# πŸ” Password Reuse & Default Passwords ### 🧠 Common Practices & Risks * It's common for **users and administrators** to leave **default credentials** unchanged. * Admins often reuse the **same passwords** across multiple systems for convenience. * In large infrastructures, it’s easy to **overlook one device** (e.g., router, printer, firewall), leaving it with a weak or default password. * Applications often ship with **default credentials**. These are: * Meant to be changed after installation * Often left unchanged due to assumptions about internal-only access > ⚠️ Using weak or reused passwords increases the **risk of compromise**, especially when **Single Sign-On (SSO)** is not configured during initial setup. *** ## πŸ€– Credential Stuffing ### πŸ“„ What Is It? **Credential Stuffing** is an attack method where default or known credentials are used across various services to gain unauthorized access. * Relies on databases of **default or leaked credentials** * Unlike brute-force attacks, it **uses predefined username:password combinations** πŸ”— Helpful Resource: [DefaultCreds-Cheat-Sheet](https://github.com/ihebski/DefaultCreds-cheat-sheet) *** ### πŸ“‹ Example Default Credentials | Product/Vendor | Username | Password | | -------------------- | -------------------------- | -------------------------------- | | Zyxel (ssh) | `zyfwp` | `PrOw!aN_fXp` | | APC UPS (web) | `apc` | `apc` | | Weblogic (web) | `system` | `manager` | | Weblogic (web) | `weblogic` | `weblogic1`, `welcome(1)` | | Kanboard (web) | `admin` | `admin` | | Vectr (web) | `admin` | `11_ThisIsTheFirstPassword_11` | | Caldera (web) | `admin` | `admin` | | Dlink (web) | `admin`, `1234`, `root` | `admin`, `1234`, `12345`, `root` | | JioFiber / GigaFiber | `admin` | `jiocentrum` | | Kali Linux (OS) | `kali` | `kali` | | F5 | `admin`, `root`, `support` | `admin`, `default`, *(blank)* | > ℹ️ These can often be found in the [official documentation](https://docs.oracle.com/middleware/1212/wls/INTRO/overview.htm) or using **OSINT**. *** ### πŸ› οΈ Hydra: Credential Stuffing Syntax Hydra is a powerful tool to automate credential stuffing attacks. ```bash hydra -C :// ``` #### Example (SSH attack): ```bash hydra -C user_pass.list ssh://10.129.42.197 ``` *** ## 🧭 OSINT & Google Dorks Using **Open Source Intelligence (OSINT)** can guide attackers in: * Understanding the **company structure and tools** * Searching for known credentials (e.g., using Google) πŸ” Example Google Dork: ```plaintext default credentials for tomcat manager ``` *** ## 🌐 Router Default Credentials Even though routers are often better protected, internal or test systems may still have **default settings**. #### πŸ“Ά Example Router Defaults | Brand | IP Address | Username | Password | | ------- | --------------------------------------------- | -------- | -------------- | | 3Com | [http://192.168.1.1](http://192.168.1.1/) | `admin` | `Admin` | | Belkin | [http://192.168.2.1](http://192.168.2.1/) | `admin` | `admin` | | BenQ | [http://192.168.1.1](http://192.168.1.1/) | `admin` | `Admin` | | D-Link | [http://192.168.0.1](http://192.168.0.1/) | `admin` | `Admin` | | Digicom | [http://192.168.1.254](http://192.168.1.254/) | `admin` | `Michelangelo` | | Linksys | [http://192.168.1.1](http://192.168.1.1/) | `admin` | `Admin` | | Netgear | [http://192.168.0.1](http://192.168.0.1/) | `admin` | `password` | πŸ“Œ Resource: [Router Passwords Database](https://www.routerpasswords.com/) *** Let me know if you want this turned into a downloadable `.md` file or need more topics converted!