	Sign In Sign-Up

This tutorial will explain to you how to hack someone's internet account thru his router. This hack is based on a secuirty exploit of the router's default password and the stupidity of the user. Explanation: when somebody buy's a xDSL/Cabel router, the router is set to manufactory defaults like IP range, user accounts, router table, and most important the security level. The last one we will exploit. Most routers will have a user friendly setup menu running on port 23 (telnet) and sometimes port 80 (http) or both. This is what we are looking for.
Step 1.
Get a multie IP range scanner like superscanner (superscanner is fast and easy to use, get it here). Get a xDSL/Cabel user IP range. This is a single user IP 212.129.169.196 so the ip range of this Internet provider is 212.129.xxx.xxx most likely it will be from 212.129.1.1 to 212.129.255.255 . To keep your scanning range not to big it's smart to scan from 212.129.1.1 to 212.129.1.255 it also depends of your bandwidth how fast the scan will be finished. The IP adres above is just a example any IP range from a xDSL/Cabel provider can be used for this hack. before you start scanning specify the TCP/IP ports. You know that we are looking for TCP port 23 (telnet) and TCP port 80 (http) so edit the list and select only port 23 and port 80. Now start scanning and wait for the results. When finished scanning look for a IP that has a open port 23 and 80. Write them down or remember them.
Step 2. Way 1
This is important: Most routers have connection log capability so the last thing you want to do is making a connection with your own broadband connection so use a anonymouse proxy server or dailup connection with a fake name and address (56.9 modem for example) when connection to the victim's router. Now get a telnet program. Windows has a standard telnet program just go to start, select run and type down "telnet" without the ", click or enter OK. Select "connect" than "Remote system" enter IP adres of the victim in the "host name" field press OK. wait for your computer to make a connection. This way only works when the router has a open telnet port service running
Way 2
This is important: Most routers have connection log capability so the last thing you want to do is making a connection with your own broadband connection so use a anonymouse proxy server or dailup connection with a fake name and adres (56.9 modem for example) when connection to the victim's router. Open a Internet explorer windows enter the IP address of the victim after the http:// in the address bar. This way only works when the router has a open hyper text transfer protocol (http) service running.
Step 3
Entering the userfriendly setup menu. 9 out of 10 times the menu is protected by a loginname and password. When the user doesn't change any security value's the default password stay's usable. So the only thing you have to do is find out what type of router the victim uses. I use this tool: GFILanguard Network Security Scanner. (get it here) is good. When you find out the type of router that's been used get the wright loginname and password from this list (get it here. not every router is on the list)
Default router password list
Step 4

When you have a connection in telnet or internet expolorer you need to look for user accounts. PPP, PPtP, PPeP, PPoP, or such connection protocol. If this is not correct look for anything that maybe contains any info about the ISP account of the user. go to this option and open it. Most likely you will see a overview of user setup options. Now look for the username and password. In most case the username will be freely displayed so just write it down or what ever.... The password is a different story. Allmost always the password is protected by ********* (stars) in the telnet way there is noway around it (goto another victim) but when you have a port 80 connection (http). Internet connection way open click right mouse key and select "View source" now look for the field where the star are at. most likely you can read it because in the source code the star are converted to normal ASCII text. If not get a "******** to text" convertor like snadboy's revelation V.2 (get it here) move the cursor over the ****** and.... It's a miracle you can read the password. Now you have the username and password. There a million fun thing to do with that but more about that next time. check the tutorial page freqently.

Tips.
Beware on most routers only one person can be loget on simultaneous in the router setupmenu. Don't change anything in the router if you don't know what you are doing.

Preface
Before you begin reading this paper, understand that this paper was written for the novice to the concept of NetBIOS, but - it also contains information the veteran might find educational. I am prefacing this so that I do not get e-mail like "Why did you start your paper off so basic?" - Simple, its written for people that may be coming from an enviroment that does not use NetBIOS, so they would need me to start with basics.
Whats is NetBIOS?
