Checklist

Password testing

Service default credentials
Empty password or anonymous user login
Username as password
Service name/Webpage title/Hostname as username or password
- cewl + john fuzzying for custom dictionary
Username/Password spraying
Weak passwords (letmein, admin123, test and similar)
Dictionary attack
Bruteforce from known password structure (inferred by registering a new user)
dumb user/password, try with empty password field too if accepted

Dumb passwords

qwerty
qwerty123
Qwerty123!
admin
admin123
adminadmin
sysadmin
password
root
toor
123456
secret
s3cret
login
letmein
letmeinplease
manager
m4n4n3r
guest
user
superuser
info
test

PreviousBruteforce NextJohn the Ripper

Last updated 2 years ago

Checklist

Password testing

Service default credentials
Empty password or anonymous user login
Username as password
Service name/Webpage title/Hostname as username or password
- cewl + john fuzzying for custom dictionary
Username/Password spraying
Weak passwords (letmein, admin123, test and similar)
Dictionary attack
Bruteforce from known password structure (inferred by registering a new user)
dumb user/password, try with empty password field too if accepted

Dumb passwords

qwerty
qwerty123
Qwerty123!
admin
admin123
adminadmin
sysadmin
password
root
toor
123456
secret
s3cret
login
letmein
letmeinplease
manager
m4n4n3r
guest
user
superuser
info
test

PreviousBruteforce NextJohn the Ripper

Last updated 2 years ago