Wordlists
You are a Pentester or a Red Team member in an active security assessment. You have recovered password hashes, but can’t pass them, or, use them as-is to gain further access. What are you to do? Crack them! Wordlists are very important when trying to crack passwords. Cracking programs can take a text file filled with words, also known as a wordlist or dictionary file, and use it to crack passwords. They literally take a word from the wordlist, encrypt it and compare it with the encrypted password hash. If it doesn’t match, it moves on to the next password. Most cracking programs use the wordlist directly word for word, while more advanced ones can also use the wordlist (or multiple wordlists) and manipulate them to create many new combinations of passwords to try. For example, some can take all the words in the wordlist and attach letters or numbers to the beginning or end of the word, or take two or more wordlist files and combine the words from both to make a...