nerdexam
ExamsPT0-001Questions#201
CompTIA

PT0-001 · Question #201

PT0-001 Question #201: Real Exam Question with Answer & Explanation

The correct answer is A: . /wordlists/rockyou.txt. rockyou.txt is the standard general-purpose password wordlist used for credential cracking because it contains millions of real passwords from an actual data breach.

Attacks and exploits

Question

Which of the following wordlists is BEST for cracking MD5 password hashes of an application's users from a compromised database?

Options

  • A. /wordlists/rockyou.txt
  • B./dirb/wordlists/big.txt
  • C./wfuzz/wordlist''vulns/sq1_inj -txt
  • D./wordlists/raeta3ploit/roet_uaerpass.txt

Explanation

rockyou.txt is the standard general-purpose password wordlist used for credential cracking because it contains millions of real passwords from an actual data breach.

Common mistakes.

  • B. dirb's big.txt is a web content discovery wordlist containing directory and file names, not passwords, and is inappropriate for hash cracking.
  • C. The wfuzz SQL injection wordlist contains SQL syntax payloads for fuzzing web inputs, not human-chosen password candidates.
  • D. Metasploit's root_userpass.txt contains default service credentials for common network devices and services, not the general user password patterns found in application databases.

Concept tested. Password wordlist selection for hash cracking

Reference. https://www.kali.org/tools/wordlists/

Topics

#password cracking#MD5#rockyou wordlist#hashcat

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full PT0-001 Practice
Which of the following wordlists is BEST for cracking MD5 password... | PT0-001 Q#201 Answer | NerdExam