Wordlists

$WORDLISTS A Wordlist is a file containing a list of passwords to be tested. Most of the time, the file is a .txt format or simple text format. For KisMAC, the file MUST be .txt with an empty line at the end. - The empty line is mandatory - For WORDLIST DIRECT DOWNLOAD please refer HERE and here for the Hardware compatibility If you are looking for a very good wordlist , Go here directly (Refined Attack Wordlist. Only real passwords used , Sorted Statistically ) The difference is in the Quality ... ;-) Passwords in dictionary file are tried “Verbatim” or “as is” The string “iloveyou” will be tried exactly as is and not as “i love you” or “ilove you” If you believe the string is of interest, then you must include all derivations, including upper and lower characters Wordlists can reach mind boggling sizes, especially if you run randomized characters or build your wordlists with wordlist generators. You absolutely need to grasp the following concepts before you rush to any wordlists or you’ll be just wasting your time: Concept one: Password complexity or Entropy Concept two: Time Needed Concept three: Energy Needed Example: A password composed only of numbers has 10 possibilities per character: 0,1,2,3..,9 A ONE character long password, made only of numbers would be 10 possibilities max. If we move to 2 ch long, we then have 00,01,02.....98,99 as possibilities, or a 2^10 We then move to from 10 to 100. 3 ch = 1,000. 4 ch = 10,000 etc etc .... The minimum for WPA is 8 ch long or 8^10 = 100,000,000 possibilities Where the problem starts is when you include letters and signs, and start to mix them altogether Number 0-9 10 possible combination per character Lower Case Alphabet a-z 26 Lower and Upper Alphabet a-Z 52 Low & Up + Numbers a-Z-0-9 62 Low & Up + Num+ Shift a-Z-0-9-@ 74 (Shift Key) Standard ASCII a-Z-0-@-”-> 94 Printable Characters a-Z-0@$:”{?é∫ 127 Full ASCII a-Z-0-@- 256 (n-1 Ch lenght ^ 256) It does not sound like much, but the possibilities generated by a 10 characters long password made of printable characters will reach 10^127 possibilities. ( I would like to remind you that KisMAC is testing 150 passwords per second: ) Time Needed: IF you run 150 psw/ sec AND are lucky enough to bruteforce the password in half the max time theoretically needed, you’ll go for up to: 115,297,864,466 years The age of the universe is estimated to 13.75 billion years. Hence, you’ll need up to 8.3 times more. Don’t believe it? Do the math, and just for the geek of it, try to calculate the cost of electricity. Do it, just for the fun of it.... What about 20 Million Dollars? sounds too much, huh? Energy Needed: Your computer consume electricity and produces heat. So if you run it for the time needed you’ll produce enough BTU to create a heat wave the size of Texas and your electricity consumption will be higher that what the world consume in one year. Good luck with bill. All of that to let you understand that running any wordlist , or any “random” generated wordlist is, in my opinion, just a pure waste of your time and electricity. What you -need- is: Some luck & patience Some patience & some luck A lot of CPU time Few good lists that have previously proved their value If you are in England, don’t try Russian wordlist first, try the english ones first Use the ones declined from password lists (Hotmail heist, Rockyou Grab, etc ) Download existing ones and concatenate them (Stitch together) using Excel or other programs Generate your own using Wordlists Generators (creates VERY large files) OTHER TROUBLESHOOTING & HELP$ shapeimage_1_link_0

Wordlist, Dictionary Files