RockYou, also known as RockYou2021 is a password dictionary list that helps to perform different kinds of password-breaking attacks. It is a collection of the most used and potential weak logins collected from sources like Gmail, LinkedIn, Facebook, and Twitter. Now you can use the RockYou.txt download to try better combinations and have much better success in cracking passwords.
Different cracking tools are used in the dictionary attack method, in such a case you shall need a word list. By default offensive security has added many dictionaries in Kali Linux; this is one of the biggest dictionaries with over 8.4 billion unique credentials.
What is Rockyou Password List
At first, it was added in the backtrack, and later on, it was added in Kali Linux 1. This is the first version that was launched back in 2013.
We have eyes on Kali Linux from born of it, using this is too awesome. You can make your very own dictionary during a cracking attack.
Use crunch and cwel to create a wonderful dictionary but if you are a newbie and just need to test tools or practice the tool then this one is for you.
Where is the Rockyou Wordlist located originally?
Trust us when we say this, you cannot remember its location when you forget it.
Let’s give you a direction to find the location all by yourself when you forget it.
To know the location of this use the following command:
#locate rockyou #Find ./ name - rockyou
Have you noticed that the RockYou file has .gz extension of the file, this is not a normal file this is a zip file either you can see content from this or use it.
The zip file is not useful anymore, therefore you need to extract or unzip by the following commands:
#go to: /usr/share/wordlist/ #now run: gzip -d rockyou.txt.gz
RockYou2021 Breach: Biggest Data Breach of Passwords Ever
The largest password collection has been leaked on a popular hacker forum. A forum user has posted a big 100GB TXT file which carries around 8.4 billion entries of passcodes which are assumed to be combined from previous data leaks and breaches, according to the news reports.
- 6-20 characters long.
- Have non-ASCII characters.
- White spaces are removed.
The same user claims that compilation carries around 82 billion combinations, but after running our own tests the actual number turned out to be 10 times lower at 8,000,000,000 unique entries. It is also said to contain various usernames and passwords of network routers and switches too.
The forum user has dubbed the compilation as RockYou2021, presumably in reference to the infamous RockYou data breach which occurred back in 2009 when the threat actors hacked their way into the social application site’s servers and got their hands on more than 32 million user details stored in the form of plain text.
With a collection that exceeds its 12-year-old namesake by more than 262 times; a leak comparable with Compilation of Many Breaches, it is the biggest breach compilation. It has around 3.2 billion passcodes from different other leaked databases, are included on this which have been amassed by the person behind this collection over many years.
Keeping in mind that only 4.7 billion people are online, number-wise this compilation includes passwords of the whole world online population around two times over. For this reason, users are suggested to check if their passcodes are included in the leak or not.
Potential Impact of this wordlist breach
By combining around 8.4 billion variations with other breach compilations which carry usernames and email addresses, the threat actors can use this collection to mount the dictionary and spraying attacks against untold numbers of online accounts.
As most people reuse their passcodes against different applications and sites, a number of accounts affected by credential stuffing and spraying attacks in wake of such leak can reach many.
In short words, it is quite dangerous and serious.
RockYou Previous Data Breach
Back in 2009, the company experienced a data breach resulting in the exposure of more than 32 million user accounts. It used encrypted data in order to store user data including in plaintext for its services as well as passcodes to connected accounts at partner sites including FB, Myspace, and web email services. It also emails the password unencrypted to the user doing account recovery.
They also do not allow using unique characters in passwords. The security thefts used a 10-year-old SQL vulnerability to have access to the database. The company took some days to notify users after the happening, and incorrectly reported that the breach has only affected older apps when in reality it affected all such users.
The full list of passcodes exposed as a result of a full breach there in Kali Linux and has been since 2013. Due to easy access and comprehensive length, it is used commonly in dictionary attacks.
Tip for Staying safe from Password Breaches
If you suspect that your information has become a part of this collection then we suggested that you follow the steps below to secure data and avoid potential harm from the threat actors:
- Change passwords across online accounts if your data has been compromised. You can generate complex passcodes with a strong generator or you can also use a manager.
- Enable 2FA which is two-factor authentication on all online accounts.
- You need to watch out for all incoming spam emails, unsolicited messages, and phishing messages. Make sure to not click on any that seems to be suspicious including emails and texts from senders that you do not recognize.
- Do not try to use such text files in password cracking tools.
Rockyou.txt (RockYou2021) Wordlist Download
Password lists are like the golden key to the treasure chest you want to open. There are millions of combinations available in them that you can use with tools like Brutus cracker. This article allows you to get your hands on the RockYou2021.txt download which is the latest Rockyou password list leaked in a breach online. Do not forget to unzip it at the end.
Rockyou size: 100 GB (Default).
File format: .txt and .gz