Nov 20, 2018 - Download the latest (2018) password lists and wordlists for Kali Linux. Works for cracking. Aircrack-ng handshake.cap -w /path/to/wordlist.txt.

Kali linux is a distribution designed for penetration testing and computer forensics, both which involve password cracking. So you are right in thinking that word lists are involved in password cracking, however it's not brute force. Brute force attacks try every combination of characters in order to find a password, while word lists are used in dictionary based attacks. Many people base their password on dictionary words, and word lists are used to supply the material for dictionary attacks. The reason you want to use dictionary attacks is that they are much faster than brute force attacks.

If you have many passwords and you only want to crack one or two then this method can yield quick results, especially if the password hashes are from places where strong passwords are not enforced. Typical tools for password cracking (John the Ripper, ophtcrack, hashcat, etc) can do several types of attacks including: • Standard brute force: all combinations are tried until something matches. You tpyically use a character set common on the keyboards of the language used to type the passwords, or you can used a reduced set like alphanumneric plus a few symbols. The size of the character set makes a big difference in how long it takes to brute force a password.

Password length also makes a big difference. This can take a very long time depending on many factors • Standard dictionary: straight dictionary words are used.

It's mostly used to find really poor passwords, like password, password123, system, welcome, 123456, etc. • Dictionary attack with rules: in this type dictionary words are used as the basis for cracks, rules are used to modify these, for instance capitalizing the first letter, adding a number to the end, or replacing letters with numbers or symbols Rules attacks are likely the best bang for the buck if all you have are standard computing resources, although if you have GPUs available brute-force attacks can be made viable as long as the passwords aren't too long.

It depends on the password length, hashing/salting used, and how much computing power you have at your disposal. In addition to what's already mentioned here, the wordlists are used in conjunction with some of the web app tools and things such as sqlmap. If you're looking for places to use them, download some of the 'boot to root' VMs like Kioptrix and De-ICE and have a go at brute-ing some passwords.

As for specific lists for specific types of hacks - not really. Unless you're doing something targeted against a person you know some facts about (in which case you'll use something like CUPP - Common User Passwords Profiler - to generate a custom wordlist for that particular target).

A place to ask security related questions. All questions are welcome. Be sure to check out the awesome. Or check out from the wiki Rules & Guidelines: • Be nice and try to keep it clean • If you answer a question try to know what you are talking about • An upvoted answer doesn't make an answer right • It is highly recommended to independently verify the answers you get here if you want to be on the safe side!

• Do not ask for pirated content, encourage crime, or engage in openly illegal activities. • Do not ask for or offer 'hacking' services.

If you get caught in the spam filter drop a (non-moderator) message. I don't have a whole lot of processing power, but I could stand to make this wordlist more comprehensive. Is there some way to append every lower case word with the first letter capitalized, e.g. 'Bird' is skipped but for 'bird', 'Bird' is appended? Also a way to append a specified range of numbers to and only to strings that don't already end with numbers, e.g. 'bird1' is skipped but for 'bird', 'bird1', 'bird2', and 'bird3' are appended if the range of numbers is 1-3.

So the end result would be e.g. For 'bird', 'Bird1', 'Bird 2', and 'Bird3' are appended if the range of numbers is 1-3. For 'Bird', 'Bird1', 'Bird2', and 'Bird3' are appended. For 'bird67', 'Bird67' is appended.

Something like 'Bird67' is just skipped entirely. I hope this is clear. If first letter capitalized, no need to repeat that. If there's already some number at the end of the string, no need to append additional numbers.

Else, append the word capitalized and ending with a specified range of numbers. I think this would make any wordlist much more effective. Edit: I need a way to edit the actual wordlist. I can't run hashcat to apply rules on the fly.