-
The first step is to determine what software is being used.
-
Once the software has been identified, try to find whether it uses default passwords, and if so, what they are. This should include:
- Searching for “[SOFTWARE] default password”.
- Reviewing the manual or vendor documentation.
- Checking common default password databases, such as CIRT.net, SecLists Default Passwords or DefaultCreds-cheat-sheet.
- Inspecting the application source code (if available).
- Installing the application on a virtual machine and inspecting it.
- Inspecting the physical hardware for stickers (often present on network devices).
Testing for Default Credentials
How I got $13337 bounty From Google
Default Admin Username and Password
Unauthorized access to employee panel with default credentials
DVR default username and password
Grafana admin login via default credentials
Unauthorised Admin Access Due to default Password