Dictionary Attacks

Overview

Dictionary attacks are a common type of password attack that relies on a predefined list of words, phrases, or commonly used passwords, known as a "dictionary." In this attack, the attacker systematically tries each word from the dictionary as a possible password to gain unauthorized access to a system or account.

The attack is based on the assumption that many users choose weak passwords that are easy to guess. The dictionary can include common words, names, patterns, and commonly used combinations. The attacker uses automated tools that iterate through the dictionary, trying each word as a password until a successful match is found.

Rockyou wordlist

Rockyou is a widely known and extensively used wordlist in the field of password cracking and security testing. It gained its popularity due to the large number of passwords it contains, derived from a breach of the Rockyou website in 2009. The wordlist consists of millions of commonly used passwords, dictionary words, and combinations that users often use to secure their accounts.

Security professionals and ethical hackers often leverage the Rockyou wordlist during password auditing and penetration testing to identify weak passwords and assess the strength of an organization's security. It serves as a valuable resource for testing the effectiveness of password policies and highlighting the importance of using strong, unique, and hard-to-guess passwords.

rockyou.txt contains 14,341,564 unique passwords, used in 32,603,388 accounts.

Kali Linux provides this dictionary file as part of its standard installation.

https://github.com/josuamarcelc/common-password-list/tree/main/rockyou.txt

Other Used Wordlist

Passwords/Leaked-Databases · kali/master · Kali Linux / Packages / seclists · GitLabGitLab

GitHub - danielmiessler/SecLists: SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.GitHub

crackers

Files ≈ Packet Storm

ai1.ai.uga.edu - /ftplib/natural-language/moby/

SCOWL (And Friends)

Create your Own Wordlists

CUPP

Overview

CUPP (Common User Password Profiler) is a free and open-source password cracking tool that is used by security professionals and hobbyists alike. It is a powerful tool that can be used to generate wordlists of potential passwords based on information about the target user, such as their name, hobbies, and interests.

CUPP is a very versatile tool and can be used in a variety of situations, such as:

Penetration testing: Penetration testers use CUPP to generate wordlists for brute-force password attacks.
Forensic investigation: Forensic investigators use CUPP to generate wordlists for cracking passwords found on seized computers and devices.
Security research: Security researchers use CUPP to generate wordlists for testing the strength of password hashing algorithms.

CUPP is a valuable tool for anyone who wants to learn more about password security. It is also a useful tool for security professionals who need to crack passwords.

Here are some of the benefits of using CUPP:

It is free and open-source.
It is easy to use.
It is very versatile.
It is a powerful tool for generating wordlists.

Download

GitHub - Mebus/cupp: Common User Passwords Profiler (CUPP)GitHub

How to use ?

after installing CUPP , just type in terminal:

cupp -i

after that just answer few questions about the target: First Name , Surname , Nickname , birthdate , Partner's Name , Partner's Nickname , Partner's birthdate , child's Name , child's Nickname , child's birthdate , Pet's Name , Company Name, ...

now, you get a file with all possible combination in a text file ("Target_First_Name.txt")

Crunch

Crunch is a free and open-source password cracking tool that can be used to generate wordlists for use in password cracking attacks. Crunch can generate wordlists of any length, and it supports a variety of character sets, including upper and lowercase letters, numbers, and symbols.

Crunch is a powerful tool, but it is important to use it responsibly. Crunch should only be used to crack passwords that you have permission to crack. It is illegal to crack passwords without the permission of the owner of the passwords.

Here is a general overview of Crunch:

Crunch is a free and open-source password cracking tool.
Crunch can be used to generate wordlists for use in password cracking attacks.
Crunch can generate wordlists of any length.
Crunch supports a variety of character sets, including upper and lowercase letters, numbers, and symbols.
Crunch is a powerful tool, but it is important to use it responsibly.

Crunch can be used for a variety of purposes, such as:

To test the strength of passwords.
To crack passwords that have been lost or forgotten.
To audit password security for an organization.

It is important to note that Crunch is not a magic bullet. It cannot crack any password, no matter how strong. However, Crunch can be a valuable tool for password cracking and password security auditing.

crunch - wordlist generatorSourceForge

Download

How to use ?

after installing CUPP , just type in terminal:

crunch [min] [max] [combinations] -o [output_file.txt]

[min]: le minimum long of password
[max]: le maximum long of password
[combination]: the characters can be used in password

Example: 0123456789 , abcdefghijklmnopqrstuvw , ...

[output_file.txt]: the file you want to save passwords in

now, you get a file with all possible combination in a text file ("output_file.txt")

Hacking For Babies

Dictionary Attacks

Overview

Rockyou wordlist

Other Used Wordlist

Create your Own Wordlists

CUPP

Overview

Download

How to use ?

Other Tutorial about CUPP

Crunch

Download

How to use ?

Other Tutorial about Crunch