Technical Discussion
  >> Home Networking, Internet Connection Sharing, etc.


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | (show all)   Print Thread
Standard User dwg1
(regular) Fri 25-Jan-19 22:26:34
Print Post

Telnet help please


[link to this post]
 
Hi all, I could do with some help. I have a CCTV DVR which accepts ping requests, but I don't seem to be able to Telnet into it. Does anyone have any ideas? Thanks in advance smile
Administrator MrSaffron
(staff) Fri 25-Jan-19 22:34:28
Print Post

Re: Telnet help please


[re: dwg1] [link to this post]
 
Not all devices support telnet access, are you sure it has a telnet interface

The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
Standard User dwg1
(regular) Fri 25-Jan-19 22:39:23
Print Post

Re: Telnet help please


[re: MrSaffron] [link to this post]
 
Ahhhh that could be it. It is able to be configured to connect to a FTP server, but I don't know if that is any use anyway. I am looking at the possibly of installing a Syslog server on it. Your help is much appreciated smile


Register (or login) on our website and you will not see this ad.

Administrator MrSaffron
(staff) Fri 25-Jan-19 22:46:52
Print Post

Re: Telnet help please


[re: dwg1] [link to this post]
 
With no make/model chance of getting help is close to zero

Configuring to upload image/video to a FTP server is an expected option on a CCTV device, installing syslog etc is not something they'd have coded for

The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
Standard User dwg1
(regular) Fri 25-Jan-19 23:02:58
Print Post

Re: Telnet help please


[re: MrSaffron] [link to this post]
 
This did cross my mind... The make of the DVR is Floureon, I think it is running standard cheap but functioning firmware. On the net, some have reported being able to Telnet into similar boxes. As a side note I have a additional router with a USB port in it (the one that does the logging hasn't). I wonder if that could do the trick some way?
Standard User Michael_Chare
(fountain of knowledge) Sat 26-Jan-19 17:17:08
Print Post

Re: Telnet help please


[re: dwg1] [link to this post]
 
You could try ssh rather than telnet. For ssh I use Bitvise Tunnelier. There may be something in the menus to enable telnet or ssh.

Michael Chare

Edited by Michael_Chare (Sat 26-Jan-19 17:19:59)

Standard User ukhardy07
(knowledge is power) Sat 26-Jan-19 19:02:45
Print Post

Re: Telnet help please


[re: dwg1] [link to this post]
 
TELNET is insecure and offers no encryption, industry best practice if followed by vendors will dictate it is disabled. SSH is a secure alternative, and that might be available on your device.
Standard User caffn8me
(eat-sleep-adslguide) Sat 26-Jan-19 22:37:53
Print Post

Re: Telnet help please


[re: dwg1] [link to this post]
 
Just out of curiosity, does the DVR offer something called “XMEye P2P Cloud” to view video images remotely?

If so, you might want to read this.

As ukhardy07 states, telnet isn't secure and should never be used for remote access. FTP is also completely insecure. SSH may be more secure but not all implementations of SSH are secure. You may also have a password which is weak or the device may have a hardcoded default admin password which cannot be changed.

Sarah

--
If I can't drink my bowl of coffee three times daily, then in my torment, I will shrivel up like a piece of roast goat

Spiders on coffee - Badass spiders on drugs
Standard User dwg1
(regular) Sun 27-Jan-19 02:10:51
Print Post

Re: Telnet help please


[re: caffn8me] [link to this post]
 
Thank you everyone for your quality input. The DVR isn't exposed to the Web, but does have the cloud capabilities that has been mentioned (thank you for that link, it was interesting reading) smile . The DVR is connected to my LAN with a false gateway address (the DVR won't accept a blank gateway). IPv6 is a unknown (it won't let me access the configuration applet), and returns a "get config from device failed" message. IPv6 is disabled on the router, with all ports set to stealth. I shall look into SSH, and reply in due course. Thanks once again smile
Standard User dwg1
(regular) Sun 27-Jan-19 23:43:11
Print Post

Re: Telnet help please


[re: dwg1] [link to this post]
 
