Curriculum
Course: Cyber Security
Login

Curriculum

Cyber Security

Text lesson

Password Guessing Example

Many network services have default administrator accounts that may retain their installation passwords. Attackers can exploit this by trying to log in with these default credentials, along with common and weak passwords. Here are examples of typical weak passwords, all ending with an exclamation mark to circumvent password policies:

Password

Comment

Summer2021!

Many individuals, including company helpdesks, often reset passwords using the current season and year as the new password.

W3schools123!

Users frequently choose the company name as their password, often adding “123” and an exclamation mark at the end to meet password policy requirements and increase complexity slightly.

Rosalynn2006!

Users often select names of personal significance, such as their children’s names or their birth years, as their passwords.

Qwerty123456!

This password appears random but is actually created by someone pressing keys in sequence, followed by corresponding numbers.

THC-Hydra is a tool that simplifies the process of configuring lists of usernames and passwords for testing against various services (https://github.com/vanhauser-thc/thc-hydra). It supports numerous protocols, including:

  • RDP (Remote Desktop Protocol)
  • FTP (File Transfer Protocol)
  • SMB (Server Message Block)
  • Telnet
  • SSH (Secure Sockets Host)

To target FTP using THC-Hydra, the following command can be executed:

hydra -L common_usernames.txt -P common_passwords.txt ftp://localhost/