Other than a mass of download links it contains pretty pictures and confusing numbers which shows the break down of statistics regarding 17 wordlists. These wordlists, which the original source(s) can be found online, have been 'analysed', 'cleaned' and then 'sorted', for example:
- Merged each 'collection' into one file (minus the 'readmes' files)
- Removed leading & trailing spaces & tabs
- Converted all 'new lines' to 'Unix' format
- Removed non-printable characters
- Removed HTML tags (Complete and common incomplete tags)
- Removed (common domains) email addresses
- Removed duplicate entries
- How much would be used if they were for 'cracking WPA' (Between 8-63 characters)
Before getting the the results, each wordlist has been sorted differently rather than 'case sensitive A-Z'.
Each wordlist was:
- Split into two parts - 'Single or two words' and 'multiple spaces'.
- Sorted by the amount of times the word was duplicated - Therefore higher up the list, the more common the word is.
- Sorted again by 'in-case sensitive A-Z'.
- Joined back together - Single or two words at the start.
The justification of sorting by duplicated amount was the more common the word is, the higher the chance the word would be used! If you don't like this method, you can sort it yourself back to case sensitive A-Z, however it can't be sorted how it was - due to the lists not having (hopefully) any duplicates in them!
When removing HTML tags and/or email addresses, it doesn't mean that it wasn't effective. If the word has contained some HTML tags and it was still unique afterwords, it wouldn't change the line numbers, it would improve the wordlist & it still could be unique It is also worth mentioning, due to a general rule of 'search & replace', it COULD of removed a few false positives. It is believed that the amount removed to the predicted estimated amount is worth it. For example instead of having three passwords like below, it would be more worth while to have just the two passwords:
- user1@company.com:password1
- user2@company.com:password1
- user3@company.com:password2
Download links for each collection which has been 'cleaned' is in the table below along with the results found and graphs. '17-in-1' is the combination of the results produced from each of the 17 collections. The extra addition afterwords (18-in-1), is a mixture of random wordlists (Languages (AIO), Random & WPA) which I have accumulated. You can view & download them here (along with all the others!). '18-in-1 [WPA]', is a 'smaller' version of 18-in-1, with JUST words between 8-63 characters.
| Collection Name (Original Source) | Lines & Size
(Extracted/ Compressed)
| Download | MD5 |
|---|---|---|---|
| Collection of Wordlist v.2 | 374806023 (3.9GB / 539MB) | Part 1, Part 2, Part 3 | 5510122c3c27c97b2243208ec580cc67 |
| HuegelCDC | 53059218 (508MB / 64MB) | Part 1 | 52f42b3088fcb508ddbe4427e8015be6 |
| Naxxatoe-Dict-Total-New | 4239459985 (25GB / 1.1GB) | Part 1, Part 2, Part 3 Part 4, Part 5, Part 6 | e52d0651d742a7d8eafdb66283b75e12 |
| Purehates Word list | 165824917 (1.7GB / 250MB) | Part 1, Part 2 | c5dd37f2b3993df0b56a0d0eba5fd948 |
| theargonlistver1 | 4865840 (52MB / 15MB) | Part 1 | b156e46eab541ee296d1be3206b0918d |
| theargonlistver2 | 46428068 (297MB / 32MB) | Part 1 | 41227b1698770ea95e96b15fd9b7fc6a |
| theargonlistver2-v2 (word.lst.s.u.john.s.u.200) | 244752784 (2.2GB / 219MB) | Part 1, Part 2 | 36f47a35dd0d995c8703199a09513259 |
| WordList Collection | 472603140 (4.9GB / 1.4GB) | Part 1, Part 2, Part 3, Part 4, Part 5, Part 6, Part 7 | a76e7b1d80ae47909b5a0baa4c414194 |
