تخطَّ إلى المحتوى
1337skills 1337skills - أوراق الغش

changeme

Overview

Section titled “Overview”

changeme is a lightweight, Python-based default credential scanner designed for security professionals and penetration testers. It systematically probes network services for default and factory-reset passwords, helping identify commonly overlooked weak credentials in enterprise environments.

Installation

Section titled “Installation”

From Source

Section titled “From Source”
# Clone the repository
git clone https://github.com/ztgrace/changeme.git
cd changeme

# Install dependencies
pip install -r requirements.txt
python changeme.py --help

Package Manager

Section titled “Package Manager”
# Ubuntu/Debian
sudo apt-get install changeme

# macOS (Homebrew)
brew install changeme

# Python pip
pip install changeme

Quick Start

Section titled “Quick Start”

Basic Scanning

Section titled “Basic Scanning”
# Scan a single host for all default credentials
python changeme.py -s 192.168.1.100

# Scan a network range
python changeme.py -s 192.168.1.0/24

# Scan with verbose output
python changeme.py -s 192.168.1.100 -v

# Scan with timeout specification
python changeme.py -s 192.168.1.100 --timeout 5

Protocol-Specific Scanning

Section titled “Protocol-Specific Scanning”
# Scan only HTTP services
python changeme.py -s 192.168.1.100 --protocol http

# Scan only SSH services
python changeme.py -s 192.168.1.100 --protocol ssh

# Scan only database services
python changeme.py -s 192.168.1.100 --protocol mysql

# Scan multiple specific protocols
python changeme.py -s 192.168.1.100 --protocol http --protocol ssh --protocol ftp

Port-Specific Options

Section titled “Port-Specific Options”
# Specify custom port for scanning
python changeme.py -s 192.168.1.100 -p 8080

# Scan multiple ports
python changeme.py -s 192.168.1.100 -p 22,80,443,3389

# Scan port range
python changeme.py -s 192.168.1.100 -p 1-65535

Common Commands and Usage Patterns

Section titled “Common Commands and Usage Patterns”
CommandDescription
-s, --scanTarget host or IP address to scan
-p, --portSpecific port or port range to scan
--protocolFilter scan by protocol (http, ssh, ftp, mysql, etc.)
-v, --verboseEnable verbose output for detailed results
--timeoutConnection timeout in seconds (default: 10)
--threadsNumber of concurrent threads for scanning
-o, --outputSave results to file (JSON, CSV, or text)
--list-protocolsDisplay all supported protocols
--updateUpdate the credential database
-h, --helpDisplay help message

Supported Services and Protocols

Section titled “Supported Services and Protocols”

Web Services

Section titled “Web Services”
# HTTP/HTTPS with common admin paths
python changeme.py -s 192.168.1.100 --protocol http

# Apache Tomcat
python changeme.py -s 192.168.1.100 --protocol tomcat

# Jenkins
python changeme.py -s 192.168.1.100 --protocol jenkins

# Joomla CMS
python changeme.py -s 192.168.1.100 --protocol joomla

# WordPress (basic HTTP auth)
python changeme.py -s 192.168.1.100 --protocol wordpress

Remote Access

Section titled “Remote Access”
# SSH/Telnet services
python changeme.py -s 192.168.1.100 --protocol ssh

# RDP (Remote Desktop)
python changeme.py -s 192.168.1.100 --protocol rdp

# VNC (Virtual Network Computing)
python changeme.py -s 192.168.1.100 --protocol vnc

# FTP (File Transfer Protocol)
python changeme.py -s 192.168.1.100 --protocol ftp

# Telnet
python changeme.py -s 192.168.1.100 --protocol telnet

Database Services

Section titled “Database Services”
# MySQL/MariaDB
python changeme.py -s 192.168.1.100 --protocol mysql

# Microsoft SQL Server
python changeme.py -s 192.168.1.100 --protocol mssql

# PostgreSQL
python changeme.py -s 192.168.1.100 --protocol postgresql

# MongoDB
python changeme.py -s 192.168.1.100 --protocol mongodb

# Redis
python changeme.py -s 192.168.1.100 --protocol redis

Network Services

Section titled “Network Services”
# SNMP (Simple Network Management Protocol)
python changeme.py -s 192.168.1.100 --protocol snmp

# SMTP (mail servers)
python changeme.py -s 192.168.1.100 --protocol smtp

# DNS services
python changeme.py -s 192.168.1.100 --protocol dns

# LDAP/Active Directory
python changeme.py -s 192.168.1.100 --protocol ldap

Device Services

Section titled “Device Services”
# IPMI (Intelligent Platform Management Interface)
python changeme.py -s 192.168.1.100 --protocol ipmi

# SNMP community strings
python changeme.py -s 192.168.1.100 --protocol snmp-community

# Printer services
python changeme.py -s 192.168.1.100 --protocol printer

# Network device management
python changeme.py -s 192.168.1.100 --protocol network-device

Output and Results

Section titled “Output and Results”

Text Format Output

Section titled “Text Format Output”
# Display results in terminal
python changeme.py -s 192.168.1.100 --output results.txt

JSON Format Output

Section titled “JSON Format Output”
# Save results as JSON for further processing
python changeme.py -s 192.168.1.100 --output results.json

CSV Format Output

Section titled “CSV Format Output”
# Export as CSV for spreadsheet analysis
python changeme.py -s 192.168.1.100 --output results.csv

Advanced Scanning Techniques

Section titled “Advanced Scanning Techniques”

Concurrent Thread Scanning

Section titled “Concurrent Thread Scanning”
# Use 20 concurrent threads for faster scanning
python changeme.py -s 192.168.1.0/24 --threads 20

