02 December 2009

SHODAN and default passwords: the lowest hanging fruit

Searching SHODAN for default password brings up 995 results for sites that include those two words in the banners. Undoubtedly there are many other sites out there using default passwords, but these would be the absolute low hanging fruit because not only could they possibly be using the defaults, they're actually advertising what the defaults are. This isn't to say that none of these sites have changed their default passwords; undoubtedly some (or even many) have. The first result I looked at appeared to be a print server:
HTTP/1.0 401
Date: Sat, 21 Dec 1996 12:00:00 GMT
Www-authenticate: Basic realm="Default password:1234"
Server: PrintSir WEBPORT 1.1

It doesn't list the default username, but a null username or "admin" is always a good guess, and in this case, "admin" and "1234" worked. To be fair, I didn't do anything beyond that (I have no desire to be malicious).

How many more of those 995 sites actually use the listed default passwords?
Post a Comment