Hopefully the links
provided by this site to
default vendor passwords lists will be a good starting point for your
vulnerability assessment/penetration test.
passwords are most often overlooked by busy system administration staffs, who
can be under pressure to get applications/ hardware upgrades on line as quick as possible.
also find a list of 600+ default Oracle passwords on the
Oracle page that may also help you in your assessment.
I am sure there are a large
number of other default passwords around, if they are not listed here, my advice
though is turn to
Google in the first
Of course if you cannot use any
of the default passwords supplied by can get hold of the sam
files you may want to think about brute force password cracking.
There are a number of excellent tools on the market a few (but not all) are listed here:
John The Ripper