Originally Posted by cpulocksmith View Post
i have read a little about people using password lists to crack a password. i know that they are a huge list of common passwords and it systematicly goes through each one to see if it is the password. i really have no idea how to use this. could someone please give me some info on how to use a password list and maybe how to make on. i briefly looked at one once a while ago but had no real intrest on knowing how it works so i disregarded it. but now i kinda what to know how they work. they seem some-what useful. also in most application i will never know what the password really is but if i really need to know the password i am sure i will find other means in witch i can find the password. so if some one could please fill me in it would be greatly appreciated.
Using wordlists depends on the program that you're feeding them to. For many tools (such as jtr, hydra, aircrack, etc), it's a matter of a flag followed by the wordlist name when you call the program from the command line. In gui tools like cain, you have the option to feed it in via a dropdown box when you right-click your hash and select dicitonary attack. It's all dependant on the tool you're using.

As far as making a dictionary yourself goes, if you're familiar with file IO and for loops, you can code up an application to do that for you quite quickly and easily in almost any language. I just wrote one for myself, actually (using java instead of C++ for once... no idea why). If you want it, PM me. It tends to be faster to generate the lists yourself than download them (unless you're on a slow machine). My quad helps there.

You may also be interested in learning about rainbow cracking, since it follows the same general idea, but if much faster (it precomputes all the corresponding hashes for each word). Google's got lots of info on that.