Password Lists

This is just a simple compiled list of default passwords and locations. These can be used for both password recovery and if a system ever gets reset back to factory defaults and you just can't remember the default password. This list is not intented to be used in any way the aids criminal activities.

ROUTERS
BayStack 350T: Password: NetICs
3com ISDN: Password: 1234

Microsoft SQL
Admin Login: SA
Admin Password: (blank) -or- SA

Oracle 8
If a typical install is used the default password is: oracle

Windows NT/9x Accounts
NT Admin Login: Administrator
NT Passwords: There are no defaults (but blank, user's logins & PASSWORD usually work 60% of the time ;)

Windows 95 has no default use names or passwords. Try hitting ESC or cancel at the login prompt. NOTE: If you want to log in as a certain user, type thier login and press ENTER, when it fails try hitting ESC. You can also try hitting CTRL+ESC. When booting press F8 to get your SAFE MODE menu. Or you can always use your trusty DOS boot disks. BTW: the local cached passwords are kept in the /windows/*.pwl files.

If you want to boot off a disk for NT you will need to use NTFSDOS or a special Linux disk.

PASSWORD STORAGE
NT -> /WINNT/REPAIR/SAM._ (encrypted run SAMDUMP & L0phtCrack)
9x -> /WINDOWS/*.PWL (encrypted run Cain)
WarFtpD v1.70 Beta 1 -> All passwords are clear text
Triactive Remote Manager -> (REGISTRY) HKLM\SOFTWARE\TriActive\Remote Manager\Password (cleartext)
InocuLAN Exchange -> (username/password) exchverify.log (cleartext)
Imail -> HKLM\SOFTWARE\Ipswitch\IMail\Domains\yourdomain\users (encrypted*)
IIS 4.0 metabase -> \WINNT\system32\inetsrv\MetaBase.bin & MetaBase.ini (both, can decpript w/ a WSH script though)
SQL Explorer -> (cleartext) version 6.0 stores in the Softwares registry, 6.5 sotre in HKCU
Oracle 8 on NT Workstation -> \orant\database\spoolmain.log (cleartext, looks like: connect INTERNAL/yourpasswd)
Apache web access -> .htaccess points to password file (encrypted DES, run John the Ripper)

linux -> /etc/passwd (DES encrypted run John the Ripper)
linux Shadow -> /etc/shadow (DES encrypted run John)
OpenBSD -> /etc/master.password (normally BlowFish run John)

* Imail Password decryption algorithm is: Subtract the hex values of the username from the encrypted password and you will get the unencrpyted password... tough huh ;)

Contribute more Passwords!!!
Do you have more default passwords to contribute? Please send them in. This list is just in it's infancy stage so if you install something and it comes with a default password, then send it in. Send all passwords to Macabre.