Wiping out user and/or root password in embedded linux

We have a security camera system running an embedded linux. It boots with Lilo as a bootloader and has no tty access once booted. I don't know any username either.

SSH/22 is open, but I don't think brute force is an option.

I have tried all the common tricks to reset a linux user password (boot from the bootloader in single user mode = doesn't happen, still prompts for user login, boot to a live cd = can't access the file system...it's all loop files and other binary, etc etc), but they are all not possible as it is an embedded linux setup the way it is.

Any help/suggestions would be appreciated. Thanks


Solution 1:

Ended up getting in to the running system command line with root access via a serial console cable. Found nowhere in documentation, but with a little Cisco, HP, etc. console cable experience, and @Gilles pointing it out, gave me enough motivation to work on it and get it done.

EDIT: Although I don't have access to the system anymore to test, I believe the method of editing the /etc/shadow would have worked out:

http://geekswing.com/geek/resetting-root-password-on-a-linux-system-using-clonezilla/