-
-
Save gabonator/74cdd6ab4f733ff047356198c781f27d to your computer and use it in GitHub Desktop.
Summary of passwords by sperglord8008s, updated November 1. 2020. For login try "root", "default", "defaul" or "root" | |
00000000 | |
059AnkJ | |
4uvdzKqBkj.jg | |
7ujMko0admin | |
7ujMko0vizxv | |
123 | |
1111 | |
1234 | |
1234qwer | |
2601hx | |
12345 | |
54321 | |
123456 | |
666666 | |
888888 | |
1111111 | |
/*6.=_ja | |
anko | |
anni2013 | |
annie2012 | |
avtech97 | |
cat1029 | |
ccadmin | |
cxlinux | |
default | |
dreambox | |
fxjvt1805 | |
hdipc%No | |
hi3518 | |
hichiphx | |
hipc3518 | |
hkipc2016 | |
hslwificam | |
ikwb | |
ipc71a | |
IPCam@sw | |
ivdev | |
juantech | |
jvbzd | |
jvtsmart123 | |
klv123 | |
klv1234 | |
meinsm | |
OxhlwSG8 | |
pass | |
password | |
realtek | |
root | |
hi3518 | |
S2fGqNFs | |
service | |
smcadmin | |
supervisor | |
support | |
system | |
tech | |
tlJwpbo6 | |
ubnt | |
user | |
vhd1206 | |
vizxv | |
xc3511 | |
xmhdipc | |
zlxx. | |
Zte521 |
Guys, i stumbled on this thread, i also have another camera (petfeeder), wiresharked it, and it goes checking also this url:
http://112.124.112.116/Srt_Server/server.php?cmd=ckd&mcode=xxx=&ucode=xxx=&ccode=xxx&lcode=xxx
Is there a way now to retrieve the telnet password by downloading the firmware files on that server?
Its an exploit for the firmware:
https://blog.securityevaluators.com/remotely-exploiting-iot-pet-feeders-21013562aea3
But how to retrieve the current firmware file? I guess you guys have it?
huh, what is this?
Here is a translation:
Hello, your mail has been received. You are a bunch of fools. Thank you for patching security holes for us. You just saved us a lot of tester money. Additionally, every time you expose a password, we broadcast new passwords that will be remotely overwritten into the firmware. Do you think we can't understand English?
And thats a great honour for me and this community! Keep doing good work :)
yeah, already used google translate, but dont get that response? :-)
anyway, can you help me?
yeah, already used google translate, but dont get that response? :-) anyway, can you help me?
Hello Fabio,
Usually these kind of cameras have a very poor software and security features.
Time ago, I posted some tricks I used to my cameras. Before trying to reverse engineering the firmware did you have look for some web application vulns?
Yeah, I did, I use localtuya to control the device locally, the only thing I'm missing is the video feed...
I checked also tuya iot/API, but my device doesnt expose an rtsp/hls stream to cloud..
Also its based on webrtc and mqtt secure...
Also sniffed the smartlife/tuya app for https traffic, but there is nothing for the video, only was able to sniff the DP points for device control, like feed
So last resort is to gain telnet to it, and maybe enable the local rtsp port, the only open ports are 23 and 6668 for localtuya
Could anyone help me with cracking the following hash I received from my Foscam camera:
root:LOra.53O7nLVQ:0:0::/root:/bin/sh
I am not sure if it is crackable using John The Ripper and how to configure it.
Unfortunately vulns are not working and also the uboot init=/bin/sh is doing nothing.
EDIT:
Cracked it: ak47agai (using the following command john --format=crypt hashes.txt)
My (old as 2017) Hisilicone (generic_ONVIF) - bought on eBay years ago.
I realized that the telnet port is open - so in no way one should expose this little thing to the internet ;-)
I have found a new filmware version, which I upgraded
...and decoded, extracted /etc/passwd, which is a one-liner:
"root:0.IQvJd8bXSWU:0:0::/root:/bin/sh"
with john (I think) I brute-force decoded the password in 1-2 computers within few days.
My password is "hdipc%No".
Voilá
hidden:$1$Qtj8cUMZ$4JhtiYFzOpCzWNI.7433u/:10957:0:99999:7:::
xpeed:$1$$5ICya/hNOkPC33NssbPbs1:10933:0:99999:7:::
$1$ $5ICya/hNOkPC33NssbPbs1
@first!
Hi guys,
root:$1$rXUUrUvP$nwGw3hD5lodZU10IC57Ey0:10933:0:99999:7:::
Someone help me?
Hi guys, root:$1$rXUUrUvP$nwGw3hD5lodZU10IC57Ey0:10933:0:99999:7::: Someone help me?
!@#$qwer
you are the best !!! !!!!!! Oh my god ! I don't know how it's possible !!!!!
No kidding ! can you explain or is it a well kept secret?
another try ?
root:$6$wyzecamv3$8gyTEsAkm1d7wh12Eup5MMcxQwuA1n1FsRtQLUW8dZGo1b1pGRJgtSieTI02VPeFP9f4DodbIt2ePOLzwP0WI0:0:0:99999:7:::
No kidding ! can you explain or is it a well kept secret?
A: It is well documented how linux hash its passwords, just google it: linux password hash algorithm.
How can you "decoce"? You cannot. Hashing is a one-way algorithm.
Q: ...but hey! Look at above, someone did it.
A: We try to find a password, hash it and comepare the result with the original hash.
No other way exist. When you try hundred-thousands passwords/minute, this is called brute-force.
I have this user but I don't know the password. Could you help me?
root:8dxMkZjXi01sk:0:0::/root:/bin/sh
Hi guys, root:$1$rXUUrUvP$nwGw3hD5lodZU10IC57Ey0:10933:0:99999:7::: Someone help me?
!@#$qwer
firmware dated 01 2024, anyka v200
root:$1$6AHjBnTn$LvoexcPTiWwZP5fLfCGdv1
could you check this one out too?
$50 reward for this md5
1FBC497B4AB24B7CA4D6893F59AE8779
possible: MD5, SHA1.Substr(0, 32), MD4, NTLM
can you specify the operating system?
somebody can help ?
root:$1$2ZmxCqpN$I5CzAUtuJId8WDgkxcC2g/:0:0::/root:/bin/sh
$50 reward for this md5 1FBC497B4AB24B7CA4D6893F59AE8779
now that ive learned how to do this.. mine was Ilove and yours was .Ilove
very funny
somebody knows ?
root:$1$RiBtxRAG$PvXy3AX92u.mvo/UwXlTJ0:19404:0:99999:7:::
user:$1$ri3K4P4s$ne/es0YuNHyn0rti8KJ2a.:19404:0:99999:7:::
Hi !
password for chinese cam
root:$1$2ZmxCqpN$I5CzAUtuJId8WDgkxcC2g/:0:0::/root:/bin/sh
possible: MD5, SHA1.Substr(0, 32), MD4, NTLM can you specify the operating system?
Its MD5
root:$1$w4uYby9X$MZBZYSSEjhCvwafKv0v2t1:0:0::/root:/bin/sh
Someone help me?