NetBIOS (Network Basic Input/Output System) was originally developed by IBM and Sytek as an Application Programming Interface (API) for client software to access LAN resources. Since its creation, NetBIOS has become the basis for many other networking applications. In its strictest sense, NetBIOS is an interface specification for acessing networking services.
NetBIOS, a layer of software developed to link a network operating system with specific hardware, was originally designed as THE network controller for IBM's Network LAN. NetBIOS has now been extended to allow programs written using the NetBIOS interface to operate on the IBM token ring architecture. NetBIOS has since been adopted as an industry standard and now, it is common to refer to NetBIOS-compatible LANs.
It offers network applications a set of "hooks" to carry out inter-application communication and data transfer. In a basic sense, NetBIOS allows applications to talk to the network. Its intention is to isolate application programs from any type of hardware dependancies. It also spares software developers the task of developing network error recovery and low level message addressing or routing. The use of the NetBIOS interface does alot of this work for them.
NetBIOS standardizes the interface between applications and a LANs operating capabilities. With this, it can be specified to which levels of the OSI model the application can write to, making the application transportable to other networks. In a NetBIOS LAN enviroment, computers are known on the system by a name. Each computer on the network has a permanent name that is programmed in various different ways. These names will be discussed in more detail below.
PC's on a NetBIOS LAN communicate either by establishing a session or by using NetBIOS datagram or broadcast methods. Sessions allow for a larger message to be sent and handle error detection and correction. The communication is on a one-to-one basis. Datagram and broadcast methods allow one computer to communicate with several other computers at the same time, but are limited in message size. There is no error detection or correction using these datagram or broadcast methods. However, datagram communication allows for communication without having to establish a session.
All communication in these enviroments are presented to NetBIOS in a format called Network Control Blocks (NCB). The allocation of these blocks in memory is dependant on the user program. These NCB's are divided into fields, these are reserved for input and output respectively.
NetBIOS is a very common protocol used in todays enviroments. NetBIOS is supported on Ethernet, TokenRing, and IBM PC Networks. In its original induction, it was defined as only an interface between the application and the network adapter. Since then, transport like functions have been added to NetBIOS, making it more functional over time.
In NetBIOS, connection (TCP) oriented and connectionless (UDP) communication are both supported. It supports both broadcasts and multicasting and supports three distinct services: Naming, Session, and Datagram.
NetBIOS Names
NetBIOS names are used to identify resources on a network. Applications use these names to start and end sessions. You can configure a single machine with multiple applications, each of which has a unique NetBIOS name. Each PC that supports an application also has a NetBIOS station name that is user defined or that NetBIOS derives by internal means.
NetBIOS can consist of up to 16 aplhanumeric characters. The combination of characters must be unique within the entire source routing network. Before a PC that uses NetBIOS can fully function on a network, that PC must register their NetBIOS name.
When a client becomes active, the client advertises their name. A client is considered to be registered when it can successfully advertise itself without any other client claiming it has the same name. The steps of the registration process is as follows:
1. Uppon boot up, the client broadcasts itself and its NetBIOS information anywhere from 6 to 10 to ensure every other client on the network receives the information.
2. If another client on the network already has the name, that NetBIOS client issues its own broadcast to indicate that the name is in use. The client who is trying to register the already in use name, stop all attempts to register that name.
3. If no other client on the network objects to the name registration, the client will finish the registration process.
There are two types of names in a NetBIOS enviroment: Unique and Group. A unique name must be unique across the network. A group name does not have to be unique and all processes that have a given group name belong to the group. Each NetBIOS node maintains a table of all names currently owned by that node.
The NetBIOS naming convention allows for 16 characters in a NetBIOS name. Microsoft, however, limits these names to 15 characters and uses the 16th character as a NetBIOS suffix. A NetBIOS suffix is used by Microsoft Networking software to indentify the functionality installed or the registered device or service.
[QuickNote: SMB and NBT (NetBIOS over TCP/IP work very closely together and both use ports 137, 138, 139. Port 137 is NetBIOS name UDP. Port 138 is NetBIOS datagram UDP. Port 139 is NetBIOS session TCP.
