default passwords

All posts tagged default passwords

In the course of all the penetration tests we have tracked down lots of default passwords. Default passwords are a quick win on most penetration tests but usually don’t get the respect of a good remote code execution. Just because it isn’t sexy doesn’t mean you don’t get access.

This isn’t by any means a complete list but we hope it helps. The table is fairly large so feel free to filter and search. There is a notes field hidden to the right that has some helpful stuff in it but unfortunately it doesn’t fit well.


Default Password List

List of Default Passwords for Penetration Tests.
Device TypeManufacturerModelUsernamePasswordNotes
ApplicationBrocadeSwitch Explorerrootfirbrannehttp://community.brocade.com/docs/DOC-1651
ApplicationBrocadeSwitch Exploreradminpassword
ApplicationFirebirdRDBMSSYSDBAmasterkey
ApplicationHPWebJet Adminadminadmin
ApplicationLantronixUDS1100Telnet
ApplicationSybaseSQLAnywheresa
ApplicationSymantecVPsymantecHash - VPUninstallPassword=S1084A085DC6BD2D755D4D6A7726
ApplicationWyseSQL AdminRapportThinMgmt
ApplicationWyseSQL AdminRapportThinMgmt451
ApplicationWyseFTPrapportr@p8p0r+
ApplicationWyseConsolerootwyse
ApplicationWyseConsoleroot
ApplicationWyseVNCVNCwinterm
ApplicationWyseVNCpassword
BIOSWyseBIOSFireport
InfrastructureAlcatel-LucentWebViewadminswitch
InfrastructureAPCAP9340apcapcadmin access
InfrastructureAPCAP9340deviceapcdevice only access
InfrastructureBlueSocketWireless LAN controlleradminblue
InfrastructureCiscoWireless LAN controlleradminadmin
InfrastructureDaktronicsGalaxyProDakpwdapplication password for FTP over non-standard port. Download software from Daktronics.com
InfrastructureDellPowerVault TL4000adminsecure
InfrastructureMitel3300 ICPsystempassword
InfrastructureMitel3300installer2000Telnet banner is SX-2000, only works for telnet access not web
InfrastructureNortelBusiness Secure RouternnadminPlsChgMe!
InfrastructurePolycomVBP 5300LF2root@#$%^&*!SSH - The password from support is @#$%^&*!() but DES ignores ()
MSSQLTrackit DatabaseInstance: TRACKITsaTI_DB_P@ssw0rdPort 64004
RemoteManagementDellDRACrootcalvin
RemoteManagementDellDRACuser1user1234user1:$1$nVOr80rB$HDAd6FRIG24k/WN4ZuYPC0:0:99999:7::: (not verified)
RemoteManagementHPiLO2adminadmin
WebApp3ComSuper StackmanagermanagerCIH 4400 44.70
WebApp3ComIntelliJack Switch NJ2000password
WebAppAdaptecStorage Managerraidraid
WebAppAlliance Storage TechnologiesUDO Archive Apllianceadminadminhttp://www.plasmontech.com/downloads2/pdf/aaequickstartguide_4_8xx.pdf
WebAppAxis540+/542+
WebAppBay NetworksBayStack 303/304manager
WebAppBoschDiBosAdministratorcase sensitive
WebAppCanonMF8050
WebAppCanoniR-ADV 403576543217654321
WebAppCarrierCNNWebsacarrier
WebAppCheck In SystemsCheck In Systemsmciadminhttp://www.medicalcheckin.com/Technical_Document_for_IT_Departments.pdf
WebAppCimetricBACnetadminadmin
WebAppCisco7936 Cisco IP Conference Stationadministrator**#
WebAppDellPowerVault 124Tadminpassword
WebAppDell2162DSAdmin
WebAppDellEquallogic PSgrpadmingrpadmin
