ejpt and Password lists- where to find them?

For the purpose of the ejpt exam i would assume that the password lists included with Kali would be sufficient, but has anyone used any other passwords lists when taking the exam?

Find more posts tagged with

Comments

BlackBeret

They provide you one for the exam.

jamesleecoleman

Yea, I've looked up the lists. I forgot the name of the file but it's like rockyou or something and they have a 10 15 up to a 100 I think. I never played around on the exam though, just in the labs. I just googled the name of the text file and found more lists.

Mike7

If you have not, gunzip /usr/share/wordlist/rockyou.txt.gz.
apt-get install seclists to get more wordlists in /usr/share/seclists/. More info at https://github.com/danielmiessler/SecLists

Anyway, in case you are wondering why the file is named rockyou, here is a writeup

Those were the dark ages of password cracking. The age of enlightenment came after 32 million non-unique plaintext passwords from RockYou were leaked to the Internet. Suddenly that pinhole turned into a porthole, and for the first time in history we got a solid look at how users were creating passwords on a mass scale.

The RockYou breach revolutionized password cracking. No longer were we using crap like list_of_kitchen_appliance_manufacturers.txt for wordlists. Everyone was just using rockyou.txt, and they were cracking a significant percentage of passwords. Markov statistics, mangling rules, everything was being based off what we learned from the RockYou passwords.