Examples for attacking

• System-Setup
• Password-lists
  • rockyou
  • adobe_top100_pass.txt
  • top x Common-Credentials

System-Setup

$ sudo msfdb init
$ gunzip /usr/share/wordlists/rockyou.txt.gz

Password-lists

You can find many password lists in /usr/share/wordlists under kali-linux.

rockyou

The rockyou password-list is per default available on kali-linux under /usr/share/wordlists/rockyou.txt.gz. It’s compressed because it contains thousands of passwords and has an uncompressed size of way over 100MB. Run gunzip /usr/share/wordlists/rockyou.txt.gz once to make the normal/text version available.

If you are using another distro you can download rockyou here

adobe_top100_pass.txt

/usr/share/wordlists/metasploit/adobe_top100_pass.txt contains a good selection of common passwords.

top x Common-Credentials

SecLists Common-Credentials repository contains top-x-common-passwords files for different occasions.

here are some (but not all)

• top-20-common-SSH-passwords.txt
• 500-worst-passwords.txt
• four-digit-pin-codes-sorted-by-frequency-withcount.csv
• 10-million-password-list-top-100.txt
• 10-million-password-list-top-10000.txt
• 10-million-password-list-top-1000000.txt

Table of contents

• SSH-Bruteforce
• Slow Loris
• Tomcat-Bruteforce