In the old days there used to be a a username/password combo you could use to log in to basically any site. A globally ‘shared’ account for those in the know. I’ve forgotten the credentials by now, but I recall the password would not work anywhere with significant password requirements. If that account still exists, this password could be suitable for places with significant password requirements. Globally documented, but only useful to those in the know.
That wasn’t the one I was thinking of, but it appears there was more than one :). Obvious in hindsight: ideas are usually not unique, but prompted by the times.
People still do this. And thankfully as a pentester, this helps keep food on my table. Seriously don’t do this unless absolutely 100% necessary. Also
but only useful to those in the know
Is rarely true, so many times I get access to undocumented features that have less rigorous testing because “developers only” and it leads to unexpected things.
In the old days there used to be a a username/password combo you could use to log in to basically any site. A globally ‘shared’ account for those in the know. I’ve forgotten the credentials by now, but I recall the password would not work anywhere with significant password requirements. If that account still exists, this password could be suitable for places with significant password requirements. Globally documented, but only useful to those in the know.
If it’s the same low-tech predecessor to http://bugmenot.com/ I’m thinking of, it was cypherpunk / cypherpunk
cpunks / cpunks was the one I recall.
That wasn’t the one I was thinking of, but it appears there was more than one :). Obvious in hindsight: ideas are usually not unique, but prompted by the times.
media/media was the way to bypass the Wall Street Journal’s paywall from its creation until earlier this year.
Thanks! I wanted to mention that, but couldn’t remember which newspaper that was, and it’s an impossible phrase to Google…
People still do this. And thankfully as a pentester, this helps keep food on my table. Seriously don’t do this unless absolutely 100% necessary. Also
Is rarely true, so many times I get access to undocumented features that have less rigorous testing because “developers only” and it leads to unexpected things.