Word Lists

Keep a personal "Wins" list during each engagement.

Password Spraying Tips and Tricks

Examine the password policy

#~ cme smb 10.0.0.250 -u foobar -p 'Fall2020' --pass-pol

Depending on the domain you will likely retrieve the password policy even without having valid user credentials.

ProbablePasswordList V2.0

The Probable Password List is a good place to start. The majority of passwords which are "crackable" will be cracked will be cracked with the wordlists included within.

GitHub - berzerk0/Probable-Wordlists: Version 2 is live! Wordlists sorted by probability originally created for password generation and testing - make sure your passwords aren't popular!GitHub

RockYou2021 --- 8.4 Billion Entries

Use this one if either money or time is not a factor. This list will take some cycles, as a comparison the traditional rockyou.txt contains 14.3 million entries making RockYou2021 almost 1000 times bigger.

This combines all the following passwords lists:
https://crackstation.net/crackstation-wordlist-password-cracking-dictionary.htm
https://www.hack3r.com/forum-topic/wikipedia-wordlist
https://github.com/danielmiessler/SecLists/tree/master/Passwords
https://github.com/berzerk0/Probable-Wordlists
https://weakpass.com/download
password from 3.2 Billion COMB list from early this year. thanks to whoever created it.

GitHub - ohmybahgosh/RockYou2021.txt: RockYou2021.txt is a MASSIVE WORDLIST compiled of various other wordlists. RockYou2021.txt DOES NOT CONTAIN USER:PASS logins!GitHub

Here's my custom one that has only the passwords in the rockyou dictionary that match standard password complexity requirements for active directory environments.

GitHub - ericsson-james/rockyou_active_directory: A subset of the rockyou.txt wordlist containing only passwords likely to be seen within active directory environments.GitHub

Abbreviations

PreviousNTLM and Net-NTLMv2 Nextmimikatz

Last updated 2 years ago