The following is a table of NetBIOS suffixes currently used by Microsoft WindowsNT. These suffixes are displayed in hexadecimal format. Name Number Type Usage
00 U Workstation Service
01 U Messenger Service
<\\_MSBROWSE_> 01 G Master Browser
03 U Messenger Service
06 U RAS Server Service
1F U NetDDE Service
20 U File Server Service
21 U RAS Client Service
22 U Exchange Interchange
23 U Exchange Store
24 U Exchange Directory
30 U Modem Sharing Server Service
31 U Modem Sharing Client Service r> 43 U SMS Client Remote Control
44 U SMS Admin Remote Control Tool
45 U SMS Client Remote Chat
46 U SMS Client Remote Transfer
4C U DEC Pathworks TCPIP Service
52 U DEC Pathworks TCPIP Service
87 U Exchange MTA
6A U Exchange IMC
BE U Network Monitor Agent
BF U Network Monitor Apps

03 U Messenger Service
00 G Domain Name
1B U Domain Master Browser
1C G Domain Controllers
1D U Master Browser
1E G Browser Service Elections
1C G Internet Information Server
00 U Internet Information Server
[2B] U Lotus Notes Server
IRISMULTICAST [2F] G Lotus Notes
IRISNAMESERVER [33] G Lotus Notes
Forte_$ND800ZA [20] U DCA Irmalan Gateway Service
Unique (U): The name may have only one IP address assigned to it. On a network device, multiple occurences of a single name may appear to be registered, but the suffix will be unique, making the entire name unique.
Group (G): A normal group; the single name may exist with many IP addresses.
Multihomed (M): The name is unique, but due to multiple network interfaces on the same computer, this configuration is necessary to permit the registration. Maximum number of addresses is 25.
Internet Group (I): This is a special configuration of the group name used to manage WinNT domain names.
Domain Name (D): New in NT 4.0
For a quick and dirty look at a servers registered NetBIOS names and services, issue the following NBTSTAT command:
nbtstat -A [ipaddress]
NetBIOS Sessions
The NetBIOS session service provides a connection-oriented, reliable, full-duplex message service to a user process. NetBIOS requires one process to be the client and the other to be the server. NetBIOS session establishment requires a preordained cooperation between the two stations. One application must have issued a Listen command when another application issues a Call command. The Listen command references a name in its NetBIOS name table (or WINS server), and also the remote name an application must use to qualify as a session partner. If the receiver (listener) is not already listening, the Call will be unsuccessful. If the call is successful, each application receives notification of session establishment with the session-id. The Send and Receive commands the transfer data. At the end of a session, either application can issue a Hang-Up command. There is no real flow control for the session service because it is assumed a LAN is fast enough to carry the required traffic.
NetBIOS Datagrams
Datagrams can be sent to a specific name, sent to all members of a group, or broadcast to the entire LAN. As with other datagram services, the NetBIOS datagrams are connectionless and unreliable. The Send_Datagram command requires the caller to specify the name of the destination. If the destination is a group name, then every member of the group receives the datagram. The caller of the Receive_Datagram command must specify the local name for which it wants to receive datagrams. The Receive_Datagram command also returns the name of the sender, in addition to the actual datagram data. If NetBIOS receives a datagram, but there are no Receive_Datagram commands pending, then the datagram is discarded.
The Send_Broadcast_Datagram command sends the message to every NetBIOS system on the local network. When a broadcast datagram is received by a NetBIOS node, every process that has issued a Receive_Broadcast_Datagram command receives the datagram. If none of these commands are outstanding when the broadcast datagram is received, the datagram is discarded.
NetBIOS enables an application to establish a session with another device and lets the network redirector and transaction protocols pass a request to and from another machine. NetBIOS does not actually manipulate the data. The NetBIOS specification defines an interface to the network protocol used to reach those services, not the protocol itself. Historically, has been paired with a network protocol called NetBEUI (network extended user interface). The association of the interface and the protocol has sometimes caused confusion, but the two are different.
