Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Wordlists

On the Try Hack Me challenge from last week, we needed to supply a wordlist to gobuster to make it work.

These are curated lists of common words used in websites, accounts, passwords, etc.

RockYou

The most famous of these wordlists comes from a hack of an app on a social network.

From Wikipedia:

Data breach In December 2009, the company experienced a data breach resulting in the exposure of over 32 million user accounts. The company used an unencrypted database > to store user account data, including plaintext passwords (as opposed to password hashes) for its service, as well as passwords to connected accounts at > partner sites (including Facebook, Myspace, and webmail services). RockYou would also e-mail the password unencrypted to the user during account recovery. They also did not allow using special characters in the passwords. The hacker used a 10-year-old SQL vulnerability to gain access to the database. The company took days to notify users after the incident, and initially incorrectly reported that the breach only affected older applications when it actually affected all RockYou users.[4]

The full list of passwords exposed as a result of the breach is available in Kali Linux, and has been since its launch in 2013. Due to its easy attainability and comprehensive length, it is commonly used in dictionary attacks.[21]

So it's a list of MILLIONS of common passwords.

YOU DO NOT WANT TO USE A PASSWORD ON THIS LIST

First lines of the RockYou list:

123456
12345
123456789
password
iloveyou
princess
1234567
rockyou
12345678
abc123
nicole
daniel
babygirl
monkey
lovely
jessica
654321
michael
ashley
qwerty
111111
iloveu
000000
michelle
tigger
sunshine
chocolate
password1
soccer
anthony
friends
butterfly
purple
angel
jordan
liverpool
justin
loveme
fuckyou
123123
football
secret
andrea
carlos
jennifer
joshua
bubbles
1234567890
superman
hannah
amanda
loveyou
pretty
basketball
andrew
angels
tweety
flower
playboy
hello
elizabeth
hottie
tinkerbell
charlie
samantha
barbie
chelsea
lovers
teamo
jasmine
brandon
666666
shadow
melissa
eminem
matthew
robert
danielle
forever
family
jonathan
987654321
computer
whatever
dragon
vanessa
cookie