My Computer Hacking Forensics Invetigator trainer has shared so many interesting sites with us that I’ve have no idea even existed. One of them is definitely the SecLists.
SecLists is the security tester’s companion. It’s a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. The goal is to enable a security tester to pull this repo onto a new testing box and have access to every type of list that may be needed.
While this list is maintained by security professional, it could be ultilized in so many ways including the at the blackhat hacking side. I’m not so creative so the best I could think of is making of the huge list of passwords for brute-force password cracking.
Top used passwords and usernames
Let’s take a look at some other interesting fact as well, did your favorite username and password fall in the top list below?(Which you should feel bad upon)
root
admin
test
guest
info
adm
mysql
user
administrator
oracle
ftp
pi
puppet
ansible
ec2-user
vagrant
azureuser
123456
123456789
111111
password
qwerty
abc123
12345678
password1
1234567
123123
Treat the first line of defence the right way
If any items in the list looks familiar to you, I hope you are using them only in some testing environment or anything that is insignificant for the sake of convenience.
Username and password act as the very important barrier for any malicious attempt in the evil world so we better treat it as life-and-death matter. Things could go so wrong when you are hacked. Using a strong password manager which could help generating high security password and remembering it for you is a no-braniner, I would suggest Bitwarden to anyone.
Stay safe and easy!
Posted from my blog with SteemPress : https://fr3eze.vornix.blog/are-you-using-one-of-the-top-used-username-and-password/
This page is synchronized from the post: ‘Are you using one of the top used Username and Password?’