| wordlist-final | 8287890 (80MB / 19MB) | Part 1 | db2de90185af33b017b00424aaf85f77 |
| wordlists-sorted | 65581967 (687MB / 168MB) | Part 1 | 2537a72f729e660d87b4765621b8c4bc |
| wpalist | 37520637 (422MB / 66MB) | Part 1 | 9cb032c0efc41f2b377147bf53745fd5 |
| WPA-PSK WORDLIST (40 MB) | 2829412 (32MB / 8.7MB) | Part 1 | de45bf21e85b7175cabb6e41c509a787 |
| WPA-PSK WORDLIST 2 (107 MB) | 5062241 (55MB / 15MB) | Part 1 | 684c5552b307b4c9e4f6eed86208c991 |
| WPA-PSK WORDLIST 3 Final (13 GB) | 611419293 (6.8GB / 1.4GB) | Part 1, Part 2, Part 3, Part 4, Part 5, Part 6, Part 7 | 58747c6dea104a48016a1fbc97942c14 |
| -=Xploitz=- Vol 1 - PASSWORD DVD | 100944487 (906MB / 109MB) | Part 1 | 38eae1054a07cb894ca5587b279e39e4 |
| -=Xploitz=- Vol 2 - Master Password Collection | 87565344 (1.1GB / 158MB) | Part 1 | 53f0546151fc2c74c8f19a54f9c17099 |
| -=Xploitz Pirates=- Masters Password Collection #1! -- Optimized | 79523622 (937MB / 134MB) | Part 1 | 6dd2c32321161739563d0e428f5362f4 |
| 17-in-1 | 5341231112 (37GB / 4.5GB) | Part 1 - Part 24 | d1f8abd4cb16d2280efb34998d41f604 |
| 18-in-1 | 5343814622 (37GB / 4.5GB) | Part 1 - Part 24 | aee6d1a230fdad3b514a02eb07a95226 |
| 18-in-1 [WPA Edition] | 1130701596 (12.6GB / 2.9GB) | Part 1 - Part 15 | 425d47c549232b62dbb0e71b8394e9d9 |
 |
| Table 1 - raw data |
 |
| Table 2 - Calculated Differences |
 | |
| Table 3 - Summary |
 |
| Graph 1 - Number of lines in a collection |
 |
| Graph 2 - Percentage of unique words in a collection |
 |
| Graph 3 - Number of lines removed during claning |
 |
| Graph 4 - Percentage of content removed |
 | |
| Graph 5 - Percentage of words between 8-63 characters (WPA) *Red means it is MEANT for WPA* |
- In the tables - 'Purehates' wordlist is corrupt and towards the end, it contains 'rubbish' (non-printable characters). Which is why it is highlighted red, as it isn't complete. I was unable to find the original.
- Table 3 which summarizes the results - shows that 57% of the 17 collections are unique. Therefore 43% of it would be wasted due to duplication if it was tested - that's a large amount of extra un-needed attempts!
- In graph 2 - Only one collection was 100% 'unique', which means most of the collections sizes have been reduced.
- In graph 5 - which is for showing how effective it would be towards cracking WPA. The four wordlists which were 'meant' for WPA, are in red.
| Value | uniq | sort | uniq or awk '!x[$0]++' |
| word1,word2,word2,word3 | word1,word2,word3 | word1,word2,word3 |
| word1,word2,word2,word3,word1 | word1,word2,word3,word1 | word1,word2,word3 |
| word1,word2,word1,word1,word2,word3,word1 | word1,word2,word1,word2,word3,word1 | word1,word2,word3 |
The commands used were:
Step By Step
# Merging
rm -vf CREADME CHANGELOG* readme* README* stage*
echo "Number of files:" `find . -type f | wc -l`cat * > /tmp/aio-"${PWD##*/}".lst && rm * && mv /tmp/aio-"${PWD##*/}".lst ./ && wc -l aio-"${PWD##*/}".lst
file -k aio-"${PWD##*/}".lst
# Uniq Lines
cat aio-"${PWD##*/}".lst | sort -b -f -i -T "$(pwd)/" | uniq > stage1 && wc -l stage1
# "Clean" Lines
tr '\r' '\n' < stage1 > stage2-tmp && rm stage1 && tr '\0' ' ' < stage2-tmp > stage2-tmp1 && rm stage2-tmp && tr -cd '\11\12\15\40-\176' < stage2-tmp1 > stage2-tmp && rm stage2-tmp1
cat stage2-tmp | sed "s/ */ /gI;s/^[ \t]*//;s/[ \t]*$//" | sort -b -f -i -T "$(pwd)/" | uniq > stage2 && rm stage2-* && wc -l stage2
# Remove HTML Tags
htmlTags="a|b|big|blockquote|body|br|center|code|del|div|em|font|h[1-9]|head|hr|html|i|img|ins|item|li|ol|option|p|pre|s|small|span|strong|sub|sup|table|td|th|title|tr|tt|u|ul"
