-
Star
(160)
You must be signed in to star a gist -
Fork
(33)
You must be signed in to fork a gist
-
-
Save gabonator/74cdd6ab4f733ff047356198c781f27d to your computer and use it in GitHub Desktop.
| Summary of passwords by sperglord8008s, updated November 1. 2020. For login try "root", "default", "defaul" or "root" | |
| 00000000 | |
| 059AnkJ | |
| 4uvdzKqBkj.jg | |
| 7ujMko0admin | |
| 7ujMko0vizxv | |
| 123 | |
| 1111 | |
| 1234 | |
| 1234qwer | |
| 2601hx | |
| 12345 | |
| 54321 | |
| 123456 | |
| 666666 | |
| 888888 | |
| 1111111 | |
| /*6.=_ja | |
| anko | |
| anni2013 | |
| annie2012 | |
| avtech97 | |
| cat1029 | |
| ccadmin | |
| cxlinux | |
| default | |
| dreambox | |
| fxjvt1805 | |
| hdipc%No | |
| hi3518 | |
| hichiphx | |
| hipc3518 | |
| hkipc2016 | |
| hslwificam | |
| ikwb | |
| ipc71a | |
| IPCam@sw | |
| ivdev | |
| juantech | |
| jvbzd | |
| jvtsmart123 | |
| klv123 | |
| klv1234 | |
| meinsm | |
| OxhlwSG8 | |
| pass | |
| password | |
| realtek | |
| root | |
| hi3518 | |
| S2fGqNFs | |
| service | |
| smcadmin | |
| supervisor | |
| support | |
| system | |
| tech | |
| tlJwpbo6 | |
| ubnt | |
| user | |
| vhd1206 | |
| vizxv | |
| xc3511 | |
| xmhdipc | |
| zlxx. | |
| Zte521 |
Hi everybody. Can you help me decrypt shadow on AK3918EN080 V200 (Anyka)? root:$1$6AHjBnTn$LvoexcPTiWwZP5fLfCGdv1:0:0:99999:7:::
Thank you for help.
I have the same hash on a device. Has anyone cracked it?
Can anyone help me crack this? I successfully pulled the passwd file off the memory chip for my camera a Project Nursery camera, but I can't figure out hashcat to get the password from the hash. The passwd file contains one line:
root:$1$2bIsCaZh$4rPJIavm2oheHsh3.eORn.:0:0::/root:/bin/sh I guess my main question is what part of that to isolate in a text file to run hashcat on and how do I tell what kind of hash it is (md5... etc)?
i need help with this hash. root:$6$wyzecamv2$hvp6M6S2JI7vyyHfEDPWCYJ8N2r5B4ZzS8uZYwyMkoWyg90sCJzupBGD57CObtKonld0Yvr2B/ejt4l4/jryi.:0:0:root:/:/bin/sh . I tried using hashid with no luck . Is it a good hash?
I've got a Tuya TCP Smart cam here for which i would like to have the password: shadow says: root:$1$dVhFuDGx$YrOKRgTcjTCqEK75.z277/:15874:0:99999:7::: It shows "Lobster" and Linux version 3.10.27 (canjian@ubuntu) (gcc version 4.8.5 20150209 (prerelease) (Realtek RSDK-4.8.5p1 Build 2521) ) #1 PREEMPT Fri Dec 7 15:51:19 CST 2018
@Dobie007 Hi, I have the same camera, were you able to crack the password?
Hi,
Since the firmware is in an external flash i could patch the inittab file and get a working terminal. I got the idea out of the video i linked above.
This is the line i actually changed:
ttyS1::respawn:-/bin/sh
Since then it's lying around because i have no idea how to continue. (The runtime file would need to be changed or an alternative chipset software used)
I haven't cracked the password yet either, but I haven't gotten around to extracting the FW yet. Would it be possible for you to send it to me? That would help me a lot :) (https://drive.google.com/drive/folders/1q8jVospsmOQUF0f-Y5loyOJjMwOogVA1?usp=sharing)
Ive seen it asked for before here and other places but no answers. Any one can help with: $1$yFuJ6yns$33Bk0I91Ji0QMujkR/DPi1 ?
L18DAFENSG_AF_V0-A_XAHS-RTMP-H5 V3.3.2.1 build 2024-08-29 14:35:19
Ive tried all the dictionary attacks i could find and my AMD iGPU is now at its limit trying to brute force 8chars, could take me years
somebody knows ? root:$1$RiBtxRAG$PvXy3AX92u.mvo/UwXlTJ0:19404:0:99999:7::: user:$1$ri3K4P4s$ne/es0YuNHyn0rti8KJ2a.:19404:0:99999:7:::
Hi , did you find the password for these ? can you share them if yes . thank you .
