-
-
Save gabonator/74cdd6ab4f733ff047356198c781f27d to your computer and use it in GitHub Desktop.
Summary of passwords by sperglord8008s, updated November 1. 2020. For login try "root", "default", "defaul" or "root" | |
00000000 | |
059AnkJ | |
4uvdzKqBkj.jg | |
7ujMko0admin | |
7ujMko0vizxv | |
123 | |
1111 | |
1234 | |
1234qwer | |
2601hx | |
12345 | |
54321 | |
123456 | |
666666 | |
888888 | |
1111111 | |
/*6.=_ja | |
anko | |
anni2013 | |
annie2012 | |
avtech97 | |
cat1029 | |
ccadmin | |
cxlinux | |
default | |
dreambox | |
fxjvt1805 | |
hdipc%No | |
hi3518 | |
hichiphx | |
hipc3518 | |
hkipc2016 | |
hslwificam | |
ikwb | |
ipc71a | |
IPCam@sw | |
ivdev | |
juantech | |
jvbzd | |
jvtsmart123 | |
klv123 | |
klv1234 | |
meinsm | |
OxhlwSG8 | |
pass | |
password | |
realtek | |
root | |
hi3518 | |
S2fGqNFs | |
service | |
smcadmin | |
supervisor | |
support | |
system | |
tech | |
tlJwpbo6 | |
ubnt | |
user | |
vhd1206 | |
vizxv | |
xc3511 | |
xmhdipc | |
zlxx. | |
Zte521 |
Apexis camera's UART and telnet
User: root
password: apix
$1$yq01TaSp$lkN/azu3IxE97owy27pve.
I have hashcat running for several days now without luck. I have, however, broken into the camera and obtained root access. I don't need the root password but I'd like to know what it is for curiosity's sake.
How did you obtain root access?
Serial console, guessed the u-boot password (HI2105CHIP), and changed the boot parameter so that init was /bin/sh instead of linuxrc.
Can you turn on telnet?
I want to remote camera but cant start telnet or ssh
Using the chi print screen endpoint, I was able to turn on telnet. Never cracked it. I lost interest. I'm making a chrome plugin for hi3516 type embedded web server now. Beta version makes the video canvas full screen, centers the camera view to mouse click coordinates, and allows PTZ command via keyboard. The last one kicks ass. Future work includes macro buttons - for all the "set 64", "call 55" horse shit. It's in the chrome extension store, if anyone's interested. - POS IP Camera
…
On Sun, Mar 13, 2022, 10:53 PM hoanglv0203 @.> wrote: @.* commented on this gist. ------------------------------ $1$yq01TaSp$lkN/azu3IxE97owy27pve. I have hashcat running for several days now without luck. I have, however, broken into the camera and obtained root access. I don't need the root password but I'd like to know what it is for curiosity's sake. How did you obtain root access? Serial console, guessed the u-boot password (HI2105CHIP), and changed the boot parameter so that init was /bin/sh instead of linuxrc. Can you turn on telnet? I want to remote camera but cant start telnet or ssh — Reply to this email directly, view it on GitHub https://gist.github.com/74cdd6ab4f733ff047356198c781f27d#gistcomment-4096741, or unsubscribe https://github.com/notifications/unsubscribe-auth/AFPXRVPWP75PXZF74VJDOGTU73A43ANCNFSM4HJBUS4Q . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub. You are receiving this because you commented.Message ID: @.***>
--> "Using the chi print screen endpoint, I was able to turn on telnet" ?
Can u help me detail it? and info of telnet when u start service
/web/cgi-bin/hi3510/printscreenrequest.cgi
Thank you so much @chrismclellen
May be firmware version of my camera cant start telnet service (device type C6F0SoZ3N0PdL2)
This is log on cam when i visits /web/cgi-bin/hi3510/printscreenrequest.cgi in web browser:
SendMediaDataThread: client shutdown(cntindex=3,cntip=192.168.137.1,sock=59)!***
SendMediaDataThread(exit): cntindex=3,cntip=192.168.137.1,websocket=1,avchn=1,sock=59,maxframelen=330k
HI_Media_LiveStreamUnRegisterMediaLink: index=3,ip=192.168.137.1,type=http,avchn=1,onlinenum=0
/bin/sh: telnetd: not found
Guys, I've been burgled.. and when I went to review my footage found I could not log in. I did some work about 3 years ago to try to remove back doors (unsuccessful, but have changed the host name), ended up keeping my cctv off my network, but it seem my extensive notes don't help me log in, and I'm on day 4 of trying to crack it on my own.
