Default Passwords

Hopefully the links provided by this site to default vendor passwords lists will be a good starting point for your vulnerability assessment/penetration test.

Default passwords are most often overlooked by busy system administration staffs, who can be under pressure to get applications/ hardware upgrades on line as quick as possible. 

You will also find a list of 600+ default Oracle passwords on the Oracle page that may also help you in your assessment.

I am sure there are a large number of other default passwords around, if they are not listed here, my advice though is turn to Google in the first instance.

Of course if you cannot use any of the default passwords supplied by can get hold of the sam file or /etc/passwd or /etc/shadow files you may want to think about brute force password cracking. 

There are a number of excellent tools on the market a few (but not all) are listed here:

• Cain

• Creddump

• Fgdump

• Hydra

• John The Ripper

• LCP

• L0phtcrack

• Medusa

• Ophcrack

• Pwdump .......