That directory contained the binaries that were run to function as an IPTV, as well as some very basic configuration infromation - but unfortunately nothing very helpful. Looking around on the STBs showed that they were pretty much stateless, and were setup to NFS mount a directory from a server who's address they got via DHCP. Step 2 Complete - root access on every STB in the entire hotel! Picking an IP address one higher than that from the STB in my room, I found I was also able to telnet to that system, and again login with the same root password. Of course, what works on one STB should also work on the rest of the STBs in the hotel - presuming that the network would actually let me connect to them.
Step 1 Complete - root access on the STB in my room!
The "development builds" comment didn't leave me all that hopeful, but I can't say I was overly surprised when I typed in the password and landed at a root prompt!
Back to Google, and in a few minutes I had the full users guide for a similar Amino STB, including the details for the default root password : More importantly, the banner message when connecting with telnet stated that the STB was actually an "Amino" brand. From there it didn't take much to find the IP of the STB, and discover that it allowed telnet access. Next step was to get my hands on a small ethernet switch (US$7 at a local computer store!) to allow me to get my computer on the network at the same time as the STB. The box itself was branded as "2M-Locatel", which led to some interesting details on the web, but nothing that helped actually access it. The results were, as you can probably guess from the default password comment above, very interesting. Whilst recently staying in a hotel in Asia that used an external STB I decided to do some digging into the system to see how secure it was. Many of these use IPTVs, but a small number use external Set-Top Boxes (STB) of various forms. More and more of the hotels I stay at use some form of IP-based system for the in-room TV. That might seem obvious, but it's amazing how frequently default passwords seem to turn up. Unchanged vendor default passwords are bad. Scott's Blog Random mumblings of a Global SE Hacking IPTV, or why default passwords are bad.