alastairstevenson
Staff member
Let's hope so!
The admin password for the MAIN DECK HIKVISION DS-2CD2232-I5 - 482311325 camera is
12345
Alternative way of recovering HikVision NVR password
- Thread starter Pjlord
- Start date
The admin password for the MAIN DECK HIKVISION DS-2CD2232-I5 - 482311325 camera is
12345
Thank you, this camera user and password I can find using a hexedit, but do you have any idea how to extract/find the admin password for the Nvr? The guy who installed it is gone and I need to add new ip cameras, without admin it is useless unfortunately
alastairstevenson
Staff member
The 'trojan horse method' of finding an NVR admin password depends on the fact that apart from the later versions of NVR firmware, it was the NVR admin password that was used to 'activate' an 'inactive' camera when first plugged in to an NVR PoE port.
And then the backdoor vulnerability of camera firmware of 5.4.0 or earlier could be used to extract the camera configuration file to reveal the camera password. Which was usually also the NVR admin password.
Earlier firmware than 5.3.0 does not have the active/inactive facility, it still uses the old default passwords of 12345 and 123456789abc which the NVR will try first when connecting the camera.
That may explain why the '12345' password was extracted. You may have to update the camera firmware a little for this method to work.
So - did you follow these steps :
Reset to default settings (ie 'inactive') a camera with firmware between 5.3.0 and 5.4.0 when not connected to the NVR.
Connect the camera to the NVR PoE port and wait for it to be 'activated' by the NVR and go online.
Extract the configuration file using the backdoor vulnerability.
Decrypt and decode the file to reveal the admin password.
trempa92
Getting comfortable
alastairstevenson
Staff member
Haha! You beat me to it.
4,5,6 are indicators that those cameras have been hacked using inbound internet access.
4,5,6 are indicators that those cameras have been hacked using inbound internet access.
Hi Everyone: I just got an NVR from ebay and the owner doesn't have the password because his dad passed away. Before he gives me my money back, I may try this method.
Getting the camera's password is easy enough (with SADP & getting the config file with the special link to the camera). I've tried it and there's a site that decrypts the file, and I verified that the password shown is indeed the one for the camera.
My question is: Can I force the NVR's password onto the camera I have (V 5.4.0) WITHOUT resetting the camera to factory defaults?
I ask because I'm using iVMS4200 and I set it up a LONG time ago and wouldn't remember the millions of settings I'd have to fiddle with forever to get it back to what I have now. I have 4 cameras and have been working well for 11 years without me changing anything.
Thank you in advance for any input anyone has!
-Tony
Getting the camera's password is easy enough (with SADP & getting the config file with the special link to the camera). I've tried it and there's a site that decrypts the file, and I verified that the password shown is indeed the one for the camera.
My question is: Can I force the NVR's password onto the camera I have (V 5.4.0) WITHOUT resetting the camera to factory defaults?
I ask because I'm using iVMS4200 and I set it up a LONG time ago and wouldn't remember the millions of settings I'd have to fiddle with forever to get it back to what I have now. I have 4 cameras and have been working well for 11 years without me changing anything.
Thank you in advance for any input anyone has!
-Tony
alastairstevenson
Staff member
Not with this method - it relies on the NVR 'Activating' the camera with what's usually the NVR password.
However - as you have the current password for the camera, and have been able to extract the camera configuration file, after you've used the camera to pull the NVR password, and therefore have the different password (hopefully also that of the NVR) you should be able to use that to apply the previously exported camera configuration file back to the camera, to put it back to how it was.