Wordlist Thread


#1

Can we get a wordlist thread? Use this thread to compile data on talking about leaks, finding existing wordlists, manipulating wordlists, generating wordlists etc. I’ve done a bunch of collecting over the past few weeks and I’m trying to organize data now. I’ll be back soon to post what I’ve learned once I get it into some sort of workable order.


#2

I’ve recently just started with Aircrack-ng, and I’m using the 10 million wordlist txt file from g0tm1lk on git. Here’s a link if you want to try it. I’ve been looking for the rock you.txt for a while, and nothing is seeming to come up. Any chance you have it?


#3
ftp://ftp.openwall.com/pub/wordlists/
http://www.openwall.com/mirrors/
https://github.com/danielmiessler/SecLists
http://www.outpost9.com/files/WordLists.html
http://www.vulnerabilityassessment.co.uk/passwords.htm
http://packetstormsecurity.org/Crackers/wordlists/
http://www.ai.uga.edu/ftplib/natural-language/moby/
http://wordlist.sourceforge.net/
https://github.com/berzerk0/Probable-Wordlists
https://weakpass.com/wordlist
https://pypi.org/project/wordlist/
https://packages.debian.org/jessie/wordlist

just to name a few

also included in parrot OS rockyou-wordlist located at

/usr/share/wordlist/rockyou.txt.gz

also you can use crunch to create a wordlist “on-the-fly” (without wasting storage) - pipe that to john with --session option (you can resume the cracking process) and give that to aircrack (-w - // without password list since crunch is creating it)

crunch 8 8 | john --stdin --session=superwifi --stdout | aircrack-ng -b 00:11:22:33:44:55 -w - handshake-Superwifi.cap

just experiment with --help options of the programs


#4

Holy fuck that’s a-lot of repositories. Thanks man, and thats a badass tip about using john!


(dmknght) #5

apt show wordlists
apt show seclists
You can combine your keywords to make a new wordlist with john.


#6

the best wordlist for cracking i ever use is this one :


After that when you heard about breach go on the darknet and you can find the data released and add them to the wordlist and sort them for unique.

and for cracking hash use the new version of hashcat with the brain options, idk but i think parrot dont have this version on the apt repo. I use hate_crack form trustedsec (https://github.com/trustedsec/hate_crack)because it has a lot of awesome feature for cracking hash and i use the jumbo john version of johntheripper (https://github.com/magnumripper/JohnTheRipper)


#7

sorry everyone that i haven’t been around. something really f*cky has been going on. can someone get this to the development team?

https://anonfile.com/Vdp0R1m2ba/signed-hashes_txt
https://anonfile.com/1bHbR8m6be/Parrot-home-4.3_amd64-cianigd_iso

I discovered that the proper iso has been switched out for this one. it seems to be fully functioning. I still haven’t discovered what’s been modified, but the hash doesn’t match.


(Matt) #8

Where did you download the iso from? and where did you get the hashes from?


(D) #9

The one from torrent is good, right? ParrotSec


#10

The iso just appeared on my thumbdrive in place of the iso I downloaded (via torrent), and I later downloaded Home4.3 directly from sourceforge and that iso seemed to match the iso dl via torrent. The isos came in a pack for some reason “4.3” which I could not download individually. I got the torrent from the parrotsec website. The hashes I got from the website as well, but I modified it above to add the hash of “Parrot-home-4.3_amd64-cianigd_iso” which is the iso that appeared on my thumbdrive.

Are they wrong?

The iso that I originally downloaded from the torrent matched the hashes that I downloaded from the website, the hashes of which I provided above.

UPDATE: So, I ran the live system in a VM and it worked. I then attempted to install the system in a VM and I got an error. I’m not sure yet whether the error was symptomatic or coincidental. I later unpacked both ISOs and ran a diff. The only thing that seemed to differ were the squashfs for the live system. So, I tried to unpack those and run a diff, and it seems like the only thing that differed was that one of the libreoffice zip files was corrupted or for some reason wouldn’t unpack.

I haven’t investigated further yet because it was very late and I was tired. I’ll get back to it a little later.


(Matt) #11

Just appeared on your thumbdrive?..:thinking:

Are you sure your not comparing the 4.3 iso’s with 4.4 hashes? Also torrents are sent over UDP so there is a chance you just lost a bit of data along the way, hence libreoffice looks corrupted.


#12

yeah, i know, right?

100% sure. I provided links with proof above. Not sure how long anonfile keeps them. Let me know if its expired and I will reupload.

nope. I had made multiple copies on encrypted drives. I put one copy on my “bugout” USB drive (not encrypted – DERP). The one on my thumb was “switched” but the ones on my encrypted HDD and encrypted backup HDD were fine. I also DL again directly from sourceforge.

A more logical answer is that something is wrong with that thumb and it was corrupted there. However, I’ve fsck and smarmon etc and there doesn’t seem to be anything wrong with the drive. Pretty sure I didn’t introduce it to a magnetic field, but, absent human intervention, the logical conclusion would be that it was corrupted somehow while my USB thumb was sitting on the computer, or perhaps it was corrupted during the transfer from my OS HDD to the thumb.

It’s pretty freaky, but perhaps it was just random chance. Given the fact that it seems the only “corruption” was in a libreoffice package, it might point to random chance.

However, when I tried to install in a VM, it errored out. I’ve been busy so I haven’t investigated any further at the moment.

I’d love someone else to put some eyes on this. It really seems weird that my thumb drive doesn’t have any bad sectors, the filesystem isn’t corrupted, but just coincidentally my current favorite OS was “corrupted.” But, I suppose stranger things have happened. Random chance can seem not random sometimes, and I do have a tendency toward paranoia.

of course, just becaues you’re paranoid doesn’t mean they’re not after you XDDDDD


(Nico Paul) #13

i would agree that maybe the culprit is paranoia (buggout drives a new one for me) most likely an error on either your part (download from parrotsec.org not sourceforge.) but also dont use the outdated ISO’s. Remember one of our core beliefs is constantly updating and improving all of its aspects, we release almost monthly updates (current on 12/10/18 is 4.4).