Where is Rockyou Location in Kali Linux, and what is it used for?
I want to create stories in a simple way. I believe the reader of this story already has Kali Linux installed in their system or virtual machine and can’t figure out where it is the Rockyou location. They know that Kali Linux already have Rockyou existed in their OS, but the common question listed below
- Where is the place
rockyou.txt? - Why is the file .gz and how to use it?
- Is there any alternative from
rockyou.txt? - What is Rockyou used for?
Let’s answer them one by one.
Question one: Where is the place rockyou.txt?
You can find a file using their name in Kali Linux with this command.
locate rockyou.txtThe output will be like this.
Well, question one is answered, it existed inside /usr/share/wordlists/ directory but mostly the answer will lead to the next question about why the file has been named rockyou.txt.gz, not rockyou.txt
Question two: Why is the file .gz and how to use it?
Rockyou is a wordlists that contains over 14 million password lists that leaked in a data breach. It is commonly used by a hacker to crack a file or password. The reason why it saved as .txt.gz in Kali Linux is that it compressed the size of the file.
To use this wordlist by default, we should extract it first using gzip tools. It could be done with this command. The location is based on the first question.
sudo gzip -d /usr/share/wordlists/rockyou.txt.gz
After extracting, here is the comparison based on their size.
Before
After
The size is different between 53.357.329 bit and 139.921.507 bit. Two times bigger, right? Compressing the Rockyou file could save the size in kali linux installation.
Question 3: Is there any alternative from rockyou.txt?
Many security practitioners already help us do cracking jobs. One of them is Daniel Miessler; he already created a repo called SecLists. It’s a community repository (In April 2023, there are 236 contributors) that already collects cracked databases worldwide, not just a password, but also username, pattern, fuzzing, payloads, web shells, etc.
There are two ways of using this dataset. The first step is simplest; you can download all datasets by clicking Download ZIP like the image below.
Or, if you prefer using the command line, use this command.
git clone https://github.com/danielmiessler/SecListsAfter that, you can choose which file you will use, but it took almost 500 MB to download completedly.
The second way is if you want only to use a file to crack passwords. Please find the file you wish to use and open it. For example, I want to use the file 500-worst-passwords.txt located in SecLists/Passwords/500-worst-passwords.txt.
On the image above, click the Raw button in the top right; it will open a new page. On this page, click CTRL+S on your keyboard.
Finally, please choose the location you want to save it locally.
Question four: What is Rockyou used for?
Many tools could be used to use Rockyou; it’s based on what you want to do with this tool that matters. I will not tell the detail here because this story focused on extracting Rockyou, so it is ready to be used.
Think about a gun, Rockyou is the bullet, and the tool is the gun. The weapon can be a hydra, John the Ripper, Metasploit, and many others if you list files in /usr/share/wordlists like below.
You can see several files here, such as dirb, dirbuster, fasttrack.txt, etc., that were the bullet and back to the gun concept. Every shot has specialties and will best suites the exact gun. Choose your tools and wordlists wisely because it will improve your efficiency in hacking.
Thanks for reading.
