forked from govolution/betterdefaultpasslist
-
Notifications
You must be signed in to change notification settings - Fork 0
/
README
executable file
·30 lines (27 loc) · 1.74 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
What:
- list includes default credentials from various manufacturers for their products like NAS, ERP, ICS etc., that are used for standard products like mssql, vnc, oracle and so on
- also examples for passwords, in practice those are also being used
- the sources are installation guides and other
- useful for network bruteforcing
- not meant as a complete bruteforcing list, hopefully it is a useful supplement
Why:
- some manufactures use default credentials for their products
- that might be poorly handled by the users
- setting networks at risk
What to do:
- manufacturers: do not use default passwords, instead force users to use strong credentials and document them
- users: check if it is possible to change the credentials, otherwise mitigate the risk, for example by network separation or by using proper firewall rules - yes, you can actually use local firewalls too
Changelog:
- 24.03.2018 added some creds, for VMs that are offered to download (SANS, osboxes.org and more)
- 27.09.2017 added about 10 creds
- 20.05.2017 added lots of passwords from http://www.petefinnigan.com/default/oracle_default_passwords.htm, msf wordlists and other sources, more than 600 new credentials (most oracle), added db2 and postgres.
Thanks to Pete Finnigan for creating the huge oracle default credentials list!
- 27.12.2016 addded 3 creds
- 08.11.2016 added cirros default credentials
- 01.11.2016 added a few credentials for telnet and ftp
- 29.10.2016 added sources.txt for the sources (more or less complete)
- 28.10.2016 added more credentials the last weeks
- 03.10.2016 added some default passwords from mirai bot
- 01.10.2016 now 305 default credentials
- 25.09.2016 added some credentials
- 24.09.2016 added README, 270 credentials