I picked up a used Fortinet CB20 bullet-type cam (cheap, of course!). Seems like a well-built cam (2mp 2.8-12mm manual vari-focal with PoE and coax video out). It gets an IP via DHCP or takes 192.168.1.245 if no DHCP server is available. There's a web UI on port 80 (uses an activeX plugin), but I don't have the admin password and seller claims to not know it. No obvious reset button or pin hole on the camera body. Nothing in the 'hatch' except the varifocal control wands. I took off the front cover, but find no visible reset button, without further dis-assembly. NMAP shows it has port 23 open (telnet) so I'm running John the Ripper against it. From what I've managed to google, the cam originally ships with a blank password and the FortiRecorder software assigns one based on the mac address (hashed somehow, i suppose, and probably pretty long) No support from Fortinet of course, as I haven't bought the cam from them (they sell for like $300+ new...)
Does anyone know if/how this cam can be factory reset? Would save some time vs letting JTR do it's thing. Once cracked and/or reset, will need to find the rtsp:// URL, if any...
TIA, Paul.
Does anyone know if/how this cam can be factory reset? Would save some time vs letting JTR do it's thing. Once cracked and/or reset, will need to find the rtsp:// URL, if any...
TIA, Paul.
Last edited: