How To: Get New Wordlists in Kali Using FTP

Get New Wordlists in Kali Using FTP

How to Get New Wordlists in Kali Using FTP

Hello again, fellow hackers! earlier, i shared a FTP repository where you could download A LOT of wordlists from. but for those of you who never used FTP (or FTP in linux), this tutorial is ment for you!

What Is FTP?

the File Transfer Protocol or FTP for short, is a client-server protocol based on TCP/IP that is made to transfer files from one end to another. the unique thing about FTP is that it uses 2 connections, the "control connection", which is usually on port 21, and handles all the commands send to the server (cd, ls, get...), and then there is the "data connection", which runs on a high port, and actually "transfers" the files.

Image via codeproject.com

Step 1: Fire Up Kali and Connect to the FTP Server

our first step is ofcourse to fire up Kali. once Kali is up and running, open a terminal and enter the following command:

ftp download.openwall.net

this should produce the following output, and ask for a username and password.

we will use the default set of credentials, which is "Anonymous". so enter "Anonymous for both username and password. then you should get this output:

as you can see, our root@kali changed to ftp>, which means we have successfully established a connection to the remote FTP server!

Step 2: Navigating in an FTP Server

first of all, we need to know where our wordlists are located. to view what is placed in the current directory, we can use the "ls" command

ls

then we should get the following:

we can get much info about the items in this directory. like how large they are, their permissions, wether they are directories or not (in the beginning of the permissions listing, there is a "d", which means it's a directory) and the date they were added.

i know the wordlists are stored at /pub/wordlists, so let's navigate there using cd.

cd /pub/wordlists

once we are there, let's do a directory listing again:

ls

now we have this:

we can download all the wordlists at once if we want to, (all.gz), but for now, we will just download the wordlist of a single language, so go ahead and enter this command:

cd languages

the list of languages is quite large. for the sake of it, i will download a German directory.

cd German

let's do another directory listing.

ls

now, we see there are 2 directories. the "1-small" and the "2-large" directory. for the sake of this tutorial, i will download a small wordlist.

cd 1-small

when we do another directory listing, we see there are 2 files, lower.gz and cap.gz. lower.gz is the wordlist with lower case words, the cap.gz is the one with capital letters.

Step 3: Download the Wordlist

for the sake of this tutorial, we will download the cap.gz wordlist. to do this, simply enter this command:

get

now you will be prompted with (remote-file). this is the file we want to download. simply enter cap.gz

then you will be prompted with (local-file). this is the name you want to give the file once it is transfered. you can name this whatever you want, but i named mine "German.gz" (the .gz at the end IS IMPORTANT).

now, simply logout by typing exit.

exit

Step 4: Decompress the Wordlist

we already downloaded the wordlist, but it is still compressed. to decompress the gzip file, simply type this in your terminal:

gzip -d german.gz

now you can open the uncompressed file with a text editor, and you can now clearly see we have a new wordlist with all german words in it!

Conclusion

this repository is really handy if the rockyou wordlist was ineffective in your attack. it is especially useful if your target isn't English.

that's it for now, folks! i hope you enjoyed the article! if you have any problems or questions, feel free to comment below or PM me!

-Phoenix750

11 Comments

Great post!
+1

Well explained, but i'd rather use gunzip for beginners as i think its easier to remember than gzip -d.

well, the file extension is .gz, the first 2 letters of gzip are also gz, and the -d stands for decompress, and the first letter of decompress is also a d, so i think it is easier to remember.

then again, everyone has his own tastes, i just preffer gzip over gunzip, but in the end it doesn't really matter, as long as the file gets extracted ;)

-Phoenix750

This is a great tutorial, but FTP is just too slow to download large wordlists. BitTorrent or HTTP would be better. Are there any alternatives for those services?

not that i know of, but i know they exist. just google "13GB wordlist Torrent" or something.

in fact, i'll make a tutorial soon on how to download from this repository using HTTP, and another one to download wordlists using Torrents from a different repository. the problem is, i don't know any torrent repository's. if anyone knows one, PM me!

-Phoenix750

I know a place to grab many many lists. Ill make something and point ya at them.

thanks! much appreciated!

-Phoenix750

i know, but i wanted to do a tutorial on how to use the build in FTP client in Kali so bad, and this seemed the perfect chance.

-Phoenix750

note: they disabled the ls command on the ftp about a month ago. I've used it before successfully so i know it was working. I get that the Terminal emulator was destined for the audience to practice in command line, but that FTP server is currently best accessed via HTTP.

Share Your Thoughts

  • Hot
  • Latest