Vendors ship devices with hardcoded credentials. This is the highest probability layer.

If you know the company name or the name of the sysadmin, a generic list won't do. You need to use tools like to generate a custom wordlist based on specific keywords related to the target. Tools for Testing FTP Passwords

echo "Apex1999" >> ftp_custom.txt echo "apexftp" >> ftp_custom.txt echo "Apex!99" >> ftp_custom.txt echo "Systems1" >> ftp_custom.txt