Time
4 minutes
Difficulty
Intermediate

Video Transcription

00:04
Hello and welcome to this breaking stuff With Robert episode today, we're going to be talking about word lists,
00:13
the objectives of this particular listen, or to provide you with a hot level overview of the word lists within the Cali Lennox distribution and to provide you a demo of the locations of those word lists.
00:24
Some target audiences for this particular listen our network administrators looking to test systems for weak passwords, which is a component of missed a CE. We had previously discussed
00:34
penetration testers looking too quickly. Test systems were known credential sets and cyber defense analysts looking to determine what credential sets pose a risk to the organization,
00:44
while not required a fundamental knowledge of brute force attacks is beneficial in understanding the benefit of word lists and how they could be utilized and a fundamental knowledge of the Cali Lennox command line and its utilization. So with that in mind, let's go ahead and jump right into our demo.
01:03
Hello and welcome to the handy dandy Kelly Lennix demo environment today, as we were discussing earlier, we're going to be looking at word lists
01:11
now, while these aren't per se tools in that we're going to be entering commands And, um, you know, working through a goodie or something like that Nature word lists or critical
01:25
to running a number of tools within the Cali Lennox distribution. And being aware of what you've got at your fingertips just empowers you to better meet those use case in areas where we're doing some brute forcing her password testing and just kind of knowing the limits of the distribution as well and where you might need to generate your own password lists.
01:44
So right now, we're in a terminal session on our Callie box, and we're just gonna go ahead and do a quick L s. And as you can see,
01:53
we're in our current directory here. So how do we get to the to the wordless directory?
02:00
Well, you'll do a CD
02:01
and then the resource here,
02:05
and then we're going to go to share
02:07
word lists.
02:09
Now we're in the wordless directory. Currently,
02:14
you can do in L s h here to make that a human readable output, and you can see that we've got a number of different directories here with some password lists. Now, initially, that rock you dot t x t is compressed as you can see when it's un compressed. It's quite a large file, but that that password list is extensive.
02:34
That is a huge list. So if you're expecting to use that and get done in a timely manner, just know that it is a
02:38
very long has word list and will likely take quite a bit of time to run.
02:44
So with that in mind, just give you a quick example. Here in the last few videos, you may have seen medicine ploy, that directory being used or maybe the Dir Buster video. You saw that we were using a wordless from door buster. So if you want to go and look at any of those, you can just see the straight
03:01
into the directory,
03:05
and then you can see there's a number of password lists here. In each of these, you can view and use Thio. Run this list through tools like we've got keyboard patterns here.
03:14
It's got a number of just common keyboard patterns that people use. You can also do something like, let's see, we'll do danger zone, whatever that is there and run that through.
03:27
So that's got a number of
03:30
okay,
03:31
things here
03:36
and then let's see, we've got root users here, So if we need to use,
03:42
I use your passwords and we've got some root
03:46
combinations here.
03:50
So as you can see, we can do 30 40 minutes. I'm just looking at the different types of password lists and what we've got available to us. I encourage you to take the time to further understand these lists in their use cases.
04:03
That way you can get again maximum return on your time and investment with respect to password testing or penetration testing against environments where you're aware of what systems Aaron play like Apache or what types of printers they're using or what type of data base infrastructure they're using.
04:20
It'll just make the process that much quicker when you're testing across multiple systems
04:25
and trying to get a positive result.
04:30
Well, I hope you enjoyed that demo of ward lists, and I hope you enjoy the high level overview that we've provided with respect to their locations and some of their benefits. So with that in mind, I want to thank you for joining us today, and I look forward to seeing you again soon.

How to Use Wordlists (BSWR)

A wordlist, also called a password dictionary, is essentially a list of passwords that are collected in plain text. It’s a text file that has a list of possible passwords, that can be used to help someone crack passwords when necessary. Our tutorial will provide you with the knowledge you need to utilize wordlists to simplify penetration testing.

Instructed By

Instructor Profile Image
Robert Smith
Director of Security Services at Corsica
Instructor