Thireus' Bl0g

Current WordLists Release : 20111129

I have created some lists of words based on common web directory and file names. These wordlists are for web security testing purpose.

CHANGELOG:

29/11/11: 20111129

More words, more fun. Updated with some fresh new critical words.

28/11/11: 20111128

Updated and cleaned Extra/Crazy words. WordLists are smaller and better.

27/11/11: 20111127

Initial release.

Most of you might already know that hidden does not mean secure nor unreachable  . I tried to include a maximum of sensitive filenames and directories into these auto-generated wordlists. I’ll try to update these files time to time.

[.zip] Packaged WordLists 20111129
WordLists-20111129.zip
Version: 20111129

Directories_All.wordlist
Directories_Common.wordlist
Directories_Crazy.wordlist
Directories_Extra.wordlist
Filenames_Doted_All.wordlist
Filenames_Doted_Common.wordlist
Filenames_Doted_Crazy.wordlist
Filenames_Doted_Extra.wordlist
Filenames_or_Directories_All.wordlist
Filenames_or_Directories_Common.wordlist
Filenames_or_Directories_Crazy.wordlist
Filenames_or_Directories_Extra.wordlist
Filenames_PHP_All.wordlist
Filenames_PHP_Common.wordlist
Filenames_PHP_Crazy.wordlist
Filenames_PHP_Extra.wordlist

Author:	Thireus
Category:	WordList_Thireus_directories
Date:	November 29, 2011

736.9 KB
577 Downloads
Details...

Quick description:

• All  = Common + Extra + Crazy
• Common = Very frequently used words ONLY
• Extra = Some extra words for lucky and patient people (Does not contain Common nor Crazy wordlists)
• Crazy = Extremely rare words ONLY (Does not contain Extra nor Common wordlists) (continue reading…)

Incoming search terms:

• common directory names (20)
• directory wordlist (19)
• common directories (17)
• filenames zip wordlist (14)
• common web directories (11)
• c99shell (7)
• common website folder names (5)
• wordlist of directories (2)
• common folders in a website (2)
• list of dir words (2)

Hack the web, the russian way

Let me introduce you some of my favorite Web Backdoors, most of them are well known since 2005.

I personally know C99Shell since 2007, when some lamers attempted to hack DareYourMind. But now I’m most used to R57shell, which works very well when Safe-mode is OFF (not secure).

Most of these scripts have been coded by some real good hacker teams, and three of them, the most known, by some Russian h4x0rs :

• c99shell
• r57shell
• c100shell

These scripts can be very dangerous when Safe-mode is OFF, so let’s deactivate Safe-mode :

perl -p -i -e 's/^safe_mode\s*=\s*on/safe_mode =off/i;' /etc/php.ini
/etc/init.d/httpd restart

Today, newest versions of these scripts are hard to find, but fortunately there is a website called Sh3LL.Org where a little collection of these backdoors is available. BackDoor scripts are divided in two categories PHP and ASP scripts.

Do not forget to read the source code of these scripts before using them to prevent any pwnage of your backdoor by their authors . I also recommend you to hide your backdoor, and secure the access. For example you can give your backdoor a common name such as “common.php”, do not forget to change the date of creation of your backdoor file and chmod/chown it

Tor is always a good way to hide your ass, TorBrowser is even better :P

Hack safe my friends! And as always, have a nice day.

Incoming search terms:

• asp backdoor (83)
• asp webshell (62)
• asp shell (48)
• asp shells (46)
• asp shell script (42)
• asp web shell (37)
• asp backdoor shell (33)
• webshell asp (31)
• php backdoor shell (30)
• asp shell backdoor (20)