Skip to main content

Default Passwords

Manufacturers set Default Passwords with products and equipment such as Switches, Firewalls, Routers, etc. There are scenarios where customers don't change the Default Password, which makes the system Vulnerable.

It is a good practice to try out admin:admin - admin:123456, etc. If we know the Target Device, we can look up the Default Passwords and try them out. Down below there are some Website lists that provide Default Passwords for various Products.


Weak Passwords

Professionals collect and generate Weak Password Lists over time and often combine them into one large WordList. Lists are generated based on their experience and what they see in Pentesting Engagements. These lists may also contain Leaked Passwords that have been Published Publicly.


Leaked Passwords

Sensitive data such as Passwords or Hashes may be publicly disclosed or sold as a result of a Breach. These Public or Privately available Leaks are often referred to as Dumps. Depending on the contents of the Dump, an Attacker may need to extract the Passwords out of the Data.

In some cases, the Dump may only contain Hashes of the Passwords and require Cracking in order to gain the Plain-Text Passwords.


WordLists

If we have more than one WordList. Then, we can Combine these WordLists into one Large file.

:: Combining WordLists
cat file_name.txt file_name.md > combined_list.txt

:: Cleaning Duplicated Words
sort combined_list.txt | uniq -u > cleaned_combined_list.txt


We can create Custom Password Lists from the Target Website. Often, a Company's Website contains valuable Information about the Company and its Employees, including E-Mails, Employee Names, etc.

In addition, the Website may contain Keywords specific to what the Company offers, including Product and Service Names, which may be used in an Employee's Password. 

:: Customized WordLists
cewl -w list.txt -d 5 -m 5 https://website.com/

:: [-w] - Write the Contents to a File.
:: [-m] - Gathers Strings that are 5 Characters or More.
:: [-d] - Depth Level of Web Crawling.

Keyspace Technique

In this Technique, we specify a Range of Characters, Numbers, and Symbols in our WordList. Crunch is one of the Best Tools for this Job.

:: Basic Crunch Usage
:: [2 2] - Max - Min Length.
:: [@]   - Lower Case Alpha Characters.
:: [,]   - Upper Case Alpha Characters.
:: [%]   - Numeric Characters.
:: [^]   - Special Characters Including Space.

:: Creates a WordList containing all possible Combinations of [2] Characters, Including [0-4] and [a-d].
crunch 2 2 01234abcd

:: Creates a List with an [8] Character Minimum and Maximum Length containing numbers [0-9], [a-f] Lowercase Letters, and [A-F] Uppercase Letters.
crunch 8 8 0123456789abcdefABCDEF

:: If part of the Password is known to us, and we know it starts with [pass] and follows Two Numbers, we can use the [%] Symbol from above to Match the Numbers.
crunch 6 6 -t pass%%

CUPP - Common User Passwords Profiler

CUPP is an Automatic and Interactive Tool written in Python for creating Custom WordLists. For instance, if you know some details about a specific Target, such as their Birth Date, Pet Name, Company Name, etc. This could be a helpful Tool to Generate Passwords based on this known Information.

:: [-i] - Interactive Questions for User Password Profiling.
:: [-w] - (FILENAME) Use this Option to Improve existing Dictionary.
:: [-l] - Download huge WordLists from Repository.
:: [-a] - Parse Default Usernames and Passwords Directly from Alecto DB. Project Alecto uses Purified.
cupp3 --help