I’m trying to gain root access on a cheap DVR that I bought for a CCTV system. The manufacturer has a firmware update image available for download that I was able to inspect using a tool called binwalk
and I extracted the rootfs. It looks like a flavor of embedded Linux with Busybox.
I took a look at the /etc/passwd
file and it has one line for root
with a password hash and a login shell defined. There’s no /etc/shadow
file but there is a /etc/passwd-
which I haven’t seen before.
I also found an init script that would normally be launching telnetd
but it’s commented out.
Can I just generate a new password hash to substitute in /etc/passwd
, uncomment the telnetd
line and then log in as root with the new password through telnet over the network?
(Of course this is ignoring the possible problems I could run into with flashing the new firmware onto the device and bricking it)
Go to Source
Author: jvergeldedios