Hey guys, I ran a Nessus scan on my home camera system DVR, that also has remote access through a webserver running on port 81. It has a directory traversal vulnerability, and i was able to view the hash to telnet into the the DVR. Once i cracked the hash i logged on, but I was looking for the usernames and hashed passwords to the web server, the logins that use basic http auth. I cd'ed around the linux interface running the DVR, and found a Users.xml file that contains this: http://i.imgur.com/Ja5Cq8T.jpg it shows what seems to be a list of user names USER01-USER10 with a 16 character hash next to it. I looked up the 16 digit hashes, they are said to be cisco pix md5. Hashcat returned nothing.....strange thing is I know my dvr only takes numbered passwords, no letters can be used.....yet hashcat returns no hits when i run incremented digit brute force attacks up to 13 characters...So ...is this actually the right hash im using? am i supposed to be including te usernames? Am i even looking at the password hash? Im very confused right now, please help shed some light
↧