Hello again, fellow hackers! earlier, i shared a FTP repository where you could download A LOT of wordlists from. but for those of you who never used FTP (or FTP in linux), this tutorial is ment for you!
the File Transfer Protocol or FTP for short, is a client-server protocol based on TCP/IP that is made to transfer files from one end to another. the unique thing about FTP is that it uses 2 connections, the "control connection", which is usually on port 21, and handles all the commands send to the server (cd, ls, get...), and then there is the "data connection", which runs on a high port, and actually "transfers" the files.
our first step is ofcourse to fire up Kali. once Kali is up and running, open a terminal and enter the following command:
this should produce the following output, and ask for a username and password.
we will use the default set of credentials, which is "Anonymous". so enter "Anonymous for both username and password. then you should get this output:
as you can see, our root@kali changed to ftp>, which means we have successfully established a connection to the remote FTP server!
first of all, we need to know where our wordlists are located. to view what is placed in the current directory, we can use the "ls" command
then we should get the following:
we can get much info about the items in this directory. like how large they are, their permissions, wether they are directories or not (in the beginning of the permissions listing, there is a "d", which means it's a directory) and the date they were added.
i know the wordlists are stored at /pub/wordlists, so let's navigate there using cd.
once we are there, let's do a directory listing again:
now we have this:
we can download all the wordlists at once if we want to, (all.gz), but for now, we will just download the wordlist of a single language, so go ahead and enter this command:
the list of languages is quite large. for the sake of it, i will download a German directory.
let's do another directory listing.
now, we see there are 2 directories. the "1-small" and the "2-large" directory. for the sake of this tutorial, i will download a small wordlist.
when we do another directory listing, we see there are 2 files, lower.gz and cap.gz. lower.gz is the wordlist with lower case words, the cap.gz is the one with capital letters.
for the sake of this tutorial, we will download the cap.gz wordlist. to do this, simply enter this command:
now you will be prompted with (remote-file). this is the file we want to download. simply enter cap.gz
then you will be prompted with (local-file). this is the name you want to give the file once it is transfered. you can name this whatever you want, but i named mine "German.gz" (the .gz at the end IS IMPORTANT).
now, simply logout by typing exit.
we already downloaded the wordlist, but it is still compressed. to decompress the gzip file, simply type this in your terminal:
gzip -d german.gz
now you can open the uncompressed file with a text editor, and you can now clearly see we have a new wordlist with all german words in it!
this repository is really handy if the rockyou wordlist was ineffective in your attack. it is especially useful if your target isn't English.
that's it for now, folks! i hope you enjoyed the article! if you have any problems or questions, feel free to comment below or PM me!