cat stage2 | sed -r "s/<[^>]*>//g;s/^\w.*=\"\w.*\">//;s/^($htmlTags)>//I;s/<\/*($htmlTags)$//I;s/&*/&/gI;s/"/\"/gI;s/'/'/gI;s/'/'/gI;s/</ stage3 && wc -l stage3 && rm stage2
# Remove Email addresses
cat stage3 | sed -r "s/\w.*\@.*\.(ac|ag|as|at|au|be|bg|bill|bm|bs|c|ca|cc|ch|cm|co|com|cs|de|dk|edu|es|fi|fm|fr|gov|gr|hr|hu|ic|ie|il|info|it|jo|jp|kr|lk|lu|lv|me|mil|mu|net|nil|nl|no|nt|org|pk|pl|pt|ru|se|si|tc|tk|to|tv|tw|uk|us|ws|yu):*//gI" | sort -b -f -i -T "$(pwd)/" | uniq > stage4 && wc -l stage4 && rm stage3
# Misc
pw-inspector -i aio-"${PWD##*/}".lst -o aio-"${PWD##*/}"-wpa.lst -m 8 -M 63 ; wc -l aio-"${PWD##*/}"-wpa.lst && rm aio-"${PWD##*/}"-wpa.lst
pw-inspector -i stage4 -o stage5 -m 8 -M 63 ; wc -l stage5
7za a -t7z -mx9 -v200m stage4.7z stage4
du -sh *
AIO + Sort
cat * > /tmp/aio-"${PWD##*/}".lst && rm * && mv /tmp/aio-"${PWD##*/}".lst ./
tr '\r' '\n' < aio-"${PWD##*/}".lst > stage1-tmp && tr '\0' ' ' < stage1-tmp > stage1-tmp1 && tr -cd '\11\12\15\40-\176' < stage1-tmp1 > stage1-tmp && mv stage1-tmp stage1 && rm stage1-*
htmlTags="a|b|big|blockquote|body|br|center|code|del|div|em|font|h[1-9]|head|hr|html|i|img|ins|item|li|ol|option|p|pre|s|small|span|strong|sub|sup|table|td|th|title|tr|tt|u|ul"
cat stage1 | sed -r "s/ */ /gI;s/^[ \t]*//;s/[ \t]*$//;s/<[^>]*>//g;s/^\w.*=\"\w.*\">//;s/^($htmlTags)>//I;s/<\/*($htmlTags)$//I;s/&*/&/gI;s/"/\"/gI;s/'/'/gI;s/'/'/gI;s/</ stage2 && rm stage1
sort -b -f -i -T "$(pwd)/" stage2 > stage3 && rm stage2
grep -v " * .* " stage3 > stage3.1
grep " * .* " stage3 > stage3.4
rm stage3
for fileIn in stage3.*; do
cat "$fileIn" | uniq -c -d > stage3.0
sort -b -f -i -T "$(pwd)/" -k1,1r -k2 stage3.0 > stage3 && rm stage3.0
sed 's/^ *//;s/^[0-9]* //' stage3 >> "${PWD##*/}"-clean.lst && rm stage3
cat "$fileIn" | uniq -u >> "${PWD##*/}"-clean.lst
rm "$fileIn"
done
rm -f stage* #aio-"${PWD##*/}".lst
wc -l "${PWD##*/}"-clean.lst
md5sum "${PWD##*/}"-clean.lst
If you're wanting to try this all out for your self, you can find some more wordlists here:
- http://www.skullsecurity.org/wiki/index.php/Passwords
- http://trac.kismac-ng.org/wiki/wordlists
- http://hashcrack.blogspot.com/p/wordlist-downloads_29.html
- http://packetstormsecurity.org/Crackers/wordlists/
- http://0x80.org/wordlist/
- http://dictionary-thesaurus.com/wordlists.html
- http://www.outpost9.com/files/WordLists.html
- http://www.openwall.com/passwords/wordlists/
- http://dictionary-thesaurus.com/Wordlists.html
- http://en.wikipedia.org/wiki/Wikipedia_database#Where_do_I_get… & http://blog.sebastien.raveau.name/2009/03/cracking-passwords-with-wikipedia.html
- http://www.isdpodcast.com/resources/62k-common-passwords/
As mentioned at the start, whilst having gigabytes worth of wordlists may be good and all... having a personalised/specific/targeted wordlist is great. PaulDotCom (great show by the way), did just that a while back.
As the password has to be in the wordlist, and if it doesn't have the correct password you could try crunch (or L517 for windows) to generate your own. For a few good tutorials on how to use crunch, check here and here (I highly recommend ADayWithTape's blog).
As waiting for a mass of words to be tried takes some time - it could be sped up by 'pre-hashing'. For example this WPA-PSK is vulnerable, however WPA-PSK is 'Salted' (By using the SSID as the salt). This means that each pre-hashes table is only valid for THAT salt/SSID. This isn't going to turn into another 'How to crack WPA', as its already been done. It was just mentioned due to this and this could help speed up the process.
