Default Credentials

Common credentials

admin:admin
guest:guest
manager:manager
12345:12345
root:root
root:toor
test:test
test:password
admin:admin
admin:password
admin:<blank>
admin:12345
root:12345678
administrator:Password
administrator:administrator
Administrator:Administrator
<company>:<company>
<company>:password
<serviceName>:<serviceName> # Ex: jenkins:jenkins
user:password
demo:demo
demo:password
admin:demo

Try name of domain as password

Default credentials

WSTG - Latest | OWASP Foundation

Run Nuclei

How Automation Detected Default Admin Credential Worth $500Medium

SecLists

ls /usr/share/seclists/Passwords/Default-Credentials

 avaya_defaultpasslist.txt          postgres-betterdefaultpasslist.txt
 cryptominers.txt                   Routers
 db2-betterdefaultpasslist.txt      scada-pass.csv
 default-passwords.csv              ssh-betterdefaultpasslist.txt
 default-passwords.txt              telnet-betterdefaultpasslist.txt
 ftp-betterdefaultpasslist.txt      telnet-phenoelit.txt
 mssql-betterdefaultpasslist.txt    tomcat-betterdefaultpasslist_base64encoded.txt
 mysql-betterdefaultpasslist.txt    tomcat-betterdefaultpasslist.txt
 oracle-betterdefaultpasslist.txt   vnc-betterdefaultpasslist.txt
'Oracle EBS passwordlist.txt'       windows-betterdefaultpasslist.txt
'Oracle EBS userlist.txt'

SecLists/Passwords/Default-Credentials at master · danielmiessler/SecListsGitHub

DefaultCreds - Tool

GitHub - ihebski/DefaultCreds-cheat-sheet: One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️GitHub

Default creds

$ pip3 install defaultcreds-cheat-sheet`
$ creds search tomcat

PassStation List

pass-station/data at master · noraj/pass-stationGitHub

Metasploit Lists

/opt/tools/metasploit-framework/data/wordlists/

cat /opt/tools/metasploit-framework/data/wordlists/http_default_userpass.txt 
connect connect
sitecom sitecom
admin 1234
cisco cisco
cisco sanfran
private private
wampp xampp
newuser wampp
xampp-dav-unsecure ppmax2011 
admin turnkey
vagrant vagrant#                                   

Other Lists

Default Passwords | CIRT.net

List of Default PasswordsDatarecovery.com

cat /opt/tools/metasploit-framework/data/wordlists/http_default_userpass.txt 

connect connect
sitecom sitecom
admin 1234
cisco cisco
cisco sanfran
private private
wampp xampp
newuser wampp
xampp-dav-unsecure ppmax2011 
admin turnkey
vagrant vagrant#

Product/Vendor	Username	Password
Zyxel (ssh)	zyfwp	PrOw!aN_fXp
APC UPS (web)	apc	apc
Weblogic (web)	system	manager
Weblogic (web)	system	manager
Weblogic (web)	weblogic	weblogic1
Weblogic (web)	WEBLOGIC	WEBLOGIC
Weblogic (web)	PUBLIC	PUBLIC
Weblogic (web)	EXAMPLES	EXAMPLES
Weblogic (web)	weblogic	weblogic
Weblogic (web)	system	password
Weblogic (web)	weblogic	welcome(1)
Weblogic (web)	system	welcome(1)
Weblogic (web)	operator	weblogic
Weblogic (web)	operator	password
Weblogic (web)	system	Passw0rd
Weblogic (web)	monitor	password
Kanboard (web)	admin	admin
Vectr (web)	admin	11_ThisIsTheFirstPassword_11
Caldera (web)	admin	admin
Dlink (web)	admin	admin
Dlink (web)	1234	1234
Dlink (web)	root	12345
Dlink (web)	root	root
JioFiber	admin	jiocentrum
GigaFiber	admin	jiocentrum
Kali linux (OS)	kali	kali
F5	admin	admin
F5	root	default
F5	support

rConfig

 rConfig: admin:admin

Tomcat

Tomcat: tomcat | Tomcatadm 

Default-Credentials/Apache-Tomcat-Default-Passwords.mdown at master · netbiosX/Default-CredentialsGitHub

GitBucket

root:root

gitbucket/doc/build.md at master · gitbucket/gitbucketGitHub

Routers

Default Router Login Password For Top Router Models (2023 List)Software Testing Help

Default Router Login

Router Brand	Default IP Address	Default Username	Default Password
3Com	http://192.168.1.1	admin	Admin
Belkin	http://192.168.2.1	admin	admin
BenQ	http://192.168.1.1	admin	Admin
D-Link	http://192.168.0.1	admin	Admin
Digicom	http://192.168.1.254	admin	Michelangelo
Linksys	http://192.168.1.1	admin	Admin
Netgear	http://192.168.0.1	admin	password
...	...	...	...