Module 1: Wordlists (BSWR)
Who Needs to Use Wordlists?
A wordlist, also called a password dictionary, is essentially a list of passwords that are collected in plain text. It’s a text file that has a list of possible passwords, that can be used to help someone crack passwords when necessary. There are many wordlists available online, some are free to download, while others must be purchased. Typically, they are collections of passwords that were once used by real people.
Cracking passwords is really an art form that is required on just about every type of penetration test. Wordlists are one type of tool that penetration testers and other cybersecurity professionals need to make their jobs easier and more efficient. Anyone who needs to discover or recover passwords should learn to use wordlists with their password cracking software.
Why Use Wordlists for Password Cracking?
Penetration tests nearly always require some type of password cracking. For example, for penetration tests that are done internally, the tester will often have to crack captured password hashes to access the domain. That can involve hundreds (or thousands, depending on the organization) of hashes pulled from the domain controller that will have to be cracked for the tester to be able to evaluate the overall effectiveness of the passwords. Knowing the password strengths and especially the weaknesses, of an organization’s passwords will help the IT team communicate the proper ways to choose passwords that are harder to crack, making the overall protection of digital information better.
Using wordlists to aid in password cracking will make the penetration testing process much faster. Wordlists typically can try thousands of passwords in seconds. This saves time for penetration testers – time that can be better spent resolving any vulnerabilities their tests identify.
If you are a penetration tester, or you want to be, it’s important to know about wordlists, how they work, and where to obtain them. Our How to Use Wordlists tutorial will provide you with the knowledge you need to utilize wordlists to simplify penetration testing.
Teaching Assistant Vikramajeet Khatri and Tahir Ibrahim
(Disclaimer: Breaking Stuff with Robert is a Cybrary series that will be running indefinitely. You will not earn CEU/CPE hours by watching any individual 'Breaking Stuff with Robert' episode. However, you can still earn a certificate of completion for each episode completed.)
Certificate of Completion
Complete this entire course to earn a How to Use Wordlists (BSWR) Certificate of Completion