Instead of brute forcing your way in, by 'playing it smart', it could be possible to generate/discover the password instead. This works if the algorithm has a weakness, for example here, or if the system is poor, for example here. However, finding a weakness might take longer than trying a wordlist (or three!).
When compiling all of this, I came across this, Most 'professional password guessers' known:
- There is a 50 percent chance that a user's password will contain one or more vowels.
- If it contains a number, it will usually be a 1 or 2, and it will be at the end.
- If it contains a capital letter, it will be at the beginning, followed by a vowel.
- The average person has a working vocabulary of 50,000 to 150,000 words, and they are likely to be used in the password.
- Women are famous for using personal names in their passwords, and men opt for their hobbies.
- "Tigergolf" is not as unique as CEOs think.
- Even if you use a symbol, an attacker knows which are most likely to appear: ~, !, @, #, $, %, &, and ?.
When your password has to be 'least 8 characters long and include at least one capital' it doesn't mean: 'MickeyMinniePlutoHueyLouieDeweyDonaldGoofyLondon'. And for the people that made it this far down, here is a 'riddle' on the the subject of passwords.
I would like to thank 'connection' for a helping hand with the bash commands =).
~g0tmi1k
Nice and impressive lists. Good to see more and more people are building quality wordlists.
ReplyDeleteDiabloHorn
is the worldlist in the download links here are all cleaned up already ? or we need to do the same command u did ?
ReplyDeleteHello, g0tmi1k. Could you give me your email ? Yep, I have some questions about fake AP . i don't understand after fake AP success , how can i get password Wifi of Victim ?
ReplyDeleteCool stuff ;)
ReplyDelete@DiabloHorn
ReplyDeleteThanks for the thanks =)
Took a while and I leant from it. Hope it helps yourself out too =D
@alex
The download links on the left - is the original source which I downloaded from.
The download links on the right - is the cleaned & sorted version.
I only included the commands, so show to people what I did and/or if they want to use them on their own wordlists.
@tuanpekoe
Your comment is off topic - hence why it was removed.
If you wish to get in contact with me either leave a message in the topic's post (if there is one) else catch me on IRC (I'm on freenode, #backtrack-linux channel).
@s3my0n
Thanks for the thanks! =)
Damn great post! Ill download 18in1-wpa, add up to my filtered 16gb txt. Its filtered in a way duplicates and 8-25 long. We got to face it. If password longer than 20 u all think u have a change of guessing it? I wonder, will this wordlist have something I don't have:/
ReplyDeletety g0tmi1k. Appreciate your work. I have a question tho, altho i prefer to ask you irc i dont see you on.. I download the 18in1-wpa but i can't extract them.. Thanks in advance.
ReplyDeleteNice post g0tm1lk, and thanks for the plug and the kind words ;)
ReplyDeletevery nice article g0tm1lk !!
ReplyDeleteyour videos and paper are always impressing me , thanks a lot man !!!
S what is the best wordlist to download??? And something more these wordlist is for cracking WPA??? Sorry for my questions but i am new!!
ReplyDeleteAnd one more thing can i use these dictionaries with your script wiffy.sh for cracing wpa/wpa2??
ReplyDeleteNice Job Man
ReplyDeleteHow did you compress the files, 7z is telling me that it's unable to decompress them?
ReplyDeleteHi,
ReplyDeletehave the same problem with 18-in-1 file decompress.
My steps
lxsplit -j 18-in-1.7z.001 after that i do: p7zip -d 18-in-1.7z and i have this answer Error: Can not open file as archive .Maybe this file broken?
GREAAAT!
ReplyDelete@skalderis
ReplyDeleteThanks for the thanks =)
Regarding if passwords are longer than 20 - depends on how strong the password is (and your system)! Unless its "weak". It's (currently) not likely - tho Technology is getting better/quicker by the day.
As I don't know what your wordlist has got - I can't comment ;)
@junior08jr8
Im on IRC a fair bit. You can find me (when Im on), on irc.freenode.net #backtrack-linux.
Check that you have downloaded all the parts (A few people dont).
Check that all the parts have the same filesize (expect for the last one).
What happens when you try to extract them?
@TAPE
Thanks for the thanks!
And cheers for your blog. Its been a HUGE help to me. I've had it in my RSS feed as long as I can remember ;)
@katsumoto
Thanks for the thanks =)
Glad you like them
@KeyFr3ak
There isn't a "best". That was the point of this post.
I use a mixture of them. Start with a smaller one (as its quicker), then try bigger ones (as there is more chance of it working).
I did make a WPA edition of them all "18-in-1 [WPA Edition]".
