ihebski / defaultcreds-cheat-sheet Goto Github PK

Plz add file default-username.txt and default-password.txt for bruteforce

Potential other sources of default credentials:

• https://github.com/arnaudsoullie/ics-default-passwords
• https://github.com/netbiosX/Default-Credentials

Hi,

You project is awesome.
Here are two other (a bit outdated) default password sources I use:

https://open-sez.me
https://cirt.net/passwords

Haven't checked if your collection covers them too. Sorry if so.

Cheers!

Hello,
I had installed DefaultCreds. But when I'm trying to update the database, I've got an error message about the temporary folder.
Here is the error:

PS C:\> creds update
Traceback (most recent call last):
  File "<frozen runpy>", line 198, in _run_module_as_main
  File "<frozen runpy>", line 88, in _run_code
  File "C:\Python312\Scripts\creds.exe\__main__.py", line 7, in <module>
  File "C:\Python312\Lib\site-packages\DefaultCreds\creds.py", line 127, in run
    fire.Fire()
  File "C:\Python312\Lib\site-packages\fire\core.py", line 141, in Fire
    component_trace = _Fire(component, args, parsed_flag_args, context, name)
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Python312\Lib\site-packages\fire\core.py", line 475, in _Fire
    component, remaining_args = _CallAndUpdateTrace(
                                ^^^^^^^^^^^^^^^^^^^^
  File "C:\Python312\Lib\site-packages\fire\core.py", line 691, in _CallAndUpdateTrace
    component = fn(*varargs, **kwargs)
                ^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Python312\Lib\site-packages\DefaultCreds\creds.py", line 122, in update
    get_db('/tmp',"Check for new updates...🔍")
  File "C:\Python312\Lib\site-packages\DefaultCreds\creds.py", line 35, in get_db
    db = TinyDB(f"{path}/DefaultCreds_db.json",storage=CachingMiddleware(JSONStorage))
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Python312\Lib\site-packages\tinydb\database.py", line 94, in __init__
    self._storage: Storage = storage(*args, **kwargs)
                             ^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Python312\Lib\site-packages\tinydb\middlewares.py", line 63, in __call__
    self.storage = self._storage_cls(*args, **kwargs)
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Python312\Lib\site-packages\tinydb\storages.py", line 113, in __init__
    touch(path, create_dirs=create_dirs)
  File "C:\Python312\Lib\site-packages\tinydb\storages.py", line 32, in touch
    with open(path, 'a'):
         ^^^^^^^^^^^^^^^
FileNotFoundError: [Errno 2] No such file or directory: '/tmp/DefaultCreds_db.json'

Is there a way to fix that?

Greetings,

First of all, thank you for this tool.

Do you think it would be possible to modify the creds database file location ? The current location is the main script location and it doesn't pair good with system such as NixOS where this location is marked as read only, wouldn't the home directory a better place maybe ?.

Regards.

username : admin
password : jiocentrum
IP : 192.168.29.1
Company : Jio

Hi, I'm unable to install requirements.txt.

It's showing some error

× python setup.py egg_info did not run successfully.
│ exit code: 1
╰─> [30 lines of output]
Traceback (most recent call last):
File "", line 2, in
File "", line 34, in
File "/tmp/pip-install-vn9do36r/hashlib_613de39c63484668ad3e7e574a224a1a/setup.py", line 68
print "unknown OS, please update setup.py"
^
SyntaxError: Missing parentheses in call to 'print'. Did you mean print("unknown OS, please update setup.py")?
Error in sys.excepthook:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/apport_python_hook.py", line 72, in apport_excepthook
from apport.fileutils import likely_packaged, get_recent_crashes
File "/usr/lib/python3/dist-packages/apport/init.py", line 5, in
from apport.report import Report
File "/usr/lib/python3/dist-packages/apport/report.py", line 21, in
from urllib.request import urlopen
File "/usr/lib/python3.8/urllib/request.py", line 87, in
import hashlib
File "/tmp/pip-install-vn9do36r/hashlib_613de39c63484668ad3e7e574a224a1a/hashlib.py", line 80
raise ValueError, "unsupported hash type"
^
SyntaxError: invalid syntax

  Original exception was:
  Traceback (most recent call last):
    File "<string>", line 2, in <module>
    File "<pip-setuptools-caller>", line 34, in <module>
    File "/tmp/pip-install-vn9do36r/hashlib_613de39c63484668ad3e7e574a224a1a/setup.py", line 68
      print "unknown OS, please update setup.py"
            ^
  SyntaxError: Missing parentheses in call to 'print'. Did you mean print("unknown OS, please update setup.py")?
  [end of output]

note: This error originates from a subprocess, and is likely not a problem with pip.
error: metadata-generation-failed

× Encountered error while generating package metadata.
╰─> See above for output.

note: This is an issue with the package mentioned above, not pip.
hint: See above for details.

Hi ! :)

GLPI is a quite frequent web service, especially within French companies. It's an IT Asset Management software with frequent vulnerabilities, either pre-auth or post-auth.

It can be common to find default credentials from the GLPI internal database on dev/prod instances on an internal network :

Default login/passwords are:

• glpi / glpi
• tech tech
• normal / normal
• post-only postonly

Source :

• https://glpi-install.readthedocs.io/en/latest/install/wizard.html

I don't know how much this can be feasible, but since we can get maker, and maybe device model using a MAC address, i wonder if it was possible to somehow link MAC address to default credentials...

Unfortunately, I cannot push any changes since i'm not much familiar with python, but i can at least give a MAC address database: https://maclookup.app/downloads/csv-database