Details: Kare H.264 Digital Video Recorder. Telnet backdoor wide open gives root access. There appears to be no shadow file.
[root@LocalMerton /etc]$ cat /etc/passwd
root:absxcfbgXtb3o:0:0:root:/:/bin/sh
[root@LocalMerton /etc]$ cat /etc/passwd-
root:ab8nBoH3mb8.g:0:0::/root:/bin/sh
Situation is GUI will only present admin as a user name. I've been round /bin/login with every permutation I can find with no luck.
/mnt/mtd/config contains
Account2 file which (it used to contain Account1 also but I removed it following possibly bad advice)
"Group" : "admin",
"Memo" : "admin 's account",
"Name" : "admin",
"NoMD5" : null,
"Password" : "ybdoKg52",
"Reserved" : true,
"Sharable" : true
but if I try to passwd admin I get no such user....
all 'superadmin' password calculators based on date and time exhausted... as am I. I have much more intel than the above all saved in text file, which I could easily share if anyone would be so immensely kind as to help me wrestle with getting access to my security footage? sorry for posting here... having no joy on discord servers.
Guys, I've been burgled.. and when I went to review my footage found I could not log in. I did some work about 3 years ago to try to remove back doors (unsuccessful, but have changed the host name), ended up keeping my cctv off my network, but it seem my extensive notes don't help me log in, and I'm on day 4 of trying to crack it on my own.
Details: Kare H.264 Digital Video Recorder. Telnet backdoor wide open gives root access. There appears to be no shadow file. [root@LocalMerton /etc]$ cat /etc/passwd root:absxcfbgXtb3o:0:0:root:/:/bin/sh [root@LocalMerton /etc]$ cat /etc/passwd- root:ab8nBoH3mb8.g:0:0::/root:/bin/sh
absxcfbgXtb3o:xc3511
ab8nBoH3mb8.g:helpme
Guys, I've been burgled.. and when I went to review my footage found I could not log in. I did some work about 3 years ago to try to remove back doors (unsuccessful, but have changed the host name), ended up keeping my cctv off my network, but it seem my extensive notes don't help me log in, and I'm on day 4 of trying to crack it on my own.
Details: Kare H.264 Digital Video Recorder. Telnet backdoor wide open gives root access. There appears to be no shadow file. [root@LocalMerton /etc]$ cat /etc/passwd root:absxcfbgXtb3o:0:0:root:/:/bin/sh [root@LocalMerton /etc]$ cat /etc/passwd- root:ab8nBoH3mb8.g:0:0::/root:/bin/shabsxcfbgXtb3o:xc3511
ab8nBoH3mb8.g:helpme
Sl1cks010 first of all THANK YOU for trying to help me, it is really appreciated. Secondly sorry for slow acknowledgement, due to a bereavement.. and finally are those unames and passwords, or hashes or how should I proceed with them? Because the GUI is such a clumsy way of entering credentials, what I have tried so far is running /etc/Sofia which is effectively their cctv application but once it is running it gives me a quick way to enter usernames and passwords. I tried both your replies with account username 'admin' without success, then I tried using the part between the ** as username and the part before the colon as password without success. If you read this and are able to help further, you can reach me on cctvhelpme@gmail.com and thank you again.
root:$1$yFuJ6yns$33Bk0I91Ji0QMujkR/DPi1:0:0:root:/root:/bin/sh
CAMERA MC500L MSC316DM IMX335
Copy&paste found password in my onlinehashcrack account, as people are still using it :)
this way it is easier to find by search engines
$1$qFa2kfke$vJob19l64Q6n8FvP8/kvJ0 | wabjtam
LHjQopX4yjf1Q | ls123
$1$yi$MiivC6pLdwS0zp0pa0cUq1 | qw1234qw
$1$ZebZnWdY$QZ1Aa.7hwBshCS5k40MUE1 | xc12345
$1$MoCJ1nRA$NfsI1wlYcWoF5MbU4t3Og0 | ivdev
7wtxBdUGBnuoY | runtop10
9B60FC59706134759DBCAEA58CAF9068 | Fireitup
Copy&paste found password in my onlinehashcrack account, as people are still using it :)
https://www.onlinehashcrack.com/7byl08adoe
Status NOT FOUND :/
it was a temporary problem, it is working again
and someone submitted a password that was cracked, but longer than 8 characters, so if you want to know it, you will have to pay or try to hack it yourself :)
root:$1$0Me7S3z5$.uQ4Pr/QjJQ/0JUZI0w4m.:0:0::/root:/bin/sh/etc # part
Please help me
U-Boot 2013.10.0-AK_V3.0.07 (Nov 10 2020 - 21:53:40)
arm-anykav200-linux-uclibcgnueabi-gcc.br_real (anyka (gcc-4.8.5 + binutils-2.24 + ulcibc-0.9.33.2)(20170223)) 4.8.5
GNU ld (GNU Binutils) 2.24
anyka$printenv
baudrate=115200
board=ak3918ev300
bootargs=console=ttySAK0,115200n8 root=/dev/mtdblock2 rootfstype=squashfs init=/sbin/init mem=64M memsize=64M mtdparts=spi0.0:212K(uboot),1452K(kernel),896K(rootfs),512K(config),5120K(data)
bootcmd=sf probe 0:0 20000000 0; sf read 0x82208000 0x35000 0x16b000; bootm 0x82208000
/mnt/flash/productinfo # cat deviceid.txt
DEVICEID V6202IR-F37/mnt/flash/productinfo
root:$1$0Me7S3z5$.uQ4Pr/QjJQ/0JUZI0w4m.:0:0::/root:/bin/sh/etc # part Please help me
there is some hints on google: https://www.google.com/search?q=uQ4Pr+QjJQ+0JUZI0w4m
Dear i already googled but didn't any thing if you kindly tell me thanks
Dear i already googled but didn't any thing if you kindly tell me thanks
try root:hkipc2016
I tried all above password via hash software using word list
I have a cheapo ASTR AS-IPHMT2-241I camera. It has two users:
root :
admin :
The admin hash is still being cracked.
Might be the same for the other IPHMT2 models.
root:xt5USRjG7rEDE:0:0::/root:/bin/sh
password j1/_7sxw
xt5USRjG7rEDE:j1/_7sxw
Smartwares CIP-39218AT
Great thanks for help @dimerr
ZOSI C190 SoC HI3518C
root
123456asj
How did you obtain root access?
Serial console, guessed the u-boot password (HI2105CHIP), and changed the boot parameter so that init was /bin/sh instead of linuxrc.
how did you do that?
the uboot password is HI2105CHIP
but how to init from /bin/sh?
root:$1$7bfnUEjV$3ogadpYTDXtJPV4ubVaGq1:0:0::/root:/bin/sh help, anyone know this hash ?
Hi,
i have this hash: $6CJlS7VEVeK2:0:0:root:/:/bin/sh
maybe someone can decrypt it? It is a ZS-GQ2.
Unfortunately init=/bin/sh is not working.
root:$1$7bfnUEjV$3ogadpYTDXtJPV4ubVaGq1:0:0::/root:/bin/sh help, anyone know this hash ?
Zte521
Zte521
thank you for your reply
but its not working
the hash for Zte521 -> $1$7bfnUEjV$TQwdIHHH6fM19XYpf0oAB/
Can you help with this:
root:$1$$.MO09JyxBBNd9Xv0pXIqc0:0:0::/root:/bin/sh
It's from video doorbell Vidiline F-Ip-3704.Found the same in a doorbell FW of
Slinex SL-07 IP
Can't crack yet :)
Hello. Can you tell me if you got a password or some other access to Slinex SL-07 IP files?
root:$1$w4uYby9X$MZBZYSSEjhCvwafKv0v2t1:0:0::/root:/bin/sh
Someone help me?
Guys, i stumbled on this thread, i also have another camera (petfeeder), wiresharked it, and it goes checking also this url:
http://112.124.112.116/Srt_Server/server.php?cmd=ckd&mcode=xxx=&ucode=xxx=&ccode=xxx&lcode=xxx
Is there a way now to retrieve the telnet password by downloading the firmware files on that server?
Its an exploit for the firmware:
https://blog.securityevaluators.com/remotely-exploiting-iot-pet-feeders-21013562aea3
But how to retrieve the current firmware file? I guess you guys have it?
huh, what is this?
Here is a translation:
Hello, your mail has been received. You are a bunch of fools. Thank you for patching security holes for us. You just saved us a lot of tester money. Additionally, every time you expose a password, we broadcast new passwords that will be remotely overwritten into the firmware. Do you think we can't understand English?
And thats a great honour for me and this community! Keep doing good work :)
yeah, already used google translate, but dont get that response? :-)
anyway, can you help me?
yeah, already used google translate, but dont get that response? :-) anyway, can you help me?
Hello Fabio,
Usually these kind of cameras have a very poor software and security features.
Time ago, I posted some tricks I used to my cameras. Before trying to reverse engineering the firmware did you have look for some web application vulns?
Yeah, I did, I use localtuya to control the device locally, the only thing I'm missing is the video feed...