@KeyFr3ak
Yep, you need to edit wiffy.sh to use the wordlist
@Ev0G33k
Thanks for the thanks =)
@99edb238-c7a2-11e0-aac8-000bcdca4d7a
All the commands are listed. I used: 7za a -t7z -mx9 -v200m stage4.7z stage4
What are you doing to de-compress them? This should work (if you were doing 18-in-1): 7z x 18-in-1.7z.001
Check that you have downloaded all the parts (A few people don't).
Check that all the parts have the same filesize (expect for the last one).
What happens when you try to extract them?
@phross
You don't need to use "lxsplit", which is why I think they are becoming damaged/broken! Try: 7z x 18-in-1.7z.001
@Saeed
Thanks for the thanks =)
Problem isn't resolved . Now i have another error message:
ReplyDeletephross@bt:/pentest/passwords/wordlists/18-in-1$ 7z x 18-in-1.7z.001
7-Zip 9.04 beta Copyright (c) 1999-2009 Igor Pavlov 2009-05-30
p7zip Version 9.04 (locale=en_US.UTF-8,Utf16=on,HugeFiles=on,4 CPUs)
Processing archive: 18-in-1.7z.001
Error: E_FAIL
Have someone ideas?
@phross
ReplyDeleteThe error, "Error: E_FAIL" means you have ran out of free disk space. Source: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=397763
Hey I was wondering if there is a way to set up wordlists (or Number lists as the case may be) for Quest Verizon and Xfinity routers. I know the companies already have set lengths of numbers which could be exploited. I was hopeing you could direct me to a website or wordlist which might exploit those characteristics.
ReplyDeleteThis comment has been removed by the author.
ReplyDeletetnx!
ReplyDeletei have downloaded WPA PSK WORDLIST 13 Final (13 GB) clean.lst.7z but what is the password for these files? 7zip is asking for it before extraction. thank you very much...
hello
ReplyDeletewell done good job keep it up-
i just have one Question please help help help.
how i am going2open the file 18-in-1_7wep..
after finishing downloading -i have backtrack5R1-what tolls should i use2open this file .
thanks in advance .
@Maniac Mac
ReplyDeleteIf you can find the format/patten they use, then you could use crunch to generate such a wordlist.
For a guide on using crunch: http://adaywithtape.blogspot.com/2011/05/creating-wordlists-with-crunch-v30.html
@nixblogs
There isn't a password. Did you use the links listed above? How are you trying to extract it?
@lovelife
Thanks for the thanks =)
To extract: "7za x [firstfile]", so to do the WPA collection...
7za x 18-in-1_wpa.7z.001
Don't forget to have 7z installed!
apt-cache search 7za && apt-get install p7zip
Excellent article! I found the explanations to be quite educating. The resources provided are extremely useful, BIG THANKS!
ReplyDelete@M
ReplyDeleteThanks for the thanks!
Glad you like it =)
Thx for this great article, im learning a lot from your blog, and since i was curious to try on my own the procedure to clean up a wordlist i followed the steps you wrote up, but when i try to remove the html tags using the commands you provided i get this error:
ReplyDeletesed: -e expression #1, char 401: cannot specify modifiers on empty regexp
bash: s///gI: No such file or directory
bash: s///gI: No such file or directory
bash: s/: No such file or directory
any clue or advice?
This comment has been removed by a blog administrator.
ReplyDelete@y0m0
ReplyDeleteThanks - Im glad it's helping you
Could you paste the whole command you're trying?
@abbott543
Your post has been removed due to it being:
1.) Its offtopic.
2.) It needs more detail/explaining
I found this blog 2 weeks ago and I'm really impressed! Could anyone re-upload the WordList Collection - Part 5 (WordList Collection clean.lst.7z.005)
ReplyDeleteI tried countless times through different connections to get it to download but it just won't...
@phlppnc
ReplyDeleteThanks! Glad you like it.
I haven't kept the compressed files after uploading them to mediafire (Just haven't got the HDD space).
I've check the link this morning - its working for me now =)
I was using this commands:
ReplyDeleteroot@y0m0~#htmlTags="a|b|big|blockquote|body|br|center|code|del|div|em|font|h[1-9]|head|hr|html|i|img|ins|item|li|ol|option|p|pre|s|small|span|strong|sub|sup|table|td|th|title|tr|tt|u|ul"
root@y0m0~#cat stage2 | sed -r "s/<[^>]*>//g;s/^\w.*=\"\w.*\">//;s/^($htmlTags)>//I;s/<\/*($htmlTags)$//I;s/&*/&/gI;s/"/\"/gI;s/'/'/gI;s/'/'/gI;s/]*>//g;s/^\w.*=\"\w.*\">//;s/^($htmlTags)>//I;s/<\/*($htmlTags)$//I;s/&*/&/gI;s/"/\"/gI;s/'/'/gI;s/'/'/gI;s/</ stage3 && wc -l stage3 && rm stage2
but the result it's the same.