Network protocols always provide at least one method for locating and connecting to a particular service on a network. This is usually accomplished by converting a node or service name to a network address (name resolution). NetBIOS service names must be resolved to an IP address before connections can be established with TCP/IP. Most NetBIOS implementations for TCP/IP accomplish name address resolution by using either broadcast or LMHOSTS files. In a Microsoft enviroment, you would probably also use a NetBIOS Namer Server known as WINS.
NetBEUI Explained
NetBEUI is an enhanced version of the NetBIOS protocol used by network operating systems. It formalizes the transport frame that was never standardized in NetBIOS and adds additional functions. The transport layer driver frequently used by Microsofts LAN Manager. NetBEUI implements the OSI LLC2 protocol. NetBEUI is the original PC networking protocol and interface designed by IBM for the LanManger Server. This protocol was later adopted by Microsoft for their networking products. It specifies the way that higher level software sends and receives messages over the NetBIOS frame protocol. This protocol runs over the standard 802.2 data-link protocol layer.
NetBIOS Scopes
A NetBIOS Scope ID provides an extended naming service for the NetBIOS over TCP/IP (Known as NBT) module. The primary purpose of a NetBIOS scope ID is to isolate NetBIOS traffic on a single network to only those nodes with the same NetBIOS scope ID. The NetBIOS scope ID is a character string that is appended to the NetBIOS name. The NetBIOS scope ID on two hosts must match, or the two hosts will not be able to communicate. The NetBIOS Scope ID also allows computers to use the same computer namee as they have different scope IDs. The Scope ID becomes a part of the NetBIOS name, making the name unique.

Manufacturers default Passwords NOTE: This listing is only provided as a resource to network administrators and security professionals. It is also meant to remind people that a serious problem exists when people configure a network or a computer system and do not change these passwords. The manufacturers of the listed devices, software or systems are not to blame for this problem, and we are not trying to discredit them or their products. A default login is a means for an end user of a product to complete the initial setup of the device or system. Most manufacturers strongly recommend their end users change these logins and passwords for security reasons. Manufacturer Model OS Version Login Password 3Com - 1.25 root letmein 3Com Super Stack 2 Switch Any manager manager 3Com AccessBuilder� 7000 BRI Any - - 3Com CoreBuilder 2500 - - - 3Com Switch 3000/3300 - manager manager 3Com Switch 3000/3300 - admin admin 3Com Switch 3000/3300 - security security 3com Cable Managment System SQL Database (DOSCIC DHCP) Win2000 & MS DOCSIS_APP 3com 3Com NAC (Network Access Card) - adm none 3Com HiPer ARC Card v4.1.x of HA adm none 3Com CoreBuilder 6000 - debug tech 3Com CoreBuilder 7000 - tech tech 3Com SuperStack II Switch 2200 - debug synnet 3Com SuperStack II Switch 2700 - tech tech 3Com SuperStack / CoreBuilder - admin - 3Com SuperStack / CoreBuilder - read - 3Com SuperStack / CoreBuilder - write - 3Com LinkSwitch and CellPlex - tech tech 3Com LinkSwitch and CellPlex - debug synnet 3com Superstack II 3300FX - admin - 3com Switch 3000/3300 - Admin 3com 3com 3comCellPlex7000 - tech tech 3Com Switch 3000/3300 - monitor monitor 3Com AirConnect Access Point n/a - comcomcom 3com Superstack II Dual Speed 500 - security security 3Com OfficeConnect 5x1 at least 5.x - PASSWORD 3Com SuperStack 3 Switch 3300XM - admin - 3com Super Stack 2 Switch Any manager manager 3Com SuperStack II Switch 1100 - manager manager 3Com SuperStack II Switch 1100 - security security 3com super stack 2 switch any manager manager 3Com Office Connect Remote 812 - root !root 3Com Switch 3000/3300 - admin admin 3COM OCR-812 - root !root 3com - - - - 3com NBX100 2.8 administrator 0000 3com Home Connect - User Password 3Com OfficeConnect 5x1 at least 5.x estheralastruey - 3Com SuperStack II Switch 3300 - manager manager 3Com Superstack - - - ACC Routers - netman netman Acc/Newbridge Congo/Amazon/Tigris All versions netman netman Acc/Newbridge Congo/Amazon/Tigris All versions netman netman adaptec - - - - Adaptec RAID Storage Manager Pro All Administrator adaptec adtran tsu 600 ethernet module - 18364 - Adtran TSU 120 e - - ADTRAN Adtran TSU 120 e - - ADTRAN Aironet All - alcatel - - - - Alcatel 1000 ANT Win98 - - alcatel speed touch home - - - Alcatel/Newbridge/Timestep VPN Gateway 15xx/45xx/7xxx Any root permit Alcatel/Newbridge/Timestep VPN Gateway 15xx/ Any root permit Alcatel/Newbridge/Timestep VPN Gateway 15xx/ Any root permit Allied Tenysin R130 - Manager friend Alteon ACEswitch 180e (telnet) - admin blank Alteon Web Systems All hardware releases Web OS 5.2 none admin APC MasterSwitches - apc apc APC Any Firmware Pri apcuser apc Apple Network Assistant 3.X None xyzzy Apple Airport 1.1 none public Arrowpoint any? - admin system Ascend All TAOS models all admin Ascend Ascend Pipeline Terminal Server - answer - Ascom Timeplex Routers Any See notes - AT&T Starlan SmartHUB 9.9 N/A manager AWARD Any BIOS - AWARD_SW - Axent NetProwler manager WinNT administrator admin Axis NPS 530 5.02 root pass AXIS StorPoint CD100 4.28 root pass AXIS 200 V1.32 - admin - Axis 2100 Network Camera Linux (ETRAX root pass bay cv1001003 - - - bay - - - - Bay - - - - Bay / Nortel ARN 13.20 Manager (caps count !) - Bay Network Routers All - User - Bay Networks ASN / ARN Routers Any Manager Manager Bay Networks Baystack - - NetICs Nortel Baystack 450T sw V.4.1.0.6 secure Bay/Nortel Networks Accelar 1xxx switches Any rwa rwa Bay/Nortel Networks Remote Annex 2000 Any admin IP address BEA Weblogic 5.1 system weblogic BEA - - - - bewan - - - - Bintec all Routers Any admin bintec Bintec - - - - Biodata BIGfire & BIGfire+ all - biodata Biodata all Babylon-Boxes all - Babylon Black Box terminal server / telnet auf ports 2001-2016 LES2700A-16, LES2700A-32 and LES2700A-422 SYSTEM (admin rights) Borland interbase - - - Borland Interbase Any politcally correct Borland/Inprise Interbase any SYSDBA masterkey BreezeCom AP10, SA10 BreezeNET PR - - BreezeCOM Station Adapter and Access Point 4.x - Super BreezeCOM - 3.x - Master BreezeCOM Station Adapter and Access Point 2.x - laflaf Brocade Silkworm - admin password Buffalo/MELCO AirStation WLA-L11 - root (cannot be changed) (no password by default) Cabletron any any -- -- Cabletron NB Series Any - inuvik49 Cabletron routers and switches * * blank blank Cayman 3220-H DSL Router GatorSurf 5. Any - celerity - - - - Chase Research Iolan+ - - iolan Cisco