i Exploit IP Camera – All things in moderation

Exploit IP Camera

Hi guys,

Recently, I learned about IP camera devices to serve my work. I have found some pretty good knowledge. In this post, I will share to you the little knowledge I have learned.

What is Ip camera?

An Internet Protocol camera, or IP camera, is a type of digital video camera that receives control data and sends image data via the Internet. They are commonly used for surveillance. Unlike analog closed-circuit television(CCTV) cameras, they require no local recording device, but only a local area network. Most IP cameras are webcams, but the term IP camera or netcam usually applies only to those used for surveillance that can be directly accessed over a network connection.(Wikipedia)

Some IP cameras require support of a central network video recorder (NVR) to handle the recording, video and alarm management. Others are able to operate in a decentralized manner with no NVR needed, as the camera is able to record directly to any local or remote storage media. The first centralized IP camera was Axis Neteye 200, released in 1996 by Axis Communications.(Wikipedia)

The methods to hack Ip camera

  • Use a website that shows hacked CCTV cameras

This is not really hacking, but it’s the easiest method. You just visit a website that list a lot of hacked CCTV cameras and you just need to watch them.

Those website are created by hackers that get into IP CCTV cameras or DVRs (Digital Video Recorders) and let the information available for you for free.

So, in the end of the day you are not hacking anything but just watching CCTV camera that have been hacked by somebody else.

See below an example of a website that show such hacked CCTV cameras:

The website lists CCTV hacked cameras around the world and organize them by manufacturers, countries, places, cities and timezone. 

See below an example of live CCTV cameras installed on malls.

ip camera exploit

The website administrator claims that this The world biggest directory of online surveillance security cameras and that no privacy of individuals will be respected by showing only filtered cameras (whatever this means).

According to a message in the main page, the CCTV camera can be removed from the site when somebody send an email asking for it.

  • Hack CCTV camera using default passwords

When installing cctv devices the user did not change the default configuration, especially the username, that password gave the hacker the opportunity to hack into those devices and perform malicious actions.

For each manufacturer, we list the username first and pasword section in the following format: username/password. Where manufacturers have multiple defaults:

Camera Manufacturer username Password Default IP
3xLogic admin 12345 192.0.0.64
ACTi Admin 123456 192.168.0.100
ACTi admin 123456 192.168.0.100
Arecont admin DHCP
Amcrest admin admin DHCP
American Dynamics admin admin DHCP
American Dynamics admin 9999 DHCP
Arecont Vision none DHCP
AvertX admin 1234 DHCP
Avigilon admin admin DHCP
Avigilon Administrator DHCP
Axis root pass 192.168.0.90
Axis root 192.168.0.90
Basler admin admin DHCP
Bosch none DHCP
Bosch service service 192.168.0.1
Bosch Dinion 192.168.0.1
Brickcom admin admin 192.168.1.1
Canon root camera DHCP
Canon root Model # of camera 192.168.100.1
CBC Ganz admin admin 192.168.100.x
Cisco no default 192.168.0.100
CNB root admin 192.168.123.100
Costar root root DHCP
Dahua admin admin 192.168.1.108
Dahua 888888 888888 192.168.1.108
Dahua 666666 666666 192.168.1.108
Digital Watchdog admin admin DHCP
DRS admin 1234 DHCP
DVtel Admin 1234 192.168.0.250
DynaColor Admin 1234 DHCP
FLIR admin fliradmin DHCP
FLIR (Dahua OEM) admin admin DHCP
FLIR (Quasar/Ariel) admin admin DHCP
Foscam admin DHCP
GeoVision admin admin 192.168.0.10
Grandstream admin admin 192.168.1.168
GVI Admin 1234 192.168.0.250
HIKVision admin 12345 192.0.0.64
Honeywell admin 1234 DHCP
Honeywell administrator 1234 DHCP
IndigoVision (Ultra) none DHCP
IndigoVision (BX/GX) Admin 1234 DHCP
Intellio admin admin DHCP
Interlogix admin 1234 DHCP
IOImage admin admin 192.168.123.10
IQInvision root system DHCP
IPX-DDK root admin 192.168.1.168
IPX-DDK root Admin 192.168.1.168
JVC admin jvc DHCP
JVC admin Model # of Camera DHCP
Longse admin 12345 DHCP
Lorex admin admin DHCP
LTS admin 12345 DHCP
March Networks admin DHCP
Merit Lilin Camera admin pass DHCP
Merit Lilin Recorder admin 1111 DHCP
Messoa admin Model # of Camera 192.168.1.30
Mobotix admin meinsm DHCP
Northern admin 12345 DHCP
Oncam admin admin DHCP
Panasonic admin 12345 192.168.0.253
Panasonic admin1 password 192.168.0.253
Pelco admin admin DHCP
PiXORD admin admin 192.168.0.200
PiXORD root pass 192.168.0.200
Q-See admin admin DHCP
Q-See admin 123456 DHCP
QVIS Admin 1234 192.168.0.250
Reolink admin DHCP
Samsung Electronics root root DHCP
Samsung Electronics admin 4321 DHCP
Samsung Techwin (old) admin 1111111 DHCP
Samsung (new) admin 4321 DHCP
Samsung root 4321 192.168.1.200
Samsung root admin 192.168.1.200
Samsung admin 4321 192.168.1.200
Samsung admin 1111111 192.168.1.200
Sanyo admin admin 192.168.0.2
Scallop admin password DHCP
Sentry360 (mini) admin 1234 DHCP
Sentry360 (pro) none DHCP
Sentry 360 Admin 1234 192.168.0.250
Sony admin admin 192.168.0.100
Speco admin 1234 DHCP
Speco root root 192.168.1.7
Speco admin admin 192.168.1.7
Stardot admin admin DHCP
Starvedia admin DHCP
Sunell admin admin DHCP
Swann admin 12345 DHCP
Trendnet admin admin DHCP
Toshiba root ikwd DHCP
Toshiba root ikwb 192.168.0.30
VideoIQ supervisor supervisor DHCP
Vivotek root DHCP
Ubiquiti ubnt ubnt 192.168.1.20
Uniview admin 123456 DHCP
Verint admin admin DHCP
VideoIQ supervisor supervisor DHCP
Vivotek root DHCP
W-Box (Hikvision OEM, old) admin wbox123 DHCP
W-Box (Sunell OEM, new) admin admin DHCP
Wodsee admin DHCP

To make the exploit we can use the Hydra tool.

ip camera exploit

Example: hydra -l Username -P password.txt IP:port(victim)

File password.txt

Result:

ip camera exploit

 

  • Hack CCTV camera using exploit vulnerabilities

In this section, we have a lot of exploitation options. In the article scope of my article, I will introduce you a tool to exploit the error of Netwave IP cameras.

NETSCRAPED EXPLOIT TOOL

Framework for obtaining all the credentials stored in vulnerable Netwave IP cameras. Can be used to break into IP cameras, use for research only.

Prerequisites

You’re required to install Python 3.x

apt-get install python3

You also require to have Shodan module installed

pip install shodan

You need cURL for this to work as well

apt-get install curl

Using Shodan API

This tool requires you to own an upgraded Shodan API

You may obtain one for free in Shodan if you sign up using a .edu email.

Result:

 

 

Leave a Reply