Anyone used this new Rockyou leak hype wordlist?
#1
Question 
Hello, (new member here).

I've only recently noticed this crazy surge in news sites covering this Rockyou data breach password list? From what I have gathered it's a COMB list, right? I have a University project and wanted to demonstrate (in a small portion) to use the biggest currently available wordlist for cracking intranet site logins with payroll numbers etc.

I have so far failed to understand the true size of this .txt file? There are a few sizes showing it to be 100 GB some say it's around circa 94 GB and one Rockyou list I have downloaded is only 5 GB (4.19 before extraction). They do look good on the outside by giving it just a random scroll and CTRL+F for words but my gut feeling was a bit off.

I'm not sure if it's the one everyone is talking about, apparently, it was leaked on some file-sharing size by the original leaker and since it has kinda disappeared. Has anyone got their hands on the leaked .txt file yet and tried to do some good password cracking? Just want to make sure It is worth to download and try a worthy list with some data that makes sense e.g. Wikipedia words common usernames etc before wasting compute timeĀ Sad
Reply
#2
Just anyone does ask. Yes, I will be using Hashcat with this. Thank you
Reply
#3
Rockyou2021 was just a mess of random other wordlists mixed together. It's not worth grabbing as you can just grab the other wordlists they used to make it, as well as most of the "leaked" passwords or whatever else they threw in there.

In general, you do not want big wordlists for password cracking. They are often full of junk and bigger != better. It's far more efficient/effective to build a list that makes sense for your specific use case. Especially if you are doing a bruteforce against a networked website, you will never be able to complete a run with a wordlist that's 100gb, and it doesn't make any sense to try. Grab something much smaller and made of real common passwords.
Reply
#4
(07-21-2021, 11:34 PM)Chick3nman Wrote: Rockyou2021 was just a mess of random other wordlists mixed together. It's not worth grabbing as you can just grab the other wordlists they used to make it, as well as most of the "leaked" passwords or whatever else they threw in there.

In general, you do not want big wordlists for password cracking. They are often full of junk and bigger != better. It's far more efficient/effective to build a list that makes sense for your specific use case. Especially if you are doing a bruteforce against a networked website, you will never be able to complete a run with a wordlist that's 100gb, and it doesn't make any sense to try. Grab something much smaller and made of real common passwords.

Hiya, Ohhh now it makes sense lol, I guess now it was just the usual news sites trying to hype it up as a major leak with millions of passwords >.<. Thanks for your tips they are very helpful and make much more sense than what I had in mind. I'll try to look for something close to my use case rather than just throwing a huge list that isn't useful at all Smile
Reply