- A quick walkthrough of how to crack hashed passwords with John the Ripper
- Password cracking wordlists reprise
- Crash course in Elasticsearch Logstash and Kibana log aggregation
- Fuzzing network services with Fuzzotron and Radamsa modified pcap testcases
- CVE-2019-15947 Bitcoin Core bitcoin-qt crash dumps contain wallets
Password cracking wordlists reprise
These wordlists are some of my favorite to use for password cracking. Generally the larger the wordlist the longer it will take to crack a password, but the higher probabilty it will be in the list. These lists are line-by-line, suitable for use with John the Ripper or OCLHashcat to name a few.
If you need help cracking hashes, you can read my walkthrough of John the Ripper.
super_wpa.lst.gz - WPA wifi wordlist.
adjective_noun_3_digits_router.lst.gz - Some routers have this naming scheme.
breachcompletion_sorted.lst.gz - A long list of passwords from breaches with email pairs stripped.
rockyou.lst.gz - Good medium size all around wordlist.
john.lst.gz - Shorter password list bundled with John The Ripper.
bt4-password.lst.gz - Snother medium short wordlist of common passwords.
darkweb-top100000.lst.gz - Passes in order from most used.
All lists are gzipped to save bandwidth. Total passwords included in each file is noted to the side, and was generated with:
Total all lists: 2779697215 unique passwords
adjective_noun_3_digits_router.lst.gz: 1802841920 lines 4.1G
breachcompletion_sorted.lst.gz: 378839348 lines 1.3G
bt4-password.lst.gz: 1652903 lines 5.2M
rockyou.lst.gz: 14344391 lines 51M
super-wpa.lst.gz: 982963903 lines 4.3G
john_password.lst.gz: 3559 lines 14K
darkweb2017-top10000.lst.gz: 9999 lines 40K
I have also compiled this into a torrent for those who want them all.