A Collection of Wordlists

You are only as effective as the wordlist you use, over the years I have collected a fair few of them and will bring them to you all in one place. Common 10k_common.txt 82KB 2012commonpw.txt 1KB All_Common_Router_Passwords.txt 3.3KB commonpasswords.txt 3.3KB Random AllPasswords.txt 58MB dic.txt 8.6MB largelist.txt darkc0de.txt 17MB smalllist.txt 26MB realhuman_phill.txt 683.2KB rockyou.txt 133.4KB Openwall pwgen-nontty.gz 118.7MB pwgen-tty.gz 120.4MB Wordlists-20031009.txt… Read more »

How to Reveal Hidden Passwords in Web Browsers

In many places where you need to input your password to gain access, authorise or confirm a transaction, whenever you type passwords into the input box, the characters automatically change into asterisks or bullets. This is to protect your password from straying eyes. There is a simple trick to find out what is behind the… Read more »

Detect Heartbleed Vulnerability using Perl Script

Check to see if sites you access are still vulnerable to the Heartbleed exploit (CVE-2014-0160) by running the following Perl script: 1. Create a file called check-ssl-heartbleed.pl and paste the following contents: vi check-ssl-heartbleed.pl 1a. Paste the following into check-ssl-heartbleed.pl #!/usr/bin/perl use strict; use warnings; use Getopt::Long qw(:config posix_default bundling); # try to use IPv6 my $INETCLASS; BEGIN… Read more »

ZyNOS (ROM-0) Exploit

ZyNOS is the proprietary operating system used on network devices made by the ZyXEL Communications Corporation, ZyXEL Communications Corporation first introduced ZyNOS in 1998. A vulnerability exists with ZyNOS based routers (ZyXel, Netgear and TP-Link and maybe others) that can allow an attacker to download the rom-0 file and reverse engineer to retrieve the local admin… Read more »

Poisoning ARP packets using ARP Spoof

ARP spoofing (also known as ARP poisoning) is a technique whereby an attacker sends fake “spoofed” Address Resolution Protocol (ARP) packets onto a Local Area Network (LAN). The purpose of this attack is to associate the attackers MAC address with the IP address of another host (such as a default gateway), causing any traffic that… Read more »