You're probably missing out on a lot of cracked passwords. Here's how you can crack more

J Cache

2 min read
You're probably missing out on a lot of cracked passwords. Here's how you can crack more
Photo by Jason Dent / Unsplash

When I started my journey in Information Security, I thought password cracking was something only people with super beefy gaming rigs could do effectively. As a poor college student at the time, I thought my laptop with intel i3 & 4 GB of RAM was not enough firepower to even experiment with password cracking. However, it turns out that password cracking is much more accessible when you use password lists. Rockyou.txt is commonly understood to be the default password list out there. And it is good. But there are much better lists out there. Here are the lists that I incorporated into my personal password dictionary list. You do have your own password dictionary list, right? Check out these password lists to DRASTICALLY increase your password cracking success:

  1. Rocktastic - This password list originated from the Rockyou wordlist. A precocious individual out there just started deduplicating passwords and adding more passwords to the rockyou list. Eventually, it became what is now known as Rocktastic. This thing has over 1 billion passwords and is 13 GB uncompressed. You can grab the 2.5 GB compressed version from Netitude Labs as a torrent here. I have cracked multiple service account passwords with just this list. It's scary effective on pentests.
  2. Crackstation - https://crackstation.net/crackstation-wordlist-password-cracking-dictionary.htm
  3. Breach Compilation
  4. Compilation of Many Breaches - This one is a huge list. It includes over 3.2 billion email and password combos which comes out to about 40 GB of data.
  5. Have I Been Pwned Have I Been Pwned is an awesome website where a guy named Troy Hunt maintains a list of accounts included in public breaches so that people can check if they have been affected by a breach. He also provides the list of breached passwords. These are great to use in password cracking. Especially if you introduce a few cracking rules to increase your chances.  

So there you have it, consider investing in an external hard drive to store all these lists on offline. This way you know you will always have the list because we should all know that internet links can suddenly go dead. At this point, continue to monitor for new password lists to add to your list. Also, mentioning that you have a personal password list during a pentesting interview will definitely make you stand out.