In the course of all the penetration tests we have tracked down lots of default passwords. Default passwords are a quick win on most penetration tests but usually don’t get the respect of a good remote code execution. Just because it isn’t sexy doesn’t mean you don’t get access.
This isn’t by any means a complete list but we hope it helps. The table is fairly large so feel free to filter and search. There is a notes field hidden to the right that has some helpful stuff in it but unfortunately it doesn’t fit well.
Default Password List
List of Default Passwords for Penetration Tests.Device Type | Manufacturer | Model | Username | Password | Notes |
---|---|---|---|---|---|
Application | Brocade | Switch Explorer | root | firbranne | http://community.brocade.com/docs/DOC-1651 |
Application | Brocade | Switch Explorer | admin | password | |
Application | Firebird | RDBMS | SYSDBA | masterkey | |
Application | HP | WebJet Admin | admin | admin | |
Application | Lantronix | UDS1100 | Telnet | ||
Application | Sybase | SQLAnywhere | sa | ||
Application | Symantec | VP | symantec | Hash - VPUninstallPassword=S1084A085DC6BD2D755D4D6A7726 | |
Application | Wyse | SQL Admin | Rapport | ThinMgmt | |
Application | Wyse | SQL Admin | Rapport | ThinMgmt451 | |
Application | Wyse | FTP | rapport | r@p8p0r+ | |
Application | Wyse | Console | root | wyse | |
Application | Wyse | Console | root | ||
Application | Wyse | VNC | VNC | winterm | |
Application | Wyse | VNC | password | ||
BIOS | Wyse | BIOS | Fireport | ||
Infrastructure | Alcatel-Lucent | WebView | admin | switch | |
Infrastructure | APC | AP9340 | apc | apc | admin access |
Infrastructure | APC | AP9340 | device | apc | device only access |
Infrastructure | BlueSocket | Wireless LAN controller | admin | blue | |
Infrastructure | Cisco | Wireless LAN controller | admin | admin | |
Infrastructure | Daktronics | GalaxyPro | Dak | pwd | application password for FTP over non-standard port. Download software from Daktronics.com |
Infrastructure | Dell | PowerVault TL4000 | admin | secure | |
Infrastructure | Mitel | 3300 ICP | system | password | |
Infrastructure | Mitel | 3300 | installer | 2000 | Telnet banner is SX-2000, only works for telnet access not web |
Infrastructure | Nortel | Business Secure Router | nnadmin | PlsChgMe! | |
Infrastructure | Polycom | VBP 5300LF2 | root | @#$%^&*! | SSH - The password from support is @#$%^&*!() but DES ignores () |
MSSQL | Trackit Database | Instance: TRACKIT | sa | TI_DB_P@ssw0rd | Port 64004 |
RemoteManagement | Dell | DRAC | root | calvin | |
RemoteManagement | Dell | DRAC | user1 | user1234 | user1:$1$nVOr80rB$HDAd6FRIG24k/WN4ZuYPC0:0:99999:7::: (not verified) |
RemoteManagement | HP | iLO2 | admin | admin | |
WebApp | 3Com | Super Stack | manager | manager | CIH 4400 44.70 |
WebApp | 3Com | IntelliJack Switch NJ2000 | password | ||
WebApp | Adaptec | Storage Manager | raid | raid | |
WebApp | Alliance Storage Technologies | UDO Archive Aplliance | admin | admin | http://www.plasmontech.com/downloads2/pdf/aaequickstartguide_4_8xx.pdf |
WebApp | Axis | 540+/542+ | |||
WebApp | Bay Networks | BayStack 303/304 | manager | ||
WebApp | Bosch | DiBos | Administrator | case sensitive | |
WebApp | Canon | MF8050 | |||
WebApp | Canon | iR-ADV 4035 | 7654321 | 7654321 | |
WebApp | Carrier | CNNWeb | sa | carrier | |
WebApp | Check In Systems | Check In Systems | mciadmin | http://www.medicalcheckin.com/Technical_Document_for_IT_Departments.pdf | |
WebApp | Cimetric | BACnet | admin | admin | |
WebApp | Cisco | 7936 Cisco IP Conference Station | administrator | **# | |
WebApp | Dell | PowerVault 124T | admin | password | |
WebApp | Dell | 2162DS | Admin | ||
WebApp | Dell | Equallogic PS | grpadmin | grpadmin | |
WebApp | DigiOne | RealPort | root | dbps | |
WebApp | Eaton | Powerware | admin | admin | |
WebApp | EMC | Navisphere | nasadmin | password | |
WebApp | Honeywell | NetAXS | admin | admin | |
WebApp | HP | System Management Homepage | Administator | Administator | |
