ejpt and Password lists- where to find them?

TheFORCETheFORCE Posts: 2,235Member ■■■■■■■■□□
For the purpose of the ejpt exam i would assume that the password lists included with Kali would be sufficient, but has anyone used any other passwords lists when taking the exam?

Comments

  • BlackBeretBlackBeret Posts: 684Member ■■■■■□□□□□
    They provide you one for the exam.
  • jamesleecolemanjamesleecoleman Posts: 1,899Member
    Yea, I've looked up the lists. I forgot the name of the file but it's like rockyou or something and they have a 10 15 up to a 100 I think. I never played around on the exam though, just in the labs. I just googled the name of the text file and found more lists.
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • Mike7Mike7 Posts: 1,061Member ■■■■□□□□□□
    If you have not, gunzip /usr/share/wordlist/rockyou.txt.gz.
    apt-get install seclists to get more wordlists in /usr/share/seclists/. More info at https://github.com/danielmiessler/SecLists


    Anyway, in case you are wondering why the file is named rockyou, here is a writeup
    Those were the dark ages of password cracking. The age of enlightenment came after 32 million non-unique plaintext passwords from RockYou were leaked to the Internet. Suddenly that pinhole turned into a porthole, and for the first time in history we got a solid look at how users were creating passwords on a mass scale.

    The RockYou breach revolutionized password cracking. No longer were we using crap like list_of_kitchen_appliance_manufacturers.txt for wordlists. Everyone was just using rockyou.txt, and they were cracking a significant percentage of passwords. Markov statistics, mangling rules, everything was being based off what we learned from the RockYou passwords.
Sign In or Register to comment.