Hello and welcome to this breaking stuff With Robert episode today, we're going to be talking about word lists,
the objectives of this particular listen, or to provide you with a hot level overview of the word lists within the Cali Lennox distribution and to provide you a demo of the locations of those word lists.
Some target audiences for this particular listen our network administrators looking to test systems for weak passwords, which is a component of missed a CE. We had previously discussed
penetration testers looking too quickly. Test systems were known credential sets and cyber defense analysts looking to determine what credential sets pose a risk to the organization,
while not required a fundamental knowledge of brute force attacks is beneficial in understanding the benefit of word lists and how they could be utilized and a fundamental knowledge of the Cali Lennox command line and its utilization. So with that in mind, let's go ahead and jump right into our demo.
Hello and welcome to the handy dandy Kelly Lennix demo environment today, as we were discussing earlier, we're going to be looking at word lists
now, while these aren't per se tools in that we're going to be entering commands And, um, you know, working through a goodie or something like that Nature word lists or critical
to running a number of tools within the Cali Lennox distribution. And being aware of what you've got at your fingertips just empowers you to better meet those use case in areas where we're doing some brute forcing her password testing and just kind of knowing the limits of the distribution as well and where you might need to generate your own password lists.
So right now, we're in a terminal session on our Callie box, and we're just gonna go ahead and do a quick L s. And as you can see,
we're in our current directory here. So how do we get to the to the wordless directory?
Well, you'll do a CD
and then the resource here,
and then we're going to go to share
Now we're in the wordless directory. Currently,
you can do in L s h here to make that a human readable output, and you can see that we've got a number of different directories here with some password lists. Now, initially, that rock you dot t x t is compressed as you can see when it's un compressed. It's quite a large file, but that that password list is extensive.
That is a huge list. So if you're expecting to use that and get done in a timely manner, just know that it is a
very long has word list and will likely take quite a bit of time to run.
So with that in mind, just give you a quick example. Here in the last few videos, you may have seen medicine ploy, that directory being used or maybe the Dir Buster video. You saw that we were using a wordless from door buster. So if you want to go and look at any of those, you can just see the straight
into the directory,
and then you can see there's a number of password lists here. In each of these, you can view and use Thio. Run this list through tools like we've got keyboard patterns here.
It's got a number of just common keyboard patterns that people use. You can also do something like, let's see, we'll do danger zone, whatever that is there and run that through.
So that's got a number of
and then let's see, we've got root users here, So if we need to use,
I use your passwords and we've got some root
So as you can see, we can do 30 40 minutes. I'm just looking at the different types of password lists and what we've got available to us. I encourage you to take the time to further understand these lists in their use cases.
That way you can get again maximum return on your time and investment with respect to password testing or penetration testing against environments where you're aware of what systems Aaron play like Apache or what types of printers they're using or what type of data base infrastructure they're using.
It'll just make the process that much quicker when you're testing across multiple systems
and trying to get a positive result.
Well, I hope you enjoyed that demo of ward lists, and I hope you enjoy the high level overview that we've provided with respect to their locations and some of their benefits. So with that in mind, I want to thank you for joining us today, and I look forward to seeing you again soon.
How to Use DirBuster (BSWR)
This is a multi-threaded Java application that performs brute force over directories and file names on ...
Certificate of Completion Offered
How to Use Doona (BSWR)
Doona is a network protocol fuzzing tool and it is a fork of the Bruteforce ...
Certificate of Completion Offered