I tried SSH, again no go... seems silly though that I can ping the box...
Standard User IanBB
(committed) Sun 27-Jan-19 23:57:56
Print Post

Re: Telnet help please


[re: dwg1] [link to this post]
 
I can ping my Now TV Smart Stick...
Standard User dwg1
(regular) Mon 28-Jan-19 13:09:16
Print Post

Re: Telnet help please


[re: dwg1] [link to this post]
 
I think I see your point smile
Standard User teshy
(newbie) Mon 28-Jan-19 16:40:49
Print Post

Re: Telnet help please


[re: dwg1] [link to this post]
 
I have a CCTV DVR installed by a local security company and I have been meaning to try this in order to secure the DVR. I think the company had access to it via the cloud app. Your question prompted me to try to get into its admin console, and here is what I have been able to do so far.

I couldn't telnet to it, however, using a web browser (I had to use Internet Explorer because Chrome and Firefox did not allow required plugins to load, although I am sure there must be a way to use these) I could get to its web admin console.

Search for your model number and default admin user name and password (unless of course you already know the credentials). I got into mine in less than a minute and changed its admin password and set a static IP address. There are a number of settings in the web admin console, although I could not find any to enable Telnet or SSH. At least now I know the installing company cannot get into the system - the cloud app on my phone stopped working and I had to enter the new password into the app).

I connected a USB mouse and keyboard, along with an old VGA monitor to the DVR and was able to access its console although, as yet, I have not been able to do much with it apart from view the various camera feeds.

I'll explore it further later.

Out of curiosity, what are you trying to achieve by using telnet to access the DVR?

Edited by teshy (Mon 28-Jan-19 16:43:30)

Standard User dwg1
(regular) Tue 29-Jan-19 02:46:55
Print Post

Re: Telnet help please


[re: teshy] [link to this post]
 
The problem with the GUI, is it's limited to its CCTV/DVR configurations. As the box is connected to the LAN 24/7, (not internet) it seemed to make sense at looking into the possibility of being able to use it for forwarding the router logs to... So far no joy though, but thank you for sharing smile
Standard User caffn8me
(eat-sleep-adslguide) Tue 29-Jan-19 09:45:44
Print Post

Re: Telnet help please


[re: teshy] [link to this post]
 
In reply to a post by teshy:
At least now I know the installing company cannot get into the system
Except they can. It's not just the installers who can still get in, it's anyone and it's trivial. You have missed a key point in both my post and the article I linked to. I knew about the hardcoded default password from firsthand experience but it is confirmed in the SEC Consult article;

even if the device has been secured by changing the admin password, it can be accessed via the XMEye cloud via the “default” user.

In a related post; SEC Consult say;

SEC Consult advises not to use the products of Xiongmai and any 3rd party OEM device associated with the XMeye cloud feature.

Workaround

There are no workarounds available as the devices are connected via the cloud, the usual recommendations changing default passwords, strict firewalling and network segmentation unfortunately do not mitigate the whole range of discovered issues.


Sarah

--
If I can't drink my bowl of coffee three times daily, then in my torment, I will shrivel up like a piece of roast goat

Spiders on coffee - Badass spiders on drugs
Administrator MrSaffron
(staff) Tue 29-Jan-19 11:15:09
Print Post

Re: Telnet help please


[re: dwg1] [link to this post]
 
If wanting to go down the DIY route for this you probably want a LINUX box that you can control, and perhaps a Raspberry PI meets that at a low cost

The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
Standard User teshy
(newbie) Tue 29-Jan-19 11:54:26
Print Post

Re: Telnet help please


[re: caffn8me] [link to this post]
 
Except they can. It's not just the installers who can still get in, it's anyone and it's trivial. You have missed a key point in both my post and the article I linked to. I knew about the hardcoded default password from firsthand experience but it is confirmed in the SEC Consult article;


Thanks for the information about it being trivial to get into the DVR. I hadn't actually read your post, I was replying to dwg1's original post.

I don't think I am using any of the products mentioned in the link you posted, however, at least now I know of the vulnerability in these devices.
Pages in this thread: 1 | 2 | (show all)   Print Thread

Jump to