Obviously i was using them on the same directory of the wordlist
i was trying to use them aswell as one single huge command.
ReplyDeletesorry for the double post
@y0m0
ReplyDeleteI wonder if blogger converted it "wrongly" when I pasted it in.
I will have to dig around for the commands I used.
you are awesome gotmilk!
ReplyDeleteg0tmi1k you're a phenomenon, you've left me speechless with dictionaries.
ReplyDeleteOnly,tell you that this file "WPA PSK WORDLIST 3 Final (13 GB) clean.lst.7z.005" doesn't download.
Thanks for your great work!
@gunner4life
ReplyDeleteThanks for the thanks =)
@YoNi
Thanks for the thanks. I'm glad you like it all. =)
I've just re-tried the link now and its working for me.
This comment has been removed by the author.
ReplyDelete@g0tmi1k Thanks for posting my 3 WPA wordlist on yout blog "WPA-PSK WORDLIST 2, 3 Final" However sory thy was not 100% clean but i did what i could and i hoped that it helped you guys out.
ReplyDeleteI was wondering if dos2unix would of cleaned up purehates wordlist...
ReplyDelete@MaDgReYHaTtEr
ReplyDeleteThanks for taking the time to create them!
They are very popular, keep up the good work! =)
Btw, there is nothing 100%, there are still mistakes in the ones which I did ;)
@lost in brampton
It would clean up bits of it, not completely.
The issue with pure_hates wordlists, is that fact its become corrupt....
This comment has been removed by a blog administrator.
ReplyDelete@கிருஷ்ணா
ReplyDeleteIve deleted your post as it is completely off topic & to save your inbox as spam (as you posted your email address publicly!)
This comment has been removed by a blog administrator.
ReplyDelete@கிருஷ்ணா
ReplyDeleteI removed your post again, for the same reasons.
This comment has been removed by a blog administrator.
ReplyDelete@கிருஷ்ணா
ReplyDeleteI keep removing your posts as the are off topic.
This comment has been removed by a blog administrator.
ReplyDelete@darkey
ReplyDeleteAlso removed due to being offtopic.
can u give ur email address? i have sum questions. always u removed my posts. why? i don't understand .may i know what is the reason?
ReplyDelete@darkey
ReplyDeleteI don't publicly give out my email address (Trying to keep the spam count as low as possible).
I keep removing your posts, as I said before due to the questions you are asking are not related to this blog post!
@darkey
ReplyDeleteIf you wish to speak to me, you can find me on IRC (freenode).
brialliant job !
ReplyDeleteAbsolutely useful...you're great !!
@Nico
ReplyDeleteThanks for feedback! I'm glad you like it so much =)
g0tmi1k :::: i need 12 chracters exp ( 40I3WQ893RCO ) password list wher i download??? please give me the link
ReplyDeleteJust use crunch in backtrack to make any lenth chrs you like
Delete@darkey
ReplyDeleteUse crunch.
Guide: http://adaywithtape.blogspot.com/2011/05/creating-wordlists-with-crunch-v30.html
hi g0tmi1k :
ReplyDeletei have problem in this file WPA PSK WORDLIST 3 Final (13 GB) clean.lst i downloaded it but when i use it in aircrack-ng tool can't read it idon't know y?
i hope to help me please ... thanks
Aircrack-ng only supports wordlist of 2Gb or under. I would use pyrit over aircrack-ng as it has unlimited file support and GPU boost in speed
Deletelot of thanks g0tmi1k
ReplyDelete@Ameen Bkatheer
ReplyDeleteHave you extracted it?
Are you using x64 Backtrack?
@darkey
Hope it does the trick.
This comment has been removed by a blog administrator.
ReplyDelete@Ameen Bkatheer
ReplyDeleteYour post has been removed as its completely off topic
Gr8t blog gr8t wordlists just asking whether these wordlists can be used with hydra.
ReplyDeleteg0tmi1k
ReplyDeletedo u have any alphanumeric mix passwordlist??? Exp: A-Z 0-9
please give to the link (g0tmi1k)
g0tmi1k, what a great job you did ! and thank you so much for sharing your knowledge with all of us
ReplyDeleteMay I ask you which kind of tablesheet (I mean the name of the program) you used to compute the statistic results ?