$1$ $.MO09JyxBBNd9Xv0pXIqc0
lbtech2002
Hi everybody. Can you help me decrypt shadow on AK3918EN080 V200 (Anyka)? root:$1$6AHjBnTn$LvoexcPTiWwZP5fLfCGdv1:0:0:99999:7:::
Thank you for help.
Hi everybody. Can you help me decrypt shadow on AK3918EN080 V200 (Anyka)? root:$1$6AHjBnTn$LvoexcPTiWwZP5fLfCGdv1:0:0:99999:7:::
Thank you for help.I have the same hash on a device. Has anyone cracked it?
I know it's very late, but the password for this hash is yunyi666
root:$1$soidjfoi$9klIbmCLq2JjYwKfEA5rH1:10933:0:99999:7:::
help me with this to crack down anyone
I have the same password in the shadow file. Help please.
is there still a discord?
Hi everybody. Can you help me decrypt shadow on AK3918EN080 V200 (Anyka)? root:$1$6AHjBnTn$LvoexcPTiWwZP5fLfCGdv1:0:0:99999:7:::
Thank you for help.Hi everybody. Can you help me decrypt shadow on AK3918EN080 V200 (Anyka)? root:$1$6AHjBnTn$LvoexcPTiWwZP5fLfCGdv1:0:0:99999:7:::
Thank you for help.I have the same hash on a device. Has anyone cracked it?
I know it's very late, but the password for this hash is yunyi666
Oh thanks a lot! You saved me a ton of time!
Hello,
Can you help "decrypt" bellow hash:
root:$1$ouLOV500$zvYRvG33R/lxTS.9Gpz5H1
Model is: DENVER Indoor smart Wi-Fi_IP camera - IIC-172
SoC is: ANYKA AK3918EN080 V200 CDSJ02I22
Thanks in advance!
Hi everybody. Can you help me decrypt shadow on AK3918EN080 V200 (Anyka)? root:$1$6AHjBnTn$LvoexcPTiWwZP5fLfCGdv1:0:0:99999:7:::
Thank you for help.Hi everybody. Can you help me decrypt shadow on AK3918EN080 V200 (Anyka)? root:$1$6AHjBnTn$LvoexcPTiWwZP5fLfCGdv1:0:0:99999:7:::
Thank you for help.I have the same hash on a device. Has anyone cracked it?
I know it's very late, but the password for this hash is yunyi666
I have the same hash in shadow file,but the pwd doesn't seem to be that one.
How you found this? It should be md5crypt.
Using john:
βββ(stagnolaγΏkali)-[~/Scrivania/dump_firmware]
ββ$ mkdir try
βββ(stagnolaγΏkali)-[~/Scrivania/dump_firmware]
ββ$ cd try
βββ(stagnolaγΏkali)-[~/Scrivania/dump_firmware/try]
ββ$ touch root.hash
βββ(stagnolaγΏkali)-[~/Scrivania/dump_firmware/try]
ββ$ echo '$1$6AHjBnTn$LvoexcPTiWwZP5fLfCGdv1' > root.hash
βββ(stagnolaγΏkali)-[~/Scrivania/dump_firmware/try]
ββ$ cat root.hash
$1$6AHjBnTn$LvoexcPTiWwZP5fLfCGdv1
βββ(stagnolaγΏkali)-[~/Scrivania/dump_firmware/try]
ββ$ touch wordlist.txt
βββ(stagnolaγΏkali)-[~/Scrivania/dump_firmware/try]
ββ$ echo 'yunyi666' > wordlist.txt
βββ(stagnolaγΏkali)-[~/Scrivania/dump_firmware/try]
ββ$ john --wordlist=./wordlist.txt --format=md5crypt --fork=4 root.hash
Using default input encoding: UTF-8
Loaded 1 password hash (md5crypt, crypt(3) $1$ (and variants) [MD5 256/256 AVX2 8x3])
Node numbers 1-4 of 4 (fork)
4 0g 0:00:00:00 DONE (2025-10-05 11:00) 0g/s 0p/s 0c/s 0C/s
3 0g 0:00:00:00 DONE (2025-10-05 11:00) 0g/s 0p/s 0c/s 0C/s
2 0g 0:00:00:00 DONE (2025-10-05 11:00) 0g/s 0p/s 0c/s 0C/s
Press 'q' or Ctrl-C to abort, almost any other key for status
1: Warning: Only 1 candidate left, minimum 24 needed for performance.
1 0g 0:00:00:00 DONE (2025-10-05 11:00) 0g/s 50.00p/s 50.00c/s 50.00C/s yunyi666
Waiting for 3 children to terminate
Session completed.
