you are AungAung and your password is aungaung123. Someone trying to log in to your account might be able to log into your account when you type in each one of what you think might be aungaung1, aungaung12, aungaung123, etc., and enter the same password as the password you provided. This method is called manual brute forcing.

In reality, there could be hundreds of thousands of possible passwords. So the manual brute force method would be very time consuming and tedious. No one uses it except when you forget your password. Because there are automated tools. In order to work with these tools, it is necessary to pre-enter the possible passwords from a file. The file contains a list of possible passwords, so they are called Password lists or wordlists files.

Password cracking requires good Wordlists.

Wordlists in Kali Linux

Since Kali Linux is mainly intended for Penetration Testing, wordlists are already included in Kali.

You can see the wordlists already included in Kali in the directory below.

/usr/share/wordlists

Inside you'll see the directories dirb and dirbuster, which contain everything you need to run Directory BruteForce. You can also see the fern-wifi directory where the default password files for Fern used for WiFi password cracking are kept. You will also see Metasploit and wfuzz directories. (Directory = Folder)

It would be better to open the files in the relevant directory one by one from the File Manager. Among the files in the wordlists directory, you can see the list files named nmap.lst and john.lst. What is special is Rockyou, which has been compressed in later versions of Kali. To use it, you must first extract the compressed file.

gzip -d /usr/share/wordlists/rockyou.txt.gz

Because it is compressed with gzip, you need to extract it using the above command. If we are not in the root terminal, then typing as above will show permission denied. You need to type sudo.

When asked for a sudo password, type the password they used to login and hit enter. Nothing appears while typing sudo passwords. Don’t worry. Type what you want to type and enter.

After extracting, the tgz file will disappear and you should see a password list file named rockyou.txt.

As of this writing, the rockyou.txt file contains 14,344,392 (almost one hundred and forty-three hundred thousand) lines. That's why you shouldn't open it with the default text editor in Kali. This can make your device heavy and bulky. If you want to open it, you can open it with a text editor like sublimetext.

Another wordlist directory in Kali is wfuzz. Web apps have been added in order to be used together with the wfuzz tool that can attack bruteforce.

Other Wordlists

Kali already has wordlists, but in real life this is not enough.

Github Wordlists

The easiest way to get more wordlists is on github. The link below will take you to a page where you can find a collection of wordlists from github. From there, they can download what they want.

https://github.com/search?q=wordlists&ref=simplesearch

Seclists

In Seclists, it is not wrong if there are multiple wordlists. He currently has about 400 MB. To install it, just type the following command in Kali.

sudo apt install seclists

After installing seclists, if you type seclists from Terminal, you should see its directory.

/usr/share/seclists မှာ ရှိတာပါ။

Be careful of s in seclists when installing. Finally, without s. Some of them asked about the error because it was left. If you are not using Kali, you can download it from the github link below.

https://github.com/danielmiessler/SecLists

Assetnote Wordlist

Another notable wordlist is the assetnote wordlist. You can visit the following site and download as you like.

https://wordlists.assetnote.io/

Packetstorm Wordlists

Here are wordlists, tooo.

https://packetstormsecurity.com/crackers/wordlists

Creating Wordlists yourself

It can also be a good idea to create your own wordlists. Even if there are Burmese names like aungaung myamya ayeaye that are not found in the existing wordlists, it is not easy to find them in many wordlists. So, if you start building your own possibilities, you can get a more possible wordlist.

There are many tools that can create a wordlist. If we have to talk about what is used out of it -