Many thanks in advance
@Drake
ReplyDeletethanks for the thanks. Yes. They can
@Darkey
No, I dont.
But could be generated with crunch:
http://adaywithtape.blogspot.com/2011/05/creating-wordlists-with-crunch-v30.html
@pasqwal
Thanks for the thanks.
Excel - Microsoft Office 2010
How about Russian speaking countries which use Cyrillic? Which dictionary better suits their needs?
ReplyDeletebtw, I'm having hard times downloading 17-in-1 and 18-in-1. The green box simply does not open.
@dunkanec
ReplyDeleteI have no idea, sorry!
Sorry to hear that mediafire is acting up. Personally I haven't had any issues with it.
Im currently looking into a different solution for hosting everything!
thanks for your work . it's very good .... i like your videos .....
ReplyDeleteGreat blog, thank you.
ReplyDeleteI downloaded the wpa wordlists. I just wanted to ask you in what sizes should I split the 13GB file in order to use it with aircrack and what is the best way to split it in terms of functionality. I read that it may take days to go through just one 1/2GB file. I have the new Backtrack 5 R2 64 on VMware (Mac i7)
Great post, can't tell you how much it helps! Only problem I have is when I run command:
ReplyDeletecat stage2 | sed -r "s/<[^>]*>//g;s/^\w.*=\"\w.*\">//;s/^($htmlTags)>//I;s/<\/*($htmlTags)$//I;s/&*/&/gI;s/"/\"/gI;s/'/'/gI;s/'/'/gI;s/</ stage3 && wc -l stage3 && rm stage2
I get this error
sed: -e expression #1, char 401: cannot specify modifiers on empty regexp
bash: s///gI: No such file or directory
bash: s///gI: No such file or directory
bash: s/: No such file or directory
Am I doing something wrong?
is it just me or a few of the wordlists on mediafire are bad now for some reason ?
ReplyDeletehttp://www.mediafire.com/download.php?q1ew41eyj2jj15x - for example this one is bad, can't download.
DeleteI wrote about that to mediafire, but no answer(
BTW, g0tmi1k, I've got about 100Gb on my server that I can give for hosting wordlists and stuff, so tell me if you are interested)
The download link for 18-in-1_wpa.7z.003 for WPA Ed. isn't working. I have all of them except that one.
ReplyDeleteGreat blog by the way..
Hello, first it is a great post.
ReplyDeleteI have extracted it using 7z x 18-in-1.7z.001 and it went fine and I got the file named 18-in-1.7z
I am trying to extract it p7zip -d 18-in-1.7z but it says:
Processing archive: 18-in-1.7z
Error: Can not open file as archive
Any idea how to fix it or do i miss something here
Hello : )
ReplyDeleteThank you for such great resources.
Unfortunately I'm having some trouble. I downloaded all 24 parts of the 18-in-1 compiled them using 7z and now I have one file but I can't figure out for the life of me how to actually use them in Backtrack. I thought that the file needed to have the .lst extension. I use BT5 as a live cd and I have the 18-in-1 file on a portable HD. I hope that was enough info and thanks in advance for any help!
Hi, Thanks for the upload...
ReplyDeletei've downloaded the 18in1 7z files.. all are 204,800kb except #24 which is 16,467kb... but when de-compressing them, I get the file is broken after 15gb of decompressing... anyway to find which is the broken file?
This is a great compilation of lists. Very impressive.
ReplyDeleteI've used the WPA lists frequently and have given great results.
Thanks so much!
Wow g0tmi1k. Impressive. And the fact you even made the WPA edition is great. This would be awesome for pyrit. Think I might build a pyrit database with the 18-in-1 WPA Edition wordlist soon.
ReplyDeleteThank you for this great work!!!
ReplyDeleteI was looking for such wordlist resource :D
This is a very useful post. Your blog is very enjoyable, I like to read. I wrote a similar entry about the password in my blog. (nethekk blogspot) Most people when forced to use passwords use like this: Alice19721024 a name and date of birth or any other number that they can be memorized. (dates, order numbers, zip codes, etc.) It is advisable to use two lists: one with simple words, names, locations, animals, nicknames, etc. the other with meaningful numbers. The combination of both for quite a bit "complicated" to decrypt passwords that users most frequently used.
ReplyDeleteWell done, congratulations!
Hey Gotmilk, I have a question :)
ReplyDeleteu used a lot of commands to sort and clean all those words...
Can I achieve the same task just by using linux "sort" command to merge, sort and remove duplicated in bash shell?
Will sort be accurate enough as your commands?