WebAppDigiOneRealPortrootdbps
WebAppEatonPowerwareadminadmin
WebAppEMCNavispherenasadminpassword
WebAppHoneywellNetAXSadminadmin
WebAppHPSystem Management HomepageAdministatorAdministator
WebAppHPHPNASadministratorhpinvent
WebAppHPProcurveprocurvemodel 2501g
WebAppIBMAdvanced System Managementadminadmin
WebAppIBMAdvanced System Managementgeneralgeneral
WebAppIBMBaseboard Management controllerUSERIDPASSW0RDLook for BMC Login. Case sensitive and zero in password not 'oh'
WebAppInFocusLiteShow 3Admin Useradmin
WebAppInFocusLiteShow 3Basic Userbasic
WebAppIntelRemote Management Module 2adminpassword
WebAppIntelNetPort Expressrootworks on telnet or web
WebAppIntermeceasyLAN 100eIntermec
WebAppIntermeceasyLAN 10i2Intermec
WebAppJavaGlassfishadminadminadmin
WebAppKIPPrintNETkipkiptcpwrapped on port 80
WebAppKonica MinoltaPageScopeAdministator12345678bizhub C652
WebAppKyoceraCommand Center RXAdminAdmin
WebAppKyoceraCommand Centeradmin00
WebAppKyoceraHyPASAdminAdmin
WebAppLantronixUDS1100
WebAppLantronixXportadminPASS
WebAppLantronixXPORTlook for ltx_conf.htm
WebAppNEC (Digitcom)Univerge SV8100ADMIN10
WebAppNEC (Digitcom)Univerge SV8100necii47544
WebAppNEC (Digitcom)Univerge SV8100tech12345678
WebAppNEC (Digitcom)Univerge SV8100ADMIN29999
WebAppNEC (Digitcom)Univerge SV8100USER11111
WebAppNetgearGS108Tpassword
WebAppNetgearGS724tppassword
WebAppNetgearProSafenetgearnetgearruns on port 8080
WebAppNetgearGSM7328FSadmin
WebAppNortelBCMnnadminPlsChgMe!Look for BCM login as the prompt
WebAppOKIML590adminOkiLANcase sensitive
WebAppOKIC5200nrootLast 6 of MAC*Capitalize any letters
WebAppOTRSOTRSroot@localhostrootdoc.otrs.org/3.1/en/html/ - look for 'First Login'
WebAppPerleIOLANadminsuperuser
WebAppPolycomVBP 5300LF2rouserdefault
WebAppPrintekPrint Serveraccess
WebAppPrintSirWEBPORT 1.1admin
WebAppPrintSirWEBPORT 1.1adminsu@psir
WebAppPrintSirWEBPORT 1.1admin1234
WebAppRicohAficio SP C811DNadmin
WebAppRicohAficio MP C6000admin
WebAppRicohAficio 2022adminpassword
WebAppSamsungCLX-6250adminsec00000
WebAppSamsungSyncThru Webadminadmin
WebAppSharpMXadminadmin
WebAppSharpARadminSharp
WebAppSharpMX-M363Nadministratoradminhttp://www.lesolsoncompany.com/InstantKB20/KnowledgebaseArticle50144.aspx
WebAppSilexSX-500access
WebAppSpeco TechnologiesWeb Clientadmin1111
WebAppSpectraT50sulook for /gf/startpage.htm
WebAppSymantecEndpoint Protection Manageradminadminhttp://www.symantec.com/connect/forums/endpoint-protection-management-console-credentials-lost
WebAppTandbergRDX quikstationAdminAdmin!case sensitive
WebAppTeradiciPCoIP Zero ClientAdministrator
WebAppWebCTRLWebCTRLadminpassword
WebAppWebCTRLWebCTRLanonymous access
WebAppXeroxWorkCentre 7775admin1111
WebAppXioTechEmprise 5000administratoradministrator
WebAppZebraZebraNetadmin1234
WebAppZebraZTC GK420dadmin1234
WebAppEMC2Cloud Tiering Appliancerootrain
WebAppStratusEverrunadminadmin
WebAppIBMTS7700adminadmin
WebAppCrestonAirmediaadminadmin
WebAppQuantumScaler I40adminpassword
InfrastructureWelch-AllynRETevalrootRETeval-DR 2.5.0
WebAppSplunkSplunkadminchangemeport 8000