Any Router and Switch 10 thru 12 cisco cisco Cisco ConfigMaker Software any? n/a cmaker CISCO Network Registrar 3.0 ADMIN changeme CISCO N/A N/A pixadmin pixadmin Cisco routers Not sure...j - san-fran Cisco VPN 3000 Concentrator - admin admin Cisco Net Ranger 2.2.1 Sol 5.6 root attack cisco 1600 12.05 - - cisco 1601 - - - cisco - - - - cisco - - - - Cisco MGX * superuser superuser cisco 1601 - - - cisco - - - - Cisco - - - - cisco - - - - Cisco any aany IOS no default login no default password CISCO arrowpoint - - - cisco - - - - cisco - - - - cisco - - - - Cisco 2503 - - - Cisco - - - - cisco - - - - Cisco IDS (netranger) - root attack cisco - - - - cisco 1600 - - - CMOS BIOS - - - ESSEX or IPC Cobalt RaQ * Qube* Any admin admin Com21 - - - - Comersus Shopping Cart 3.2 Win 95/98/NT admin dmr99 Compaq Insight Manager - Administrator administrator Compaq Insight Manager - operator operator Compaq Management Agents All administrator none compaq - - - - copper mountain - - - - Coppercom - - - - Coyote-Point Equaliser 4 Free BSD eqadmin - Serial port only equalizer Coyote-Point Equaliser 4 Free BSD root - Serial port only - Coyote-Point Equaliser 4 Free BSD look - Web Browser only (Read a look Coyote-Point Equaliser 4 Free BSD touch - Web Browser only (Write touch Cyclades MP/RT - super surt D-Link DI-704 - - admin D-Link DI-701 2.22 (?) - - Dell PowerVault 50F WindRiver (E root calvin Dell PowerVault 35F - root calvin Dell Powerapp Web 100 Linux RedHat 6.2 root powerapp dell - - - - Digiboard Portserver 8 & 16 any root dbps DLink DI-206 ISDN router 1.* Admin Admin Dlink Dl-106 ISDN router - - 1234 DLink DL-701 Cable/DSL Gateway/Firewall - - year2000 Dlink DFE-538TX 10/100 Adapter Windows 98 - - dlink di704 - - admin DLink DI 106 winnt administrator @*nigU^D.ha,; Dupont Digital Water Proofer Sun Sparc any root par0t E-tech Router - admin epicrouter eci - - - - Edimax BR-6001+ - - password Efficient - - - - Elron Firewall 2.5c hostname/ip address sysadmin emai hotmail - - - Ericsson ACC - netman netman Ericsson (formerly ACC) Any router all netman netman Extended Systems ExtendNet 4000 / Firewall all Versions admin admin Extended Systems Print Servers - admin extendnet Extreme All Summits - admin - extreme black diamond - - - Extreme All All Admin - Flowpoint 144, 2200 DSL Routers ALL - password FlowPoint 144, 2200 DSL Routers ALL - admin Flowpoint 2200 - - Serial Num Flowpoint 2200 - - Serial Num fore - - - - Fore Systems ASX 1000/1200 6.x ami - Foundry Networks ServerIronXL Any - - fujitsu l460 - - - Future Networks FN 110C Docsis cablemodem Any - - gatway solo9100 win95 - - General Instruments SB2100D Cable Modem - test test gonet - - fast abd234 Hewlett Packard HP Jetdirect (All Models) Any none none Hewlett Packard MPE-XL - HELLO MANAGER.SYS Hewlett Packard MPE-XL - HELLO MGR.SYS Hewlett Packard MPE-XL - HELLO FIELD.SUPPORT Hewlett Packard MPE-XL - MGR CAROLIAN Hewlett Packard MPE-XL - MGR CCC Hewlett Packard MPE-XL - OPERATOR COGNOS Hewlett Packard MPE-XL - MANAGER HPOFFICE hp 4150 - - - hp - - - - IBM AS/400 - qsecofr qsecofr IBM AS/400 - qsysopr qsysopr IBM AS/400 - qpgmr qpgmr IBM NetCommerce PRO 3.2 ncadmin ncadmin IBM LAN Server / OS/2 2.1, 3.0, 4. username password IBM 2210 RIP def trade IBM DB2 WinNT db2admin db2admin IBM Lotus Domino Go WebServer (net.commerce edition) ANY ? webadmin webibm IBM AS400 