βββ(stagnolaγΏkali)-[~/Scrivania/dump_firmware/try]
ββ$ john --show --format=md5crypt root.hash
0 password hashes cracked, 1 left
Has someone cracked it? I tried to use hashcat with mask: 8 letters,only numbers and lowercase character,but after 3 days it couldn't find the pwd.
Hi everybody. Can you help me decrypt shadow on AK3918EN080 V200 (Anyka)? root:$1$6AHjBnTn$LvoexcPTiWwZP5fLfCGdv1:0:0:99999:7:::
Thank you for help.Hi everybody. Can you help me decrypt shadow on AK3918EN080 V200 (Anyka)? root:$1$6AHjBnTn$LvoexcPTiWwZP5fLfCGdv1:0:0:99999:7:::
Thank you for help.I have the same hash on a device. Has anyone cracked it?
I know it's very late, but the password for this hash is yunyi666
I have the same hash in shadow file,but the pwd doesn't seem to be that one. How you found this? It should be md5crypt. Using john:
βββ(stagnolaγΏkali)-[~/Scrivania/dump_firmware] ββ$ mkdir try βββ(stagnolaγΏkali)-[~/Scrivania/dump_firmware] ββ$ cd try βββ(stagnolaγΏkali)-[~/Scrivania/dump_firmware/try] ββ$ touch root.hash βββ(stagnolaγΏkali)-[~/Scrivania/dump_firmware/try] ββ$ echo '$1$6AHjBnTn$LvoexcPTiWwZP5fLfCGdv1' > root.hash βββ(stagnolaγΏkali)-[~/Scrivania/dump_firmware/try] ββ$ cat root.hash $1$6AHjBnTn$LvoexcPTiWwZP5fLfCGdv1 βββ(stagnolaγΏkali)-[~/Scrivania/dump_firmware/try] ββ$ touch wordlist.txt βββ(stagnolaγΏkali)-[~/Scrivania/dump_firmware/try] ββ$ echo 'yunyi666' > wordlist.txt βββ(stagnolaγΏkali)-[~/Scrivania/dump_firmware/try] ββ$ john --wordlist=./wordlist.txt --format=md5crypt --fork=4 root.hash Using default input encoding: UTF-8 Loaded 1 password hash (md5crypt, crypt(3) $1$ (and variants) [MD5 256/256 AVX2 8x3]) Node numbers 1-4 of 4 (fork) 4 0g 0:00:00:00 DONE (2025-10-05 11:00) 0g/s 0p/s 0c/s 0C/s 3 0g 0:00:00:00 DONE (2025-10-05 11:00) 0g/s 0p/s 0c/s 0C/s 2 0g 0:00:00:00 DONE (2025-10-05 11:00) 0g/s 0p/s 0c/s 0C/s Press 'q' or Ctrl-C to abort, almost any other key for status 1: Warning: Only 1 candidate left, minimum 24 needed for performance. 1 0g 0:00:00:00 DONE (2025-10-05 11:00) 0g/s 50.00p/s 50.00c/s 50.00C/s yunyi666 Waiting for 3 children to terminate Session completed. βββ(stagnolaγΏkali)-[~/Scrivania/dump_firmware/try] ββ$ john --show --format=md5crypt root.hash 0 password hashes cracked, 1 leftHas someone cracked it? I tried to use hashcat with mask: 8 letters,only numbers and lowercase character,but after 3 days it couldn't find the pwd.
It is not clear md5. It is modified version.
Hi everybody. Can you help me decrypt shadow on AK3918EN080 V200 (Anyka)? root:$1$6AHjBnTn$LvoexcPTiWwZP5fLfCGdv1:0:0:99999:7:::
Thank you for help.Hi everybody. Can you help me decrypt shadow on AK3918EN080 V200 (Anyka)? root:$1$6AHjBnTn$LvoexcPTiWwZP5fLfCGdv1:0:0:99999:7:::
Thank you for help.I have the same hash on a device. Has anyone cracked it?
