> For the complete documentation index, see [llms.txt](https://sarpers-organization.gitbook.io/ctftricks/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://sarpers-organization.gitbook.io/ctftricks/_chapter-intro-17/authentication-bypass/bruteforce/trick-0332.md).

# Default Administrator Credentials Login

***

During web challenges, especially after identifying administrative interfaces (like `/admin/`), always attempt logging in with common default credentials. A frequent combination found is `administrator` for both the username and password. Always check for default logins during security assessments using common default credentials for various systems. Many applications and devices come with default accounts and passwords enabled out-of-the-box. These are well-known and can be easily found.

Try the following common credentials:

* **Username:** `admin` / **Password:** `admin`
* **Username:** `admin` / **Password:** `password`
* **Username:** `root` / **Password:** `root`
* **Username:** `root` / **Password:** `password`
* **Username:** `test` / **Password:** `test`
* **Username:** `guest` / **Password:** `guest`
* **Username:** `user` / **Password:** `user`
* **Username:** `user` / **Password:** `password`
* **Username:** `administrator` / **Password:** `administrator`
* **Username:** `administrator` / **Password:** `password`
* **Username:** `root` / **Password:** `admin`

You can often test these directly. For example, using `curl` to send Basic Auth credentials, you need to use the `-u` flag. The `-u` flag takes the username and password separated by a colon (:).

```bash
curl -u admin:password http://example.com/admin/
```

To provide the credentials for Basic HTTP authentication using curl, use the `-u` option followed by the username and password separated by a colon (:).