# Adjust threads based on network capacity
python changeme.py -s 192.168.1.0/24 --threads 10

Custom Credential Lists

Section titled “Custom Credential Lists”
# Use custom credential file
python changeme.py -s 192.168.1.100 --cred-file custom-creds.txt

# Format of custom credentials file:
# username:password
# root:root
# admin:admin
# test:test

Database Updates

Section titled “Database Updates”
# Update the built-in credential database
python changeme.py --update

# Check for available updates
python changeme.py --check-updates

Practical Penetration Testing Scenarios

Section titled “Practical Penetration Testing Scenarios”

Network Discovery and Assessment

Section titled “Network Discovery and Assessment”
# Comprehensive scan of entire subnet
python changeme.py -s 192.168.1.0/24 -v --threads 15 --output assessment.json

# Scan and identify all services with default credentials
python changeme.py -s 10.0.0.0/8 --timeout 5 --threads 20

Post-Compromise Enumeration

Section titled “Post-Compromise Enumeration”
# Identify lateral movement opportunities
python changeme.py -s 192.168.1.100 -v --output lateral-movement.txt

# Check internal service defaults
python changeme.py -s 192.168.50.0/24 --protocol ssh --protocol mysql

Vulnerability Assessment

Section titled “Vulnerability Assessment”
# Generate compliance report
python changeme.py -s 192.168.1.0/24 -v --output compliance-report.json

# Target specific protocol categories
python changeme.py -s 192.168.1.0/24 --protocol mysql --protocol postgresql --protocol mongodb

Configuration and Customization

Section titled “Configuration and Customization”

Default Configuration Locations

Section titled “Default Configuration Locations”
# Configuration file (if using config mode)
~/.changeme/config.ini
/etc/changeme/config.ini

# Credential database
~/.changeme/defaults.db
/usr/share/changeme/defaults.db

Environment Variables

Section titled “Environment Variables”
# Set timeout globally
export CHANGEME_TIMEOUT=15

# Set number of threads
export CHANGEME_THREADS=25

# Set output directory
export CHANGEME_OUTDIR=/tmp/changeme-results

Performance Optimization

Section titled “Performance Optimization”

Timeout Tuning

Section titled “Timeout Tuning”
# Fast scan (shorter timeout, may miss some services)
python changeme.py -s 192.168.1.100 --timeout 2 --threads 30

# Thorough scan (longer timeout)
python changeme.py -s 192.168.1.100 --timeout 15 --threads 10

# Balanced scan
python changeme.py -s 192.168.1.100 --timeout 5 --threads 15

Rate Limiting

Section titled “Rate Limiting”
# Reduce detection risk (slower scan)
python changeme.py -s 192.168.1.100 --threads 3 --delay 2

# Fast enumeration
python changeme.py -s 192.168.1.100 --threads 30

Common Use Cases

Section titled “Common Use Cases”
ScenarioCommand
Quick subnet scanpython changeme.py -s 10.0.0.0/24 --timeout 3
Database default checkpython changeme.py -s 192.168.1.100 --protocol mysql --protocol postgresql
Find all web defaultspython changeme.py -s 192.168.1.0/24 --protocol http -v
Compliance auditpython changeme.py -s 192.168.0.0/16 --output audit.json
Check specific servicepython changeme.py -s 192.168.1.100 -p 22 --protocol ssh

Tips and Best Practices

Section titled “Tips and Best Practices”
  • Scope first: Verify network scope authorization before scanning
  • Gradual rollout: Start with small ranges before scanning large networks
  • Timing: Run scans during off-peak hours to minimize network impact
  • Documentation: Always save results with -o for compliance records
  • Updates: Regularly update credential database with --update
  • Threading balance: More threads = faster but louder; adjust for stealth needs
  • Protocol filtering: Scanning specific protocols speeds up results significantly
  • Error handling: Use verbose mode to debug connectivity issues

Troubleshooting

Section titled “Troubleshooting”

Connection Timeouts

Section titled “Connection Timeouts”
# Increase timeout for slow networks
python changeme.py -s 192.168.1.100 --timeout 30

# Reduce threads to prevent overwhelm
python changeme.py -s 192.168.1.100 --threads 5

No Results Found

Section titled “No Results Found”
# Check protocol support
python changeme.py --list-protocols

# Enable verbose for debugging
python changeme.py -s 192.168.1.100 -v --timeout 10

High CPU Usage

Section titled “High CPU Usage”
# Reduce concurrent threads
python changeme.py -s 192.168.1.100 --threads 5

# Add delays between connections
python changeme.py -s 192.168.1.100 --delay 1

Reporting and Documentation

Section titled “Reporting and Documentation”

Generate Assessment Report

Section titled “Generate Assessment Report”
# Create detailed JSON report
python changeme.py -s 192.168.1.0/24 -v --output report.json

# Format output for management presentation
python changeme.py -s 192.168.1.0/24 --output report.csv

Compliance Mapping

Section titled “Compliance Mapping”
# Document findings for compliance
python changeme.py -s 192.168.1.0/24 -v --output compliance.txt

# Track remediation
python changeme.py -s 192.168.1.0/24 --timestamp --output followup.json
Section titled “Legal and Ethical Considerations”
  • Authorization: Only scan systems you own or have explicit written permission to test
  • Scope documentation: Maintain clear records of scanning authority
  • Reporting timeline: Establish agreed-upon timelines for disclosure and remediation
  • Data handling: Securely store and destroy reports containing credentials
  • Compliance: Align scanning activities with organizational policies and regulations