4

Little background: I forgot one of my CCTV accounts password, so used the admin account to create a new one. However I can't access the old one as it's not possible to change a user account password, even with the admin account (Via the interface at least) (And I'd like to either delete the account, or get access to it again).

I've used telnet to directly access the CCTV file of passwords, and I was just wondering if it's possible to find the type of encryption being used.

I know one hash it's showing. Eg: This hash: 4WzwxXxM I know is 888888. Using that translation is it possible to find the rough encryption being used for the other account I would like to reset?

(Before you ask, it seems CCTV DVR's are horribly built, the shell via telnet seems to not even have FTP access :( )

  • It might also help to get the CCR model and make; there may be some info out there on it - it looks like something you've picked up from TechProSecurity/Security Camera King – cutrightjm Dec 17 '14 at 15:51

2 Answers2

9

Based on a google search of your hash it's a Dahua hash.Luckily for you it looks like it has some vulnerabilities www.exploit-db.com/download/29673/ I don't know if they fixed vulnerability and I don't really know much about CCTV systems.If that fails you could try bruteforcing the hash.

void_in
  • 5,541
  • 1
  • 20
  • 28
NetSec
  • 106
  • 2
0

This might help others looking for a similar vulnerability in the Dahua cameras. In their IP camera line (specifically, in my case, the IPC-HFW4300), they have two default users: 666666 (the regular user) and 888888 (the admin user), with matching passwords. The web UI does no effort hiding this information, and these users cannot be easily removed from the system.

Jedi
  • 3,906
  • 2
  • 24
  • 42