Finding web applications with default credentials
Default credentials are often forgotten in web applications and devices, such as webcams, printers, VoIP systems, video conference systems, and other appliances. There is a very useful NSE script to automate the process of testing default credentials in the network. Several popular products are supported including web applications, such as Apache Tomcat Manager, Oracle Administration Console, F5 Big IP, CitrixNetScaler, Cacti, printers, and even the web management interfaces of home routers.
This recipe shows you how to automatically test default credential access in several web applications with Nmap.
How to do it...
To automatically test default credential access in the supported applications, use the following Nmap command:
$ nmap -p80 --script http-default-accounts <target>
The results will indicate the application and default credentials if successful:
PORT STATE SERVICE REASON 80/tcp open http syn-ack |_http-default...