Skip main navigation

New offer! Get 30% off your first 2 months of Unlimited Monthly. Start your subscription for just £35.99 £24.99. New subscribers only T&Cs apply

Find out more

Crack a Password Using a Dictionary Attack

In this video, Zanidd will ill demonstrate how to use a word list to crack a password. We will look at the rockyou.txt.gz.
Hello, world. I’m Zanidd and welcome back to the Hands on Password Cracking and Security course on Code Red. In this section, we’re going to take a look at dictionary attacks. In this video, we’re going to use a word list to crack some passwords. So first, how do we use a word list? In this course, we are going to use the rockyou.txt word list which contains a bunch of commonly used passwords.
So in order to do this, start up your Kali machine and open a terminal.
Then change the directory into usr/share/wordlists.
Here you will have a bunch of directories and word lists, but we are interested in the rockyou.txt.
As you can see by the file ending, the rockyou.txt, is not in a text format. As you can see by the file ending, it’s not a txt file, it’s a gzip file. So, we first want to unpack this file.
You can unzip this file by running sudo gunzip rockyou.txt.gz.
After you’ve unzipped this file, you’ll find the text file in this directory.
Now, if we take a look at this file, we can see that it contains a bunch of different passwords that are commonly used, like abc123, nicole, daniel, babygirl, lovely, iloveu, qwerty, and other words. We will be using this list of words to crack some passwords.
You may remember the command from the second lesson in the section, which is used to use in word list withdrawals and the password file. We just have to replace the password list file with wordlist=/usr/sh are/wordlists/rockyou.txt.
And this is how we will use a word list.
Now, this exercise wouldn’t be complete if it didn’t have some passwords, so let’s take a look at where to find them and how to correct them.
The passwords to crack can be found in the repository in the dictionary folder.
If you go into the dictionary folder, you will find four password files. Now, these are the exact same passwords that we already cracked with the brute force attacks and some rules. And now, since all those passwords were part of the rockyou.txt, we can use the rockyou.txt file as a word list to crack these four passwords. Try to perform a dictionary attack on all those four passwords, and maybe also try to remember how long it took for the brute force attacks and how long it took for the dictionary attack so you have a little comparison on what performs better in what attack.
I hope you will have some fun cracking those passwords, and I will see you in the next lesson where we are going to take a look how to further use rules to crack passwords using dictionary attacks.

This video will demonstrate how to use a word list to crack a password.

We will look at the rockyou.txt.gz. As you can see from the file ending, it is not a text file. Our first step will be to unpack the file, and access the text file. This will show us a list of commonly used passwords, which we will use to crack passwords.

Over to you: Using a dictionary attack, crack the four passwords presented in the video. Compare how long it took you to crack the passwords when using a dictionary attack compared to when you used a brute force attack. Share your experience with your fellow learners in the Comments section below.

This article is from the free online

Advanced Cyber Security Training: Hands-On Password Attacks

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now