Thanks again!
hello mate nice collection thx a lot
ReplyDeletei have question:
i need worlist that have only numbers (between 1-16 charactaire) is it there?
what is the best wordlist to download??? And something more these wordlist is for cracking WPA??? Sorry for my questions but i am new!!
Delete-----------------------------
cheap nba jerseys
wow really nice collection of wordlist. thanks for that.
ReplyDeletei have a question:
can't we use compressed dictionary without decompressing its file?
sorry for bad english
How did you compress the files, 7z is telling me that it's unable to decompress them?
ReplyDeletethank you for your share!
-------------------
isabel marant sneakers
root@root:~# aircrack-ng dan-01.cap -w /media/disk/18-in-1_wpa.lst mon0
ReplyDeleteEmpty dictionary
Empty dictionary
Opening dan-01.cap
Opening mon0
open failed: No such file or directory
Read 208873 packets.
# BSSID ESSID Encryption
1
34:08:xx:XX:XX:xx WPA (1 handshake)
Choosing first network
as target.
Opening dan-01.cap
Opening mon0
open failed: No such file or directory
Quitting
aircrack-ng...
???why my aircrack keep saying no such file or dictionary?? im using bt5
I've tried to download and extract the 18-in-1 list as well. There seems to be a problem with mediafire causing relatively frequent bit errors in the downloaded files. Since 7z has no error correction at all and only tells that there is a "Data Error" without giving any glue which of the 24 files are corrupted, I didn't manage to extract the complete file. Can anyone who has successfully downloaded and extracted the 18-in-1 list please post the md5 sums of all the 24 parts and the extracted 18-in-1.lst file?
ReplyDeleteIt would also be very helpful if someone could create a torrent and post a magnet link here. Filehosters frequently appear and disappear from the market (especially after the megaupload takedown) and make downloading quiet uncomfortable for free users e.g. by using captchas. A torrent of the 18-in-1 list would probably stay well seeded for years and could provide a reliable and comfortable way of downloading it. Since bittorrent has its own checksums, the missing error correction of 7z shouldn't be a problem any more when downloading the archive files from a torrent
thanks alot g0tm1lk
ReplyDeleteI am from yemen and most wordlist names like
mohammed123, Ahmed123 names arabic .....etc
please whats the usfull *.lst is can be used
please
and please can you give me the probability of the password only contints number from 0 to 12
ReplyDeleteplease
sorry mu english is poor
becuse my langage is arabic
wow really nice collection of wordlist. thanks for that.
ReplyDeletei have a question:
can't we use compressed dictionary without decompressing its file?
-------------------------------------
cheap basketball shoes
Someone know passowrd to archive 18-in-1 [WPA Edition]?
ReplyDeleteGood job!
ReplyDeleteI'll contribute with Bulgarian word-list.
http://anrieff.net/abs/i/bgwords.txt
Cheers!
Live-in Space offers its customers a complete suite of Plug and play office space for rent in BangaloreSolutions including buying, Lease and sale of property with an approach that is multi-disciplinary, well thought-out and completely integrated. Accredited with an ISO 9001-2000 certification, Live-in Space is an eco-friendly firm who has effectively delivered numerous commercial projects by providing professional yet personalized services to our clients. Office space for rent
ReplyDeleteI am impressed with the effort you have so obviously put into this content. I am also impressed with your point of view on this topic, especially since you have made your points so clear.
ReplyDeletejanitorial services Mississauga
wordlist-final does not exist anymore can you re-upload it please ?
ReplyDeleteThank you in Advance ^^
Dear Gotmilk,
ReplyDeleteYou have done a wonderful job here, i presume you have really spent some good deal of time doing all that, and has been very nice of you to publish all that.
I have just tried to download one of the files, 18-1n-1 but it says that your account has been suspended. Therefor i can not get the file.
I tried some of the other files and i get the same note. It would be kind of you if, you could do something about it, so your work could be shared.
Thank you.
thanks for share...
ReplyDeleteYo dude,
ReplyDeletesed: -e expression #1, char 401: cannot specify modifiers on empty regexp
bash: s///gI: No such file or directory
bash: s///gI: No such file or directory
bash: s/: No such file or directory
How do we fix this error? I see 2 people have posted about this but theres been no reply on how to fix
Great job with the wordlists. Going to help a lot. Only thing is the links are not working. Help pl0x
ReplyDeleteI downloaded 18in1 and 18in1[WPA Edition] !
ReplyDeleteIf I can one day, I will upload to mega.co.nz and post here download links !
Awesome wordlist compilation ! THanks g0tm1lk !
are the wordlists present on this blog include U.S phone numbers or U.S related passwords or are the wordlists general? thanks in advance
ReplyDelete