I know it's very late, but the password for this hash is yunyi666
I have the same hash in shadow file,but the pwd doesn't seem to be that one. How you found this? It should be md5crypt. Using john:
βββ(stagnolaγΏkali)-[~/Scrivania/dump_firmware] ββ$ mkdir try βββ(stagnolaγΏkali)-[~/Scrivania/dump_firmware] ββ$ cd try βββ(stagnolaγΏkali)-[~/Scrivania/dump_firmware/try] ββ$ touch root.hash βββ(stagnolaγΏkali)-[~/Scrivania/dump_firmware/try] ββ$ echo '$1$6AHjBnTn$LvoexcPTiWwZP5fLfCGdv1' > root.hash βββ(stagnolaγΏkali)-[~/Scrivania/dump_firmware/try] ββ$ cat root.hash $1$6AHjBnTn$LvoexcPTiWwZP5fLfCGdv1 βββ(stagnolaγΏkali)-[~/Scrivania/dump_firmware/try] ββ$ touch wordlist.txt βββ(stagnolaγΏkali)-[~/Scrivania/dump_firmware/try] ββ$ echo 'yunyi666' > wordlist.txt βββ(stagnolaγΏkali)-[~/Scrivania/dump_firmware/try] ββ$ john --wordlist=./wordlist.txt --format=md5crypt --fork=4 root.hash Using default input encoding: UTF-8 Loaded 1 password hash (md5crypt, crypt(3) $1$ (and variants) [MD5 256/256 AVX2 8x3]) Node numbers 1-4 of 4 (fork) 4 0g 0:00:00:00 DONE (2025-10-05 11:00) 0g/s 0p/s 0c/s 0C/s 3 0g 0:00:00:00 DONE (2025-10-05 11:00) 0g/s 0p/s 0c/s 0C/s 2 0g 0:00:00:00 DONE (2025-10-05 11:00) 0g/s 0p/s 0c/s 0C/s Press 'q' or Ctrl-C to abort, almost any other key for status 1: Warning: Only 1 candidate left, minimum 24 needed for performance. 1 0g 0:00:00:00 DONE (2025-10-05 11:00) 0g/s 50.00p/s 50.00c/s 50.00C/s yunyi666 Waiting for 3 children to terminate Session completed. βββ(stagnolaγΏkali)-[~/Scrivania/dump_firmware/try] ββ$ john --show --format=md5crypt root.hash 0 password hashes cracked, 1 leftHas someone cracked it? I tried to use hashcat with mask: 8 letters,only numbers and lowercase character,but after 3 days it couldn't find the pwd.
It is not clear md5. It is modified version.
Can you tell me more about this?
Btw I can't access U-Boot either.
On my camera looks like u-boot disables prompt until kernel is loaded.
My only one way is to modify firmware,change shadow pwd and flash it back so I can login as root
Btw I can't access U-Boot either. On my camera looks like u-boot disables prompt until kernel is loaded. My only one way is to modify firmware,change shadow pwd and flash it back so I can login as root
As i remember, hashing algorithm in some library modified by vendor, so you must make hash with same algorithm and write hash in shadow pwd. Than system can compare hash from pass you entered with hash in shadow pwd.
Btw I can't access U-Boot either. On my camera looks like u-boot disables prompt until kernel is loaded. My only one way is to modify firmware,change shadow pwd and flash it back so I can login as root
As i remember, hashing algorithm in some library modified by vendor, so you must make hash with same algorithm and write hash in shadow pwd. Than system can compare hash from pass you entered with hash in shadow pwd.
Yeah that was kinda clear from your last message. I tried the password βyunyi666β (a guy here said was that one)to auth to device and it doesnβt work.
What you mean with βlibraries modified by the vendorβ?
Are there some libraries with source?
Hi. Ho, there is no source of libraries. You only can extract file from firmware and make reverse engineering with Ghidra or IDA Pro.
You can try to find some more info in telegram group "OpenIPC User"
++Update:
There you go @chrismclellen π
@foxyc btw there was no custom algorithm. That was md5crypt
++Update:
There you go @chrismclellen π
@foxyc btw there was no custom algorithm. That was md5crypt
Sorry, I must have confused this camera with another one that used modified base64.
I am working on a camera with the root hash $1$lPbKHYLS$r6JMTEm949/hCMv85Fsx9/ anyone been able to crack it?
Technaxx TX-61 (FI9803W board from Foscam with Hi3518CV100 SoC)
root / ak47agai
worked for me
root:$1$soidjfoi$9klIbmCLq2JjYwKfEA5rH1:10933:0:99999:7:::
help me with this to crack down anyoneI have the same password in the shadow file. Help please.
Hey there... I'm also searching for this one.Did you find it somewhere? Can you please help me?
There is a chance you guys can find password for your hashes bruteforcing, but it will hardly work without spending days on it.
I tried a lot of different masks and lenght, been bruteforcing (with 3060ti overclocked) my hash for days with no luck.
You could be luckier then me,but I find it kinda hard.
I wrote an article (still in progress),if you want more info,look here,it's my public repo about my hacking journey.
https://github.com/Lawliet95/ANYKA-Tuya-Hacking-Journey-AK3918v200EN080-v200
root:$1$soidjfoi$9klIbmCLq2JjYwKfEA5rH1:10933:0:99999:7:::
help me with this to crack down anyone