High Probability Password List

Courtesy of Core Competence, Inc.

This password list was posted to the pen-test mailing list at SecurityFocus.com. The origin of the list is purportedly a trainer from Foundstone, Inc. The post claims that this list works 80% of the time in penetrating a network (presumably, where a user account is known or guessed).

Password lists are abundant on the 'net, but most people don't refer to such lists and choose a weak password: they create one. Read Is your password on the worst offender list? for composing easily remembered, stronger passwords.

Another source of ongoing password pain are default passwords, the passwords that software and hardware manufacturers set before they ship products. The manufacturer intends and warns buyers to change these passwords, but they are often left unchanged. A fantastic list of default passwords is hosted at phenoelit-us.org. A list of default passwords for Oracle database is hosted at Pete Finnigan.

I am happy to provide attribution for the author of this list. Contact me if you know who composed it.

Begin List.

123456
1234567
12345678
123asdf
Admin
admin
administrator
asdf123
backup
backupexec
changeme
clustadm
cluster
compaq
default
dell
dmz
domino
exchadm
exchange
ftp
gateway
guest
lotus
money
notes
office
oracle
pass
password
password!
password1
print
qwerty
replicate
seagate
secret
sql
sqlexec
temp
temp!
temp123
test
test!
test123
tivoli
veritas
virus
web
www
KKKKKKK

End List.