ILDVR IP Camera Telnet password?

[SergeiF]

Hi,
While I was looking for Dahua and Hikvision alternatives I stumbled upon ILDVR (via some russian review site).
Here are my findings: http://sergei.nz/ildvr-inc-mh40d06/
TL;DR: hardware is fine, firmware is real crap.
I wanted to poke around the actual shell, only problem is that manufacturer is not willing to provide the telnet password (or firmware image). While there is no way to close telnet off.
I decided not to buy more of their cameras until I get access to innards of it (so I can strip out unnecessary bits and close the backdoor that they left open).

Meanwhile I wait for RS232 adaptor (so can dump the firmware and poke around), does anyone recognize the board:

http://sergei.nz/wp-content/uploads/2015/12/INC-MH40D06_SoC.jpg
http://sergei.nz/wp-content/uploads/2015/12/INC-MH40D06_lens.jpg
http://sergei.nz/wp-content/uploads/2015/12/INC-MH40D06_sensor.jpg

And what is the telnet password? (I have tried all combinations of hi35XX, sc35XX, etc).

I have tried to exploit with remote command execution without success...

 

[alastairstevenson]

The GUI does not look familiar, nor does the board.
Some passwords I have used, with root or admin:
xmhdipc, cat1029, username=MayGion and password=maygion.com

 

[SergeiF]

The GUI does not look familiar, nor does the board.
Some passwords I have used, with root or admin:
xmhdipc, cat1029, username=MayGion and password=maygion.com

Thanks, none of them worked...


This is what telnet prompt looks like:

ipc login:

 

[SergeiF]

I managed to get shell, but not via telnet.
I got in via RS232:
http://sergei.nz/ildvr-inc-mh40d06-or-hacking-cheap-chinese-camera/
The software that camera runs is really crappy. I found hardcoded username/password for web UI.
I am running John The Ripper against the passwd hash (but I doubt I will get anywhere).
Since this firmware has been setup by morons it is possible to replace a lot of things for better.

I wish was DD-WRT/Open-WRT/Tomato equivalent for ip cameras...