Full Disclosure mailing list archives
Re: DVR (Digital Video Recorders) + hack?
From: "Mark Sec" <mark.sec () gmail com>
Date: Fri, 9 Feb 2007 18:44:56 -0600
Thanks HD, I only have user u:admin p:admin With this information: $ uname -a Linux xxxxxxxxxxx 2.4.30cmp #1 Tue Jul 5 11:12:11 EDT 2005 i686 unknown $pwd /admin $ ls bin scandisk setports showip showssh help setaccess setppp showmgr showtasks openupgrades setdisk setsecure shownic showvers phelp setip setsnmp showports testnet rebootdvr setmgr setssh showppp repairdisk setnic showaccess showsecure restartdvr setpass showdisk showsnmp ##################### Only jave 2 binaries suid+guid ##################### $ ls -la /bin/su -r-sr-xr-x 1 root root 18452 May 31 2004 /bin/su $ ls -la /usr/bin/smbmnt -r-sr-xr-x 1 root root 409532 Mar 27 2006 /usr/bin/smbmnt $ ####### passwd ####### $ cat /etc/passwd root:x:0:0:root:/root:/bin/sh bin:x:1:1:bin:/bin:/sbin/nologin daemon:*:2:2:daemon:/sbin:/sbin/nologin uucp:x:10:14:uucp:/:/sbin/nologin rpc:x:70:70:system user for portmap:/:/bin/false rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin nobody:*:99:99:Nobody:/:/sbin/nologin sshd:x:100:100:sshd:/sshdjail:/sbin/nologin dvr:x:101:101:DVRaccount:/:/sbin/nologin admin:x:102:102:Administrator:/admin:/sbin/chrootash radmin:x:103:103:Remote Administrator:/admin:/sbin/chrootash DVRDialup:x:104:104::/dialup:/usr/sbin/pppd ntpd:x:105:105:ntpd:/:/sbin/nologin snmpd:x:106:106:snmpd:/:/sbin/nologin We don't have a root password, anyone how to reset the pass o root default pass? On 09/02/07, H D Moore <fdlist () digitaloffense net> wrote:
Try using root:root, root:admin, admin:admin, and radmin:radmin via telnet and ssh for these systems: http://www.linuxforums.org/forum/other-distributions/63848-help-linux-version.html -HD On Friday 09 February 2007 05:22, Mark Sec wrote: > any1 have experience over these "boxes"?, we have many flavors, we > looking more information about to "howto" hack the firmware, app or > ports by default (80.23,22), we found a DoS over port 80... > > any1 with more information? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- DVR (Digital Video Recorders) + hack? Mark Sec (Feb 09)
- Re: DVR (Digital Video Recorders) + hack? H D Moore (Feb 09)
- Re: DVR (Digital Video Recorders) + hack? Mark Sec (Feb 09)
- Re: DVR (Digital Video Recorders) + hack? Michael Holstein (Feb 09)
- Re: DVR (Digital Video Recorders) + hack? H D Moore (Feb 09)