Network Services

FTP

ftp anonymous@<target_ip>  # No password needed

sshpass -p <password> ftp <user>@<target_ip>

Browser URL

ftp://<user>:<password>@<target_ip>

SSL

lftp <user>@<target_ip> -e "set ssl:verify-certificate no; set ftp:ssl-force true"

Download all files

wget -r --user=<user> --password=<password> ftp://<target_ip>

SSH

Default credentials

Check for default credentials depending on the vendor:

Vendor

Usernames

Passwords

APC

apc, device

apc

Brocade

admin

admin123, password, brocade, fibranne

Cisco

admin, cisco, enable, hsa, pix, pnadmin, ripeop, root, shelladmin

admin, Admin123, default, password, secur4u, cisco, Cisco, _Cisco, cisco123, C1sco!23, Cisco123, Cisco1234, TANDBERG, change_it, 12345, ipics, pnadmin, diamond, hsadb, c, cc, attack, blender, changeme

Citrix

root, nsroot, nsmaint, vdiadmin, kvm, cli, admin

C1trix321, nsroot, nsmaint, kaviza, kaviza123, freebsd, public, rootadmin, wanscaler

D-Link

admin, user

private, admin, user

Dell

root, user1, admin, vkernel, cli

calvin, 123456, password, vkernel, Stor@ge!, admin

EMC

admin, root, sysadmin

EMCPMAdm7n, Password#1, Password123#, sysadmin, changeme, emc

HP/3Com

admin, root, vcx, app, spvar, manage, hpsupport, opc_op

admin, password, hpinvent, iMC123, pvadmin, passw0rd, besgroup, vcx, nice, access, config, 3V@rpar, 3V#rpar, procurve, badg3r5, OpC_op, !manage, !admin

Huawei

admin, root

123456, admin, root, Admin123, Admin@storage, Huawei12#$, HwDec@01, hwosta2.0, HuaWei123, fsp200@HW, huawei123

IBM

USERID, admin, manager, mqm, db2inst1, db2fenc1, dausr1, db2admin, iadmin, system, device, ufmcli, customer

PASSW0RD, passw0rd, admin, password, Passw8rd, iadmin, apc, 123456, cust0mer

Juniper

netscreen

NetApp

admin

netapp123

Oracle

root, oracle, oravis, applvis, ilom-admin, ilom-operator, nm2user

changeme, ilom-admin, ilom-operator, welcome1, oracle

VMware

vi-admin, root, hqadmin, vmware, admin

vmware, vmw@re, hqadmin, default

sshpass -p <password> ssh <user>@<target_ip>

ssh -i id_rsa <user>@<target_ip>

Generate RSA keys

ssh-keygen -t rsa -f id_rsa

SMB

System enumeration with enum4linux

enum4linux -a [-u <user> -p <password>] <target_ip>

Shares Enumeration

# null session
smbclient -N -L //<target_ip>
# authenticated
smbclient -U <user>[%<password>] -L //<target_ip>
# conect to a share
smbclient [-U <user>[%<password>]] //<target_ip>/<share>

# null session
nxc smb <target_ip>-u '' -p '' --shares
# authenticated
nxc smb <target_ip> -u <user> -p <password> --shares
# List share
nxc smb <target_ip> [-u <user> -p <password>] --share <share>

RPC

Automated Enumeration

rpcdump.py <target_ip>

Manual Enumeration

# null session
rpcclient -U "" -N <target_ip>
# authenticated
rpcclient -U <user>%<password> -N <target_ip>
# commands
rpcclient -U "[<user>%<password>]" -N <target_ip> -c 'command'

hashtagFTP

hashtagAnonymous login

hashtagAuto login

hashtagBrowser URL

hashtagSSL

hashtagDownload all files

hashtagSSH

hashtagDefault credentials

hashtagAuto login

hashtagPrivate key login

hashtagGenerate RSA keys

hashtagSMB

hashtagShares Enumeration

hashtagRPC

hashtagAutomated Enumeration

hashtagManual Enumeration

FTP

Anonymous login

Auto login