I checked also tuya iot/API, but my device doesnt expose an rtsp/hls stream to cloud..
Also its based on webrtc and mqtt secure...
Also sniffed the smartlife/tuya app for https traffic, but there is nothing for the video, only was able to sniff the DP points for device control, like feed
So last resort is to gain telnet to it, and maybe enable the local rtsp port, the only open ports are 23 and 6668 for localtuya
Could anyone help me with cracking the following hash I received from my Foscam camera:
root:LOra.53O7nLVQ:0:0::/root:/bin/sh
I am not sure if it is crackable using John The Ripper and how to configure it.
Unfortunately vulns are not working and also the uboot init=/bin/sh is doing nothing.
EDIT:
Cracked it: ak47agai (using the following command john --format=crypt hashes.txt)
My (old as 2017) Hisilicone (generic_ONVIF) - bought on eBay years ago.
I realized that the telnet port is open - so in no way one should expose this little thing to the internet ;-)
I have found a new filmware version, which I upgraded
...and decoded, extracted /etc/passwd, which is a one-liner:
"root:0.IQvJd8bXSWU:0:0::/root:/bin/sh"
with john (I think) I brute-force decoded the password in 1-2 computers within few days.
My password is "hdipc%No".
Voilá
hidden:$1$Qtj8cUMZ$4JhtiYFzOpCzWNI.7433u/:10957:0:99999:7:::
xpeed:$1$$5ICya/hNOkPC33NssbPbs1:10933:0:99999:7:::
$1$ $5ICya/hNOkPC33NssbPbs1
@first!
Hi guys,
root:$1$rXUUrUvP$nwGw3hD5lodZU10IC57Ey0:10933:0:99999:7:::
Someone help me?
Hi guys, root:$1$rXUUrUvP$nwGw3hD5lodZU10IC57Ey0:10933:0:99999:7::: Someone help me?
!@#$qwer
you are the best !!! !!!!!! Oh my god ! I don't know how it's possible !!!!!
No kidding ! can you explain or is it a well kept secret?
another try ?
root:$6$wyzecamv3$8gyTEsAkm1d7wh12Eup5MMcxQwuA1n1FsRtQLUW8dZGo1b1pGRJgtSieTI02VPeFP9f4DodbIt2ePOLzwP0WI0:0:0:99999:7:::
No kidding ! can you explain or is it a well kept secret?
A: It is well documented how linux hash its passwords, just google it: linux password hash algorithm.
How can you "decoce"? You cannot. Hashing is a one-way algorithm.
Q: ...but hey! Look at above, someone did it.
A: We try to find a password, hash it and comepare the result with the original hash.
No other way exist. When you try hundred-thousands passwords/minute, this is called brute-force.
I have this user but I don't know the password. Could you help me?
root:8dxMkZjXi01sk:0:0::/root:/bin/sh
Hi guys, root:$1$rXUUrUvP$nwGw3hD5lodZU10IC57Ey0:10933:0:99999:7::: Someone help me?
!@#$qwer
firmware dated 01 2024, anyka v200
root:$1$6AHjBnTn$LvoexcPTiWwZP5fLfCGdv1
could you check this one out too?
$50 reward for this md5
1FBC497B4AB24B7CA4D6893F59AE8779
possible: MD5, SHA1.Substr(0, 32), MD4, NTLM
can you specify the operating system?
somebody can help ?
root:$1$2ZmxCqpN$I5CzAUtuJId8WDgkxcC2g/:0:0::/root:/bin/sh
$50 reward for this md5 1FBC497B4AB24B7CA4D6893F59AE8779
now that ive learned how to do this.. mine was Ilove and yours was .Ilove
very funny
somebody knows ?
root:$1$RiBtxRAG$PvXy3AX92u.mvo/UwXlTJ0:19404:0:99999:7:::
user:$1$ri3K4P4s$ne/es0YuNHyn0rti8KJ2a.:19404:0:99999:7:::
Hi !
password for chinese cam
root:$1$2ZmxCqpN$I5CzAUtuJId8WDgkxcC2g/:0:0::/root:/bin/sh
possible: MD5, SHA1.Substr(0, 32), MD4, NTLM can you specify the operating system?
Its MD5
Hello, maybe there is possibility to crack this hash:
root:$1$ZebZnWdY$QZ1Aa.7hwBshCS5k40MUE1:0:0::/root:/bin/sh
i got it from a firmware tried to do on my own computer with john but it haven't found anything, running almost for three days.
there is listed password in onlinehashcrack but it is wrong.
my System info:
Model: XVRDA3116HDB
S/N: 9781623416236