Common Users

When performing Penetration tests, one of the first things you do (if in scope) is reconnaissance. Now that could be for target machines if it is a black-box test or usernames (users) if trying to perform log-in attempts.

A few ways of obtaining usernames might be to enumerate Active Directory either through null sessions or authentication, perhaps scraping them from RDP sessions that display the current/last logged in user or maybe using SNMP default strings to enumerate services and associated user etc..
But, what if you cant do any of them, maybe they get Pentested annually or just have a decent IT team then what are you going to do.

Well, this is where something prompted an idea to create a list of commonly used usernames across various companies or councils etc.. I often find that there are common users or default/generic users that are often used no matter where i go. The passwords aren’t always the same (unfortunately for us) but, with generic and default user names come generic and default passwords (typically). So over time i have slowly been putting together a list of common users and as of late imported a few from similar style lists off the internet.

I think twice, tree times tops in the past few years, my list has gained me a foothold onto a network that i would have not got on before due to not having anything to go on.

Using Hydra or Medusa (take your pick), although Hydra has always been tops for me especially with the new update, then you can perform a password attack, staying withing the password lockout policy if you know it, else try stay under 3 attempts just to be on the safe side, using something like the good old “Password1″,  “company_name1″, “(blank)” or “same user as pass”. This actually got me a hit or two. Granted this was only about 3 times in the past few years but if your in a bit of a bind its always worth a member.

The link below is to my list as it stands so far, i am hoping to keep updating this as i go.

If you have any common users you know of that are worth adding to the list that aren’t already there please send them to me. Sharing is caring!


Popular posts from this blog

Null Session Domain Controller Enumeration

MS15-034: Vulnerability in HTTP.sys Could Allow Remote Code Execution

NetBIOS / NBNS Spoofing