Any QSECOFR QSECOFR IBM RS/6000 AIX root ibm IBM - OS/400 QSECOFR QSECOFR IBM AS400 - QSRVBAS QSRVBAS IBM AS400 - QSRV QSRV ibm as400 - - - IBM AS/400 OS/400 QUSER QUSER IBM AS/400 - - - IBM ra6000 AIX Unix - - IBM AIX - - - Imperia Software Imperia Content Managment System Unix/NT superuser superuser Intel 510T Any - admin Intel All Routers All Versions - babbit Intel All Routers All Versions - babbit Intel Intel PRO/Wireless 2011 Wireless LAN Access Point Any - Intel Intel wireless lan access Point - - comcomcom Ipswitch Whats up Gold 6.0 Windows 9x a admin admin janta sales 254 compaq janta sales janta211 janta sales 254 compaq janta sales janta211 Jetform Jetform_design - Jetform - Kawa - - - - LANCAST - - - - Lantronix LPS1-T Print Server j11-16 any system Lantronix MSS100, MSSVIA, UDS10 Any - system Lantronix LSB4 any any system Lantronix Printer and terminalservers - - system LGIC Goldstream 2.5.1 LR-ISDN LR-ISDN Linkou School - - bill bill Linkou School - - bill bill Linksys Cable/DSL router Any - admin Linksys BEFSR7(1) OR (4) Standalone R blank admin linksys - - - - Linksys BEFSR41 - (blank) admin Livingston Livingston_portmaster2/3 - !root blank Livingston Livingston_officerouter - !root blank Lucent Portmaster 2 - !root none Lucent Cajun Family - root root lucent Portmaster 3 unknown !root !ishtar Lucent Packetstar (PSAX) - readwrite lucenttech1 Lucent AP-1000 - public public lucent dsl - - - lucent - - - - macromedia freehand 9 - - MacSense X-Router Pro - admin admin mcafee - - - - microcom hdms unknowen system hdms Micron - bios - - Microrouter (Cisco) Any Any - letmein Microrouter (Cisco) Any Any - letmein Microsoft Windows NT All Administrator - Microsoft Windows NT All Guest - Microsoft Windows NT All Mail - Microsoft SQL Server - sa - Microsoft Windows NT 4.0 pkoolt pkooltPS Microsoft NT - - start MICROSOFT NT 4.0 free user user Microsoft Windows NT 4.0 admin admin MICROSOFT NT 4.0 free user user Microsoft - - - - microsoft - - - - Microsoft Ms proxy 2.0 - - - microsoft - - - - mICROSOFT - - - - Microsoft Key Managment Server Windows NT 4 - password Microsoft - - - - Motorola Motorola-Cablerouter - cablecom router Motorola Motorola-Cablerouter - cablecom router motorola cyber surfer - - - msdloto msdloto - - - msdloto - - - - Multi-Tech RASExpress Server 5.30a guest none Nanoteq NetSeq firewall * admin NetSeq NetApp NetCache any admin NetCache Netgaer RH328 - - 1234 Netgear RH348 - - 1234 Netgear ISDN-Router RH348 - - 1234 Netgear RT311 Any Admin 1234 Netgear RT314 Any Admin 1234 Netgear RT338 - - 1234 Netgear RT311/RT314 - admin 1234 netgear - - - - netlink rt314 - - - Netopia R7100 4.6.2 admin admin Netopia 455 v3.1 Netscreen NS-5, NS10, NS-100 2.0 netscreen netscreen NeXT - NeXTStep 3.3 me - Nokia - Telecom NZ M10 - Telecom Telecom Nortel Meridian 1 PBX OS Release 2 0000 0000 Nortel Contivity Extranet Switches 2.x admin setup Nortel Norstar Modular ICS Any **ADMIN (**23646) ADMIN (23646) Nortel Norstar Modular ICS Any **CONFIG (266344) CONFIG (266344) Nortel Networks (Bay) Instant Internet Any - - Northern Telecom(Nortel) Meridian 1 - - m1link Novell NetWare Any guest - Novell NetWare any PRINT - Novell NetWare Any LASER - Novell NetWare Any HPLASER - Novell NetWare Any PRINTER - Novell NetWare Any LASERWRITER - Novell NetWare Any POST - Novell NetWare Any MAIL - Novell NetWare Any GATEWAY - Novell NetWare Any GATE - Novell NetWare Any ROUTER - Novell NetWare Any BACKUP -
