imported>Cosmea (just a start of a page about passwords) |
imported>mutante m (→[[Mediawiki]]) |
||
(15 intermediate revisions by 4 users not shown) | |||
Line 3:
==default passwords==
The most common default password is <blank> or the 'Enter' password. (Don't forget to try just because its seem to be too easy to be true.)
[http://www.phenoelit.de/dpl/dpl.html default password list]
*Website with a huge collection of default passwords for routers, AP's, switches etc. Sorted by manufactor.
== Things NOT to do ==
=== where passwords should NOT be ===
#on a post-it sticker attached to the monitor
#in public dumpfiles of mediawikis [http://s23.org/wiki/Mediawiki_Upgrade_Tutorial_with_Spamblacklist_patch#Beware.21]
#on this wiki page ;)
#tattooed to your forhead
#the name of your new born child
#your [[mantra]]
#in a dictionary
=== what passwords u should NOT use ===
A [http://www.openwall.com/passwords/wordlists/password.lst common passwords list] by Openwall Project
public domain
This is a list of over 3000 passwords most commonly seen on a set of Unix systems in mid-1990s, sorted for decreasing number of occurrences (that is, more common passwords are listed first).
==== FTP archives: ====
* ftp://ftp.openwall.com/pub/wordlists/ (and its [http://www.openwall.com/mirrors/ mirrors])
* ftp://ftp.ox.ac.uk/pub/wordlists/
* ftp://ftp.zedz.net/pub/crypto/wordlists/
derived exclusively from the ox.ac.uk archive above, but files uncompressed
* ftp://ftp.cerias.purdue.edu/pub/dict/
includes the ox.ac.uk archive and more
== Warning: ironical ==
=== Examples: Good Passwords ===
something like
susi<br>
peter<br>
123456<br>
qwertz/qwerty<br>
asdfg<br>
letmein<br>
admin<br>
root<br>
irule<br>
owned<br>
or
(very good one)<br>
g33k
=== Reset forgotten passwords ===
==== [[Mediawiki]] ====
UPDATE user SET user_password = MD5(CONCAT(user_id, '-',MD5('somepass'))) WHERE user_name = 'whatever';
===== bash script =====
put this into a file resetpass.sh
<pre>
#!/bin/bash
# mediawiki - reset a user password
read -p "Which username to you want to reset? " username
read -p "Enter new password: " password
mysql -u root -p wikidb -e "UPDATE user SET user_password = MD5(CONCAT(user_id, '-',MD5('$password'))) WHERE user_name = '$username';"
if [[ $? -eq 0 ]]
then
echo "Ok. Updated password of '$username' to '$password'."
exit 0
else
echo "Error. Could not reset password."
exit 1
fi
</pre>
<tt>> chmod +x resetpass.sh
>./resetpass.sh</tt>
==== [[MySQL]] ====
[[MySQL#Reset_forgotten_root_password]]
==== [[Windows]] ====
[http://support.microsoft.com/?kbid=321305 Microsoft: How to log on to Windows XP if you forget your password]
==== [[Linux]] ====
Wenn du von einem anderen Medium bootest und auf einem System mit aktivierten Shadow Passwörtern die /etc/shadow bearbeitest und dort das verschlüsselte Passwort schlicht entfernst,also das (nur) das Passwortfeld leer lässt (::) kann man sich je nach Distribution direkt ohne Pass einloggen ([[Suse]]) oder muss zuerst auf einem anderen System ein bekanntes Passwort verschlüsseln und den daraus resultierenden encrypteten String einfügen ([[Debian]]).
[http://linuxgazette.net/107/tomar.html How to Reset forgotten Root passwords]
[[Category:Hacking]]
[[Category:Security]]
|
Latest revision as of 15:29, 12 August 2006
your passwords[edit]
some hints like min. 8 letters, combined with numbers etc.
default passwords[edit]
The most common default password is <blank> or the 'Enter' password. (Don't forget to try just because its seem to be too easy to be true.)
- Website with a huge collection of default passwords for routers, AP's, switches etc. Sorted by manufactor.
Things NOT to do[edit]
where passwords should NOT be[edit]
- on a post-it sticker attached to the monitor
- in public dumpfiles of mediawikis [1]
- on this wiki page ;)
- tattooed to your forhead
- the name of your new born child
- your mantra
- in a dictionary
what passwords u should NOT use[edit]
A common passwords list by Openwall Project public domain
This is a list of over 3000 passwords most commonly seen on a set of Unix systems in mid-1990s, sorted for decreasing number of occurrences (that is, more common passwords are listed first).
FTP archives:[edit]
- ftp://ftp.openwall.com/pub/wordlists/ (and its mirrors)
- ftp://ftp.ox.ac.uk/pub/wordlists/
- ftp://ftp.zedz.net/pub/crypto/wordlists/
derived exclusively from the ox.ac.uk archive above, but files uncompressed
includes the ox.ac.uk archive and more
Warning: ironical[edit]
Examples: Good Passwords[edit]
something like
susi
peter
123456
qwertz/qwerty
asdfg
letmein
admin
root
irule
owned
or
(very good one)
g33k
Reset forgotten passwords[edit]
Mediawiki[edit]
UPDATE user SET user_password = MD5(CONCAT(user_id, '-',MD5('somepass'))) WHERE user_name = 'whatever';
bash script[edit]
put this into a file resetpass.sh
#!/bin/bash # mediawiki - reset a user password read -p "Which username to you want to reset? " username read -p "Enter new password: " password mysql -u root -p wikidb -e "UPDATE user SET user_password = MD5(CONCAT(user_id, '-',MD5('$password'))) WHERE user_name = '$username';" if [[ $? -eq 0 ]] then echo "Ok. Updated password of '$username' to '$password'." exit 0 else echo "Error. Could not reset password." exit 1 fi
> chmod +x resetpass.sh
>./resetpass.sh
MySQL[edit]
MySQL#Reset_forgotten_root_password
Windows[edit]
Microsoft: How to log on to Windows XP if you forget your password
Linux[edit]
Wenn du von einem anderen Medium bootest und auf einem System mit aktivierten Shadow Passwörtern die /etc/shadow bearbeitest und dort das verschlüsselte Passwort schlicht entfernst,also das (nur) das Passwortfeld leer lässt (::) kann man sich je nach Distribution direkt ohne Pass einloggen (Suse) oder muss zuerst auf einem anderen System ein bekanntes Passwort verschlüsseln und den daraus resultierenden encrypteten String einfügen (Debian).