Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: DVR (Digital Video Recorders) + hack?
From: "Mark Sec" <mark.sec () gmail com>
Date: Fri, 9 Feb 2007 18:44:56 -0600

Thanks HD,

I only have user u:admin p:admin

With this information:


$ uname -a
Linux xxxxxxxxxxx 2.4.30cmp #1 Tue Jul 5 11:12:11 EDT 2005 i686 unknown

$pwd
/admin

$ ls
bin           scandisk      setports      showip        showssh
help          setaccess     setppp        showmgr       showtasks
openupgrades  setdisk       setsecure     shownic       showvers
phelp         setip         setsnmp       showports     testnet
rebootdvr     setmgr        setssh        showppp
repairdisk    setnic        showaccess    showsecure
restartdvr    setpass       showdisk      showsnmp

#####################
Only jave 2 binaries suid+guid
#####################


$ ls -la /bin/su
-r-sr-xr-x    1 root     root        18452 May 31  2004 /bin/su

$ ls -la /usr/bin/smbmnt
-r-sr-xr-x    1 root     root       409532 Mar 27  2006 /usr/bin/smbmnt
$

#######
passwd
#######

$ cat /etc/passwd
root:x:0:0:root:/root:/bin/sh
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:*:2:2:daemon:/sbin:/sbin/nologin
uucp:x:10:14:uucp:/:/sbin/nologin
rpc:x:70:70:system user for portmap:/:/bin/false
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nobody:*:99:99:Nobody:/:/sbin/nologin
sshd:x:100:100:sshd:/sshdjail:/sbin/nologin
dvr:x:101:101:DVRaccount:/:/sbin/nologin
admin:x:102:102:Administrator:/admin:/sbin/chrootash
radmin:x:103:103:Remote Administrator:/admin:/sbin/chrootash
DVRDialup:x:104:104::/dialup:/usr/sbin/pppd
ntpd:x:105:105:ntpd:/:/sbin/nologin
snmpd:x:106:106:snmpd:/:/sbin/nologin

We don't have a root password, anyone how to reset the pass o root default
pass?





On 09/02/07, H D Moore <fdlist () digitaloffense net> wrote:

Try using root:root, root:admin, admin:admin, and radmin:radmin via telnet
and ssh for these systems:


http://www.linuxforums.org/forum/other-distributions/63848-help-linux-version.html

-HD


On Friday 09 February 2007 05:22, Mark Sec wrote:
> any1 have experience over these "boxes"?, we have many flavors, we
> looking more information about to "howto" hack the firmware, app or
> ports by default (80.23,22), we found a DoS over port 80...
>
> any1 with more information?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]