|
|
|
|
|
|
by capableweb
1357 days ago
|
|
|
Fun fact: rockyou.txt by now is probably one of the most common/famous wordlists out there, used for doing various types of dictionary attacks and the entire list ships by default with lots of tools, including Kali Linux which is a common distribution for pentesting. |
|
|
Famous, ships by default, agree, but actually used? It's really low quality, I've mostly seen it used for CTFs: because it is so common, the organizers / challenge makers think picking a password from this list is fair game for a challenge where the trick is to crack some user password hash without requiring proper cracking hardware. In the real world, it can be a starting point but it's not really used much anymore.
Things like the linkedin list and newer lists are more accurate, especially when combined with rule sets that add additional transformations (add an(other) exclamation mark to a password, change o to zero, combinations of these things, etc.)