Novell NetWare Arcserve CHEY_ARCHSVR WONDERLAND
Novell NetWare Any WINDOWS_PASSTHRU -
novell - - - -
ODS 1094 IS Chassis 4.x ods ods
Optivision Nac 3000 & 4000 any root mpegvideo
Oracle 8i 8.1.6 sys change_on_install
Oracle Internet Directory Service any cn=orcladmin welcome
Oracle 7 or later - system manager Oracle 7 or later - sys change_on_install
Oracle 7 or later Any Scott Tiger
Oracle 8i all internal oracle
oracle - - - -
oracle - - - -
oracle co. Database engines every sys change_on_install
Osicom(Datacom) Osicom(Datacom) - sysadm sysadm
Pandatel EMUX all admin admin
PlainTree Waveswitch 100 - - default.password
RapidStream RS4000-RS8000 Linux rsadmin rsadmin
realtek 8139 - - -
Remedy Any Any Demo -
Research Machines Classroom Assistant Windows 95 manager
changeme
Rodopi Rodopi billing software 'AbacBill' sql database - rodopi rodopi
ROLM phones/phone mail 111#
Samba SWAT Package Linux Any Local User Local User password
schoolgirl member - ich hci
Securicor3NET Monet any manager friend
Securicor3NET Cezzanne any manager friend
SGI all all root n/a
SGI Embedded Support Partner IRIX 6.5.6 Administrator Partner
SGI IRIX ALL lp lp
SGI IRIX ALL OutOfBox, demos, guest, 4DGifts (none by default)
SGI IRIX ALL EZsetup -
Shiva LanRover any? root -
Shiva AccessPort Any hello hello
Shiva Any? - Guest blank
SMC Barricade - - admin
SMC DSL Router 7301TA - - password
soho nbg800 unknown admin 1234
Solaris - - - -
sonic wall any firewall device admin password -
SonicWall Any Firewall Device - admin password
SpeedStream - - - -
Spider Systems M250 / M250L - - hello
Sprint PCS SCH2000 see notes Menu - 8 - 0 (see notes) 040793
Ssangyoung SR2501 - - 2501
Sun - SunOS 4.1.4 root -
Sun - Solaris - -
surecom ep3501/3506 own os admin surecom
Symnatec - - - -
SysKonnect 6616 - default.password -
SysKonnect 6616 - default.password -
Tekelec Eagle STP - eagle eagle
Telebit netblazer 3.* - setup/snmp setup/nopasswd
Terayon TeraLink Getaway - admin password
Terayon TeraLink 1000 Controller - admin password
Terayon TeraLink 1000 Controller - user password
Terayon TeraLink Getaway - user password
terayon - 6.29 admin nms
Terrayon - - - -
Titbas - SCO haasadm lucy99
TopLayer AppSwitch 2500 Any siteadmin toplayer
Toshiba TR-650 V2.01.00 admin tr650
toshiba 480cdt - - -
toshiba - - - -
TrendMicro ISVW (VirusWall) any admin admin Trintech eAcquirer App/Data Servers - t3admin Trintech
Ullu ka pattha Gand mara Gandoo Bhosda Lund
USR TOTALswitch Any none amber
Vina Technologies ConnectReach 3.6.2 (none) (none)
voy - - - - WatchGuard FireBox 3-4.6 - wg (touch password)
Webmin Webmin Any Unix/Lin admin - Webramp 410i etc... - wradmin trancell
Win2000 Quick Time 4.0 Englisch -
- Windows 98 se 98 se - - -
Wireless Inc. WaveNet 2458 n/a root rootpass
Xylan Omnistack 1032CF 3.2.8 admin password
Xylan Omnistack 4024 3.4.9 admin password
Xylan Omniswitch 3.1.8 admin switch
xyplex mx-16xx - setpriv system
Zyxel ISDN-Router Prestige 1000 - - 1234
zyxel prestige 300 series zynos 2.* - 1234
Zyxel ISDN Router Prestige 100IH - - 1234
Zyxel prestige 300 series any - -
Zyxel prestige 600 series any - -
ZYXEL 641 ADSL - - 1234
Zyxel prestige 128 modem-router any - 1234
Zyxel ISDN-Router Prestige 1000 - - -
Zyxel ISDN-Router Prestige 1000 - - -
zyxel - - - - zyxel Prestige 650R - -