WebApp | HP | HPNAS | administrator | hpinvent | |
WebApp | HP | Procurve | procurve | model 2501g | |
WebApp | IBM | Advanced System Management | admin | admin | |
WebApp | IBM | Advanced System Management | general | general | |
WebApp | IBM | Baseboard Management controller | USERID | PASSW0RD | Look for BMC Login. Case sensitive and zero in password not 'oh' |
WebApp | InFocus | LiteShow 3 | Admin User | admin | |
WebApp | InFocus | LiteShow 3 | Basic User | basic | |
WebApp | Intel | Remote Management Module 2 | admin | password | |
WebApp | Intel | NetPort Express | root | works on telnet or web | |
WebApp | Intermec | easyLAN 100e | Intermec | ||
WebApp | Intermec | easyLAN 10i2 | Intermec | ||
WebApp | Java | Glassfish | admin | adminadmin | |
WebApp | KIP | PrintNET | kip | kip | tcpwrapped on port 80 |
WebApp | Konica Minolta | PageScope | Administator | 12345678 | bizhub C652 |
WebApp | Kyocera | Command Center RX | Admin | Admin | |
WebApp | Kyocera | Command Center | admin00 | ||
WebApp | Kyocera | HyPAS | Admin | Admin | |
WebApp | Lantronix | UDS1100 | |||
WebApp | Lantronix | Xport | admin | PASS | |
WebApp | Lantronix | XPORT | look for ltx_conf.htm | ||
WebApp | NEC (Digitcom) | Univerge SV8100 | ADMIN1 | 0 | |
WebApp | NEC (Digitcom) | Univerge SV8100 | necii | 47544 | |
WebApp | NEC (Digitcom) | Univerge SV8100 | tech | 12345678 | |
WebApp | NEC (Digitcom) | Univerge SV8100 | ADMIN2 | 9999 | |
WebApp | NEC (Digitcom) | Univerge SV8100 | USER1 | 1111 | |
WebApp | Netgear | GS108T | password | ||
WebApp | Netgear | GS724tp | password | ||
WebApp | Netgear | ProSafe | netgear | netgear | runs on port 8080 |
WebApp | Netgear | GSM7328FS | admin | ||
WebApp | Nortel | BCM | nnadmin | PlsChgMe! | Look for BCM login as the prompt |
WebApp | OKI | ML590 | admin | OkiLAN | case sensitive |
WebApp | OKI | C5200n | root | Last 6 of MAC | *Capitalize any letters |
WebApp | OTRS | OTRS | root@localhost | root | doc.otrs.org/3.1/en/html/ - look for 'First Login' |
WebApp | Perle | IOLAN | admin | superuser | |
WebApp | Polycom | VBP 5300LF2 | rouser | default | |
WebApp | Printek | Print Server | access | ||
WebApp | PrintSir | WEBPORT 1.1 | admin | ||
WebApp | PrintSir | WEBPORT 1.1 | admin | su@psir | |
WebApp | PrintSir | WEBPORT 1.1 | admin | 1234 | |
WebApp | Ricoh | Aficio SP C811DN | admin | ||
WebApp | Ricoh | Aficio MP C6000 | admin | ||
WebApp | Ricoh | Aficio 2022 | admin | password | |
WebApp | Samsung | CLX-6250 | admin | sec00000 | |
WebApp | Samsung | SyncThru Web | admin | admin | |
WebApp | Sharp | MX | admin | admin | |
WebApp | Sharp | AR | admin | Sharp | |
WebApp | Sharp | MX-M363N | administrator | admin | http://www.lesolsoncompany.com/InstantKB20/KnowledgebaseArticle50144.aspx |
WebApp | Silex | SX-500 | access | ||
WebApp | Speco Technologies | Web Client | admin | 1111 | |
WebApp | Spectra | T50 | su | look for /gf/startpage.htm | |
WebApp | Symantec | Endpoint Protection Manager | admin | admin | http://www.symantec.com/connect/forums/endpoint-protection-management-console-credentials-lost |
WebApp | Tandberg | RDX quikstation | Admin | Admin! | case sensitive |
WebApp | Teradici | PCoIP Zero Client | Administrator | ||
WebApp | WebCTRL | WebCTRL | admin | password | |
WebApp | WebCTRL | WebCTRL | anonymous access | ||
WebApp | Xerox | WorkCentre 7775 | admin | 1111 | |
WebApp | XioTech | Emprise 5000 | administrator | administrator | |
WebApp | Zebra | ZebraNet | admin | 1234 | |
WebApp | Zebra | ZTC GK420d | admin | 1234 | |
WebApp | EMC2 | Cloud Tiering Appliance | root | rain | |
WebApp | Stratus | Everrun | admin | admin | |
WebApp | IBM | TS7700 | admin | admin | |
WebApp | Creston | Airmedia | admin | admin | |
WebApp | Quantum | Scaler I40 | admin | password | |
Infrastructure | Welch-Allyn | RETeval | root | RETeval-DR 2.5.0 | |
Infrastructure | NetApp | ONTAP | admin | netapp!123 | |
WebApp | Splunk | Splunk | admin | changeme | port 8000 |