Penetration Testing mailing list archives
Re: DPE - Default Password Enumeration standarization released
From: natron <natron () invisibledenizen org>
Date: Mon, 30 Jun 2008 06:52:30 -0500
Don't forget Pete Finnigan's default password list for Oracle, which contains almost 600 user ID/pw combinations spanning various Oracle installations, add-ons, and common third-party products. http://www.petefinnigan.com/default/default_password_list.htm N On Sun, Jun 29, 2008 at 1:28 PM, Jerome Athias <jerome.athias () free fr> wrote:
Heya, This is a nice idea. A tiny script can help extracting (quite correctly) the Phenoelit list http://www.ja-psi.com/pentest/DPE_ja.xml (here i assume that all are routers, blabla) Note: I would add a vendor ID (here Secunia's one) and a product id ;-). It makes things more easy when playing theXploiter and searching for matching vulnerabilities... I'll mix it with https://www.securinfos.info/passwords-liste-mots-de-passe.html and some other Eric Knight' style dad... :-p I also accept unreleased default passwords lists ^_^ My 0,02 bucks Cheers /JA Kurt Grutzmacher a écrit :On Thu, Jun 26, 2008 at 05:19:40PM +0200, SD List wrote:DPE is the security-database naming scheme that provides structured enumeration of default logons and passwords of network devices, applications and Operating Systems.Having a common format for this list is a great idea for many reasons. A couple questions: Are you going to be seeding this database from the Phenoelit list @ http://www.phenoelit-us.org/dpl/dpl.html or any other existing lists? How will the community be able to add / modify to this list? Will there be a central maintainer or committee (you?) who reviews entries before inclusion and what's the expected time-line after submitting can be expected? When will there be more than just 3 entries in it? :) Kurt------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- DPE - Default Password Enumeration standarization released SD List (Jun 26)
- Re: DPE - Default Password Enumeration standarization released Kurt Grutzmacher (Jun 27)
- Re: DPE - Default Password Enumeration standarization released SD List (Jun 27)
- Re: DPE - Default Password Enumeration standarization released Jerome Athias (Jun 29)
- Re: DPE - Default Password Enumeration standarization released natron (Jun 30)
- Re: DPE - Default Password Enumeration standarization released Kurt Grutzmacher (Jun 27)