ejpt and Password lists- where to find them?
TheFORCE
Member Posts: 2,297 ■■■■■■■■□□
For the purpose of the ejpt exam i would assume that the password lists included with Kali would be sufficient, but has anyone used any other passwords lists when taking the exam?
Comments
-
jamesleecoleman Member Posts: 1,899 ■■■■■□□□□□Yea, I've looked up the lists. I forgot the name of the file but it's like rockyou or something and they have a 10 15 up to a 100 I think. I never played around on the exam though, just in the labs. I just googled the name of the text file and found more lists.Booya!!
WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
*****You can fail a test a bunch of times but what matters is that if you fail to give up or not***** -
Mike7 Member Posts: 1,107 ■■■■□□□□□□If you have not, gunzip /usr/share/wordlist/rockyou.txt.gz.
apt-get install seclists to get more wordlists in /usr/share/seclists/. More info at https://github.com/danielmiessler/SecLists
Anyway, in case you are wondering why the file is named rockyou, here is a writeupThose were the dark ages of password cracking. The age of enlightenment came after 32 million non-unique plaintext passwords from RockYou were leaked to the Internet. Suddenly that pinhole turned into a porthole, and for the first time in history we got a solid look at how users were creating passwords on a mass scale.
The RockYou breach revolutionized password cracking. No longer were we using crap like list_of_kitchen_appliance_manufacturers.txt for wordlists. Everyone was just using rockyou.txt, and they were cracking a significant percentage of passwords. Markov statistics, mangling rules, everything was being based off what we learned from the RockYou passwords.