BROKEN AUTHENTICATION - Default Credentials

Broken Authentication - Default Credentials Challenge

Making a post just to clarify an issue I experienced in the “Broken Authentication” Module. The Default Credentials page in the Login Bruteforcing segment of the module has a challenge that requires you to use default credentials to log in via a web form.

DO NOT use scada-pass.csv located here SecLists/Passwords/Default-Credentials at master · danielmiessler/SecLists · GitHub. I spent hours on this challenge when it turns out this file does not have the username you need to complete the challenge. The only place I could find that does is this website SCADA Default Password List (scadasecuritybootcamp.com)

3 Likes

Had the same problem. Username is valid, but password is not, so I couldn’t test the python script from this module

ya, do not use that list. Google it and found this one usefulhttps://www.192-168-1-1-ip.co/router/advantech/advantech-webaccess-browser-based-hmi-and-scada-software/11215/

1 Like

Cheers I was there and tried all kind of manipulation of text in the csv file - good to know thnaks for sharing.