Main Topics

This discussion is a discussion that is not to technical and requires direct practice, but this discussion includes additional knowledge to become a penetration testing. I will provide several lists of users and passwords that can be used to bypass when we have successfully found the user and password form of the system that we have found login access.

How to use?

At this stage what we need to do is find the target website that we will test

==> determine the target website

==> make sure we will try to find login access to the administrator page first

==> we can use the dirsearch hacking tool

==> read carefully the scan results performed by the dirsearch tool

*clue I often find access information to an administrator page only using dirsearch tools *

Error Location

The biggest mistake that is often made by someone who manages a website or application and other digital infrastructure is that they never change the default password, or worse, they use a password that is easy to guess with a combination that is not too complicated / commonly used by most people.

List default Username and Password

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20

admin:pass
admin:password
adninistrator:password
admin:default
user:user
user:pass
user:default
username:password
root:pass
root:password
root:root
root:default
default:default
root
toor
P@ssw0rd
p@ssw0rd123
password
password123
admin:admin

Resource Password

These are some types of users and passwords that I usually use, to be able to know more types of users and default passwords we can search in many sources on the internet. This is one of the ways that I use to add a lot of knowledge.

Thank you, see you in the next article.