Root with no password on an embedded device!

Chat with other TGB members about whatever is on your mind.
Post Reply
IownFIVEechos

Posts: 696
Joined: Fri Jul 12, 2013 2:29 pm
Location:

HTPC Specs: Show details

#21

Post by IownFIVEechos » Mon Mar 10, 2014 6:43 pm

barnabas1969 wrote:No. I tried that. I also tried Password, password, root, etc.

did you try all 1's?
Top
barnabas1969

Posts: 5738
Joined: Tue Jun 21, 2011 7:23 pm
Location: Titusville, Florida, USA

HTPC Specs: Show details

#22

Post by barnabas1969 » Mon Mar 10, 2014 6:43 pm

Yes, and all 8's too.
Top
User avatar
woodchuck

Posts: 338
Joined: Tue Jun 14, 2011 9:43 pm
Location:

HTPC Specs: Show details

#23

Post by woodchuck » Mon Mar 10, 2014 10:03 pm

One "advantage" of my security dillema is that I can "vi /mnt/para/usr.cfg" and modify the default username. I tried it, and it works... hooray? :wtf:
Top
smcmillan2

Posts: 82
Joined: Mon Jul 22, 2013 6:09 pm
Location: Farmington, MI

HTPC Specs: Show details

#24

Post by smcmillan2 » Mon Mar 10, 2014 11:38 pm

woodchuck wrote:One "advantage" of my security dillema is that I can "vi /mnt/para/usr.cfg" and modify the default username. I tried it, and it works... hooray? :what the heck:
Yeah, /mnt/para is mounted read-write. Does your change survive a reboot?
barnabas1969 wrote:The fact that the username is always Admin, and the password is always 6-digits numeric (and this is documented on the manufacturer's website) makes it pretty easy to hack via a brute force attack.
And if it does survive the reboot, can you change the password to something other than the 6 digits barnabas1969 mentioned?

I don't supposed the root user is listed in that usr.cfg file? If it is, you may have found the solution (test the admin user changes first, losing root access would not be good).
Top
User avatar
woodchuck

Posts: 338
Joined: Tue Jun 14, 2011 9:43 pm
Location:

HTPC Specs: Show details

#25

Post by woodchuck » Tue Mar 11, 2014 1:15 am

smcmillan2 wrote:
woodchuck wrote:One "advantage" of my security dillema is that I can "vi /mnt/para/usr.cfg" and modify the default username. I tried it, and it works... hooray? :what the heck:
Yeah, /mnt/para is mounted read-write. Does your change survive a reboot?
barnabas1969 wrote:The fact that the username is always Admin, and the password is always 6-digits numeric (and this is documented on the manufacturer's website) makes it pretty easy to hack via a brute force attack.
And if it does survive the reboot, can you change the password to something other than the 6 digits barnabas1969 mentioned?

I don't supposed the root user is listed in that usr.cfg file? If it is, you may have found the solution (test the admin user changes first, losing root access would not be good).
The changes to /mnt/para/usr.cfg did survive a reboot! Unfortunately there is no root user mentioned there, just admin and a guest user account I created in the GUI. I'm not sure entering an alpha-numberic in there would accomplish much on my DVR, as it only
shows a numerical GUI when you are accessing it from a connected TV or monitor.
Top
User avatar
woodchuck

Posts: 338
Joined: Tue Jun 14, 2011 9:43 pm
Location:

HTPC Specs: Show details

#26

Post by woodchuck » Tue Mar 11, 2014 1:18 am

On another note, anybody have a clue how I'd go about building a new firmware for this thing? I used binwalk to extract the filesystems from the latest firmware file, then extracted and rebuilt the cramfs with an /etc/passwd file setup to my liking. Now I can't figure out how to either rebuild the whole thing, or just insert the specific filesytem I changed back into the bin file. Ideas?
Top
Post Reply

Return to “The Green Button Lounge”