xtc46, it doenst bother me that the camera has a telnet server on it, and I am not interested in blocking it at the moment. I just wanted to see what the os was like on the camera. I am digging through the source code now...
Printable View
xtc46, it doenst bother me that the camera has a telnet server on it, and I am not interested in blocking it at the moment. I just wanted to see what the os was like on the camera. I am digging through the source code now...
Ya, I am digging through tthe source and came across a passwd file, upon running it through john the ripper, it says it cracked 2 passwords:
root:root
and user:user
when you put in "user" for the username, it instantly disconnects, and doesnt even prompt for a password. root:root just comes back as invalid.
Its got to be a little more complex than that, or else you would think linsys would have told me it was admin:admin, or no password. but maybe since this service is "Untested" on the camera, they dont have to say squat.
perhpas there is no real telnet option and it is just the reminence of old/recycled code. Sort of interesting though.
Does it lockup after X number of failed attempts or does it gladly take as many bad credentials as you give it?
If it take as many as you give it, a simple shell script and a dictionary file from packet storm can be used to bang the piss out of it.
Found a shadow file in the gz, which includes the following accounts and password hashes
root:$1$VjqxNiBT$gW0TOYeQ9cNPI8/aAK2wP.:::::::
ftp:$1$VjqxNiBT$gW0TOYeQ9cNPI8/aAK2wP.:::::::
Might give that a go.
man i searched for shadows....where did you locate it at?
Im running a crack on it now...I will check it tommorow mornign and see what I can see.
th13:It gives you 3 tries before it disconnects, unless you put in user for the username, then it immedietly disconnects.
Thanks for the hwlp everyone, i will get back with the results.
What does it do for the username ftp?
Linux 2.4.19-uc1 (libcam) (ttyp0)
libcam login: ftp
Connection closed by foreign host.
Where did you find the shadow file?
The link that comptech2 posted lead me to download the wvc54g_v2005.tgz, in which the shadow file is located at wvc54g_v1025\SOURCE\fs\userland\scripts\etc\
There was a few different ones you could download for the wvc54g, so maybe that isn't the right one even. I'd check them all if that hash turns out to be bogus.
It might take awhile, but Brutus should do the trick. ;)