From 6e49f44c8e6773265e3ee33886ef91a567540ac1 Mon Sep 17 00:00:00 2001 From: Daniel Miessler Date: Wed, 20 Jul 2016 10:59:20 -0700 Subject: [PATCH 1/6] Updated credits with a name correction. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 7c6f414a..2541eb09 100755 --- a/README.md +++ b/README.md @@ -33,7 +33,7 @@ Significant effort is made to give attribution for these lists whenever possible - Steve Crapo for doing splitting work on a number of large lists - Thanks to Blessen Thomas for recommending Mario's/cure53's XSS vectors - Thanks to Danny Chrastil for submitting an anonymous JSON fuzzing list -- Many thanks to geekspeed, EricSB, lukebeer, patrickmollohan, g0tmi1k, albinowax, and Oweoqui for submitting via pull requests +- Many thanks to geekspeed, EricSB, lukebeer, patrickmollohan, g0tmi1k, albinowax, and kurobeats for submitting via pull requests - Special thanks to shipcod3 for MANY contributions! - Thanks to Samar Dhwoj Acharya for allowing his Github Dorks content to be included! - Thanks to Liam Somerville for the excellent list of default passwords From fff5faa976521cf396aceb1eb7a8dbe831d3fda2 Mon Sep 17 00:00:00 2001 From: Tiago Sintra Date: Thu, 28 Jul 2016 14:10:42 +0200 Subject: [PATCH 2/6] Support for CVE-2007-1860 mod_jk double encoding Added paths that will check access control bypass using double encoding (CVE-2007-1860) that could allow a remote user to access Tomcat's administration panel. Based on the scenario demonstrated on https://pentesterlab.com/exercises/cve-2007-1860/course --- Discovery/Web_Content/tomcat.txt | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Discovery/Web_Content/tomcat.txt b/Discovery/Web_Content/tomcat.txt index 1648921d..8df5eab9 100644 --- a/Discovery/Web_Content/tomcat.txt +++ b/Discovery/Web_Content/tomcat.txt @@ -21,6 +21,9 @@ examples/servlet/org.apache.catalina.servlets.WebdavServlet/jsp/snp/snoop.jsp examples/servlet/org.apache.catalina.servlets.WebdavServlet/jsp/source.jsp examples/servlet/snoop examples/servlets/index.html +examples/../manager/html +examples/%2e%2e/manager/html +examples/%252e%252e/manager/html host-manager host-manager/add host-manager/host-manager.xml From 022b00b4c9e93fe46cfcfdefc4db3e82587fd610 Mon Sep 17 00:00:00 2001 From: Ailton Caetano Date: Fri, 29 Jul 2016 19:04:07 -0300 Subject: [PATCH 3/6] added a couple of folders to Vignette lists --- Discovery/Web_Content/Vignette.fuzz.txt | 2 ++ Discovery/Web_Content/vignette.txt | 2 ++ 2 files changed, 4 insertions(+) diff --git a/Discovery/Web_Content/Vignette.fuzz.txt b/Discovery/Web_Content/Vignette.fuzz.txt index de50f077..abfb2c44 100644 --- a/Discovery/Web_Content/Vignette.fuzz.txt +++ b/Discovery/Web_Content/Vignette.fuzz.txt @@ -23,6 +23,7 @@ /allvars /asp /aspstatus +/binary /cda /cds /cma @@ -65,6 +66,7 @@ /storyserver /style /stylepreviewer +/system /utils /vdc /vgn diff --git a/Discovery/Web_Content/vignette.txt b/Discovery/Web_Content/vignette.txt index 7eb83ab8..c56a9c70 100644 --- a/Discovery/Web_Content/vignette.txt +++ b/Discovery/Web_Content/vignette.txt @@ -23,6 +23,7 @@ ac allvars asp aspstatus +binary cda cds cma @@ -65,6 +66,7 @@ status storyserver style stylepreviewer +system utils vdc vgn From 54970eab024993e256ef36c251c32aac656cef73 Mon Sep 17 00:00:00 2001 From: Dax Labrador Date: Tue, 2 Aug 2016 07:41:10 +0800 Subject: [PATCH 4/6] Create 1337speak.txt Collection of 1337sp34k passwords --- Passwords/1337speak.txt | 336 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 336 insertions(+) create mode 100644 Passwords/1337speak.txt diff --git a/Passwords/1337speak.txt b/Passwords/1337speak.txt new file mode 100644 index 00000000..3178c424 --- /dev/null +++ b/Passwords/1337speak.txt @@ -0,0 +1,336 @@ +apple +applE +appl3 +appLe +appLE +appL3 +appie +appiE +appi3 +appIe +appIE +appI3 +app|e +app|E +app|3 +app!e +app!E +app!3 +app1e +app1E +app13 +apPle +apPlE +apPl3 +apPLe +apPLE +apPL3 +apPie +apPiE +apPi3 +apPIe +apPIE +apPI3 +apP|e +apP|E +apP|3 +apP!e +apP!E +apP!3 +apP1e +apP1E +apP13 +aPple +aPplE +aPpl3 +aPpLe +aPpLE +aPpL3 +aPpie +aPpiE +aPpi3 +aPpIe +aPpIE +aPpI3 +aPp|e +aPp|E +aPp|3 +aPp!e +aPp!E +aPp!3 +aPp1e +aPp1E +aPp13 +aPPle +aPPlE +aPPl3 +aPPLe +aPPLE +aPPL3 +aPPie +aPPiE +aPPi3 +aPPIe +aPPIE +aPPI3 +aPP|e +aPP|E +aPP|3 +aPP!e +aPP!E +aPP!3 +aPP1e +aPP1E +aPP13 +Apple +ApplE +Appl3 +AppLe +AppLE +AppL3 +Appie +AppiE +Appi3 +AppIe +AppIE +AppI3 +App|e +App|E +App|3 +App!e +App!E +App!3 +App1e +App1E +App13 +ApPle +ApPlE +ApPl3 +ApPLe +ApPLE +ApPL3 +ApPie +ApPiE +ApPi3 +ApPIe +ApPIE +ApPI3 +ApP|e +ApP|E +ApP|3 +ApP!e +ApP!E +ApP!3 +ApP1e +ApP1E +ApP13 +APple +APplE +APpl3 +APpLe +APpLE +APpL3 +APpie +APpiE +APpi3 +APpIe +APpIE +APpI3 +APp|e +APp|E +APp|3 +APp!e +APp!E +APp!3 +APp1e +APp1E +APp13 +APPle +APPlE +APPl3 +APPLe +APPLE +APPL3 +APPie +APPiE +APPi3 +APPIe +APPIE +APPI3 +APP|e +APP|E +APP|3 +APP!e +APP!E +APP!3 +APP1e +APP1E +APP13 +@pple +@pplE +@ppl3 +@ppLe +@ppLE +@ppL3 +@ppie +@ppiE +@ppi3 +@ppIe +@ppIE +@ppI3 +@pp|e +@pp|E +@pp|3 +@pp!e +@pp!E +@pp!3 +@pp1e +@pp1E +@pp13 +@pPle +@pPlE +@pPl3 +@pPLe +@pPLE +@pPL3 +@pPie +@pPiE +@pPi3 +@pPIe +@pPIE +@pPI3 +@pP|e +@pP|E +@pP|3 +@pP!e +@pP!E +@pP!3 +@pP1e +@pP1E +@pP13 +@Pple +@PplE +@Ppl3 +@PpLe +@PpLE +@PpL3 +@Ppie +@PpiE +@Ppi3 +@PpIe +@PpIE +@PpI3 +@Pp|e +@Pp|E +@Pp|3 +@Pp!e +@Pp!E +@Pp!3 +@Pp1e +@Pp1E +@Pp13 +@PPle +@PPlE +@PPl3 +@PPLe +@PPLE +@PPL3 +@PPie +@PPiE +@PPi3 +@PPIe +@PPIE +@PPI3 +@PP|e +@PP|E +@PP|3 +@PP!e +@PP!E +@PP!3 +@PP1e +@PP1E +@PP13 +4pple +4pplE +4ppl3 +4ppLe +4ppLE +4ppL3 +4ppie +4ppiE +4ppi3 +4ppIe +4ppIE +4ppI3 +4pp|e +4pp|E +4pp|3 +4pp!e +4pp!E +4pp!3 +4pp1e +4pp1E +4pp13 +4pPle +4pPlE +4pPl3 +4pPLe +4pPLE +4pPL3 +4pPie +4pPiE +4pPi3 +4pPIe +4pPIE +4pPI3 +4pP|e +4pP|E +4pP|3 +4pP!e +4pP!E +4pP!3 +4pP1e +4pP1E +4pP13 +4Pple +4PplE +4Ppl3 +4PpLe +4PpLE +4PpL3 +4Ppie +4PpiE +4Ppi3 +4PpIe +4PpIE +4PpI3 +4Pp|e +4Pp|E +4Pp|3 +4Pp!e +4Pp!E +4Pp!3 +4Pp1e +4Pp1E +4Pp13 +4PPle +4PPlE +4PPl3 +4PPLe +4PPLE +4PPL3 +4PPie +4PPiE +4PPi3 +4PPIe +4PPIE +4PPI3 +4PP|e +4PP|E +4PP|3 +4PP!e +4PP!E +4PP!3 +4PP1e +4PP1E +4PP13 From 96aae467b3029e504508db05fb5ab547a0efcee7 Mon Sep 17 00:00:00 2001 From: Andrew Murray Date: Sun, 7 Aug 2016 16:24:15 +1000 Subject: [PATCH 5/6] Fixed typo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2541eb09..26e3a0a9 100755 --- a/README.md +++ b/README.md @@ -23,7 +23,7 @@ Significant effort is made to give attribution for these lists whenever possible - Ron Bowes of SkullSecurity for collaborating and including all his lists here - Clarkson University for their research that led to the Clarkson list - All the authors listed in the XSS with context doc, which was found on pastebin and added to by us -- Ferruh Mavitina for the begginings of the LFI Fuzz list +- Ferruh Mavitina for the beginnings of the LFI Fuzz list - Kevin Johnson for laudnaum shells - RSnake for fierce hostname list - Charlie Campbell for Spanish word list, numerous other contributions From a823fad248aab2912a285dcfea2aae4cdde9ca7f Mon Sep 17 00:00:00 2001 From: Daniel Miessler Date: Sat, 8 Oct 2016 02:07:25 +0100 Subject: [PATCH 6/6] Mirai botnet creds. --- Passwords/mirai_botnet.txt | 61 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 Passwords/mirai_botnet.txt diff --git a/Passwords/mirai_botnet.txt b/Passwords/mirai_botnet.txt new file mode 100644 index 00000000..43f896b0 --- /dev/null +++ b/Passwords/mirai_botnet.txt @@ -0,0 +1,61 @@ +root xc3511 +root vizxv +root admin +admin admin +root 888888 +root xmhdipc +root default +root jauntech +root 123456 +root 54321 +support support +root (none) +admin password +root root +root 12345 +user user +admin (none) +root pass +admin admin1234 +root 1111 +admin smcadmin +admin 1111 +root 666666 +root password +root 1234 +root klv123 +Administrator admin +service service +supervisor supervisor +guest guest +guest 12345 +admin1 password +administrator 1234 +666666 666666 +888888 888888 +ubnt ubnt +root klv1234 +root Zte521 +root hi3518 +root jvbzd +root anko +root zlxx. +root 7ujMko9vizxv +root 7ujMko0admin +root system +root ikwb +root dreambox +root user +root realtek +root 000000 +admin 1111111 +admin 1234 +admin 12345 +admin 54321 +admin 123456 +admin 7ujMko0admin +admin pass +admin meinsm +tech tech +mother fucker +