Alternative way of recovering HikVision NVR password

Let's hope so!

The admin password for the MAIN DECK HIKVISION DS-2CD2232-I5 - 482311325 camera is
12345
Thank you, this camera user and password I can find using a hexedit, but do you have any idea how to extract/find the admin password for the Nvr? The guy who installed it is gone and I need to add new ip cameras, without admin it is useless unfortunately
 
do you have any idea how to extract/find the admin password for the Nvr
The 'trojan horse method' of finding an NVR admin password depends on the fact that apart from the later versions of NVR firmware, it was the NVR admin password that was used to 'activate' an 'inactive' camera when first plugged in to an NVR PoE port.
And then the backdoor vulnerability of camera firmware of 5.4.0 or earlier could be used to extract the camera configuration file to reveal the camera password. Which was usually also the NVR admin password.

Earlier firmware than 5.3.0 does not have the active/inactive facility, it still uses the old default passwords of 12345 and 123456789abc which the NVR will try first when connecting the camera.
That may explain why the '12345' password was extracted. You may have to update the camera firmware a little for this method to work.

So - did you follow these steps :
Reset to default settings (ie 'inactive') a camera with firmware between 5.3.0 and 5.4.0 when not connected to the NVR.
Connect the camera to the NVR PoE port and wait for it to be 'activated' by the NVR and go online.
Extract the configuration file using the backdoor vulnerability.
Decrypt and decode the file to reveal the admin password.
 
The 'trojan horse method' of finding an NVR admin password depends on the fact that apart from the later versions of NVR firmware, it was the NVR admin password that was used to 'activate' an 'inactive' camera when first plugged in to an NVR PoE port.
And then the backdoor vulnerability of camera firmware of 5.4.0 or earlier could be used to extract the camera configuration file to reveal the camera password. Which was usually also the NVR admin password.

Earlier firmware than 5.3.0 does not have the active/inactive facility, it still uses the old default passwords of 12345 and 123456789abc which the NVR will try first when connecting the camera.
That may explain why the '12345' password was extracted. You may have to update the camera firmware a little for this method to work.

So - did you follow these steps :
Reset to default settings (ie 'inactive') a camera with firmware between 5.3.0 and 5.4.0 when not connected to the NVR.
Connect the camera to the NVR PoE port and wait for it to be 'activated' by the NVR and go online.
Extract the configuration file using the backdoor vulnerability.
Decrypt and decode the file to reveal the admin password.
Thank you so much! This is what I was trying to do right now.