i Exploit IP Camera – All things in moderation

Exploit IP Camera

Hi guys,

Recently, I learned about IP camera devices to serve my work. I have found some pretty good knowledge. In this post, I will share to you the little knowledge I have learned.

What is Ip camera?

An Internet Protocol camera, or IP camera, is a type of digital video camera that receives control data and sends image data via the Internet. They are commonly used for surveillance. Unlike analog closed-circuit television(CCTV) cameras, they require no local recording device, but only a local area network. Most IP cameras are webcams, but the term IP camera or netcam usually applies only to those used for surveillance that can be directly accessed over a network connection.(Wikipedia)

Some IP cameras require support of a central network video recorder (NVR) to handle the recording, video and alarm management. Others are able to operate in a decentralized manner with no NVR needed, as the camera is able to record directly to any local or remote storage media. The first centralized IP camera was Axis Neteye 200, released in 1996 by Axis Communications.(Wikipedia)

The methods to hack Ip camera

  • Use a website that shows hacked CCTV cameras

This is not really hacking, but it’s the easiest method. You just visit a website that list a lot of hacked CCTV cameras and you just need to watch them.

Those website are created by hackers that get into IP CCTV cameras or DVRs (Digital Video Recorders) and let the information available for you for free.

So, in the end of the day you are not hacking anything but just watching CCTV camera that have been hacked by somebody else.

See below an example of a website that show such hacked CCTV cameras:

The website lists CCTV hacked cameras around the world and organize them by manufacturers, countries, places, cities and timezone. 

See below an example of live CCTV cameras installed on malls.

ip camera exploit

The website administrator claims that this The world biggest directory of online surveillance security cameras and that no privacy of individuals will be respected by showing only filtered cameras (whatever this means).

According to a message in the main page, the CCTV camera can be removed from the site when somebody send an email asking for it.

  • Hack CCTV camera using default passwords

When installing cctv devices the user did not change the default configuration, especially the username, that password gave the hacker the opportunity to hack into those devices and perform malicious actions.

For each manufacturer, we list the username first and pasword section in the following format: username/password. Where manufacturers have multiple defaults:

Camera Manufacturer username Password Default IP
3xLogic admin 12345
ACTi Admin 123456
ACTi admin 123456
Arecont admin DHCP
Amcrest admin admin DHCP
American Dynamics admin admin DHCP
American Dynamics admin 9999 DHCP
Arecont Vision none DHCP
AvertX admin 1234 DHCP
Avigilon admin admin DHCP
Avigilon Administrator DHCP
Axis root pass
Axis root
Basler admin admin DHCP
Bosch none DHCP
Bosch service service
Bosch Dinion
Brickcom admin admin
Canon root camera DHCP
Canon root Model # of camera
CBC Ganz admin admin 192.168.100.x
Cisco no default
CNB root admin
Costar root root DHCP
Dahua admin admin
Dahua 888888 888888
Dahua 666666 666666
Digital Watchdog admin admin DHCP
DRS admin 1234 DHCP
DVtel Admin 1234
DynaColor Admin 1234 DHCP
FLIR admin fliradmin DHCP
FLIR (Dahua OEM) admin admin DHCP
FLIR (Quasar/Ariel) admin admin DHCP
Foscam admin DHCP
GeoVision admin admin
Grandstream admin admin
GVI Admin 1234
HIKVision admin 12345
Honeywell admin 1234 DHCP
Honeywell administrator 1234 DHCP
IndigoVision (Ultra) none DHCP
IndigoVision (BX/GX) Admin 1234 DHCP
Intellio admin admin DHCP
Interlogix admin 1234 DHCP
IOImage admin admin
IQInvision root system DHCP
IPX-DDK root admin
IPX-DDK root Admin
JVC admin jvc DHCP
JVC admin Model # of Camera DHCP
Longse admin 12345 DHCP
Lorex admin admin DHCP
LTS admin 12345 DHCP
March Networks admin DHCP
Merit Lilin Camera admin pass DHCP
Merit Lilin Recorder admin 1111 DHCP
Messoa admin Model # of Camera
Mobotix admin meinsm DHCP
Northern admin 12345 DHCP
Oncam admin admin DHCP
Panasonic admin 12345
Panasonic admin1 password
Pelco admin admin DHCP
PiXORD admin admin
PiXORD root pass
Q-See admin admin DHCP
Q-See admin 123456 DHCP
QVIS Admin 1234
Reolink admin DHCP
Samsung Electronics root root DHCP
Samsung Electronics admin 4321 DHCP
Samsung Techwin (old) admin 1111111 DHCP
Samsung (new) admin 4321 DHCP
Samsung root 4321
Samsung root admin
Samsung admin 4321
Samsung admin 1111111
Sanyo admin admin
Scallop admin password DHCP
Sentry360 (mini) admin 1234 DHCP
Sentry360 (pro) none DHCP
Sentry 360 Admin 1234
Sony admin admin
Speco admin 1234 DHCP
Speco root root
Speco admin admin
Stardot admin admin DHCP
Starvedia admin DHCP
Sunell admin admin DHCP
Swann admin 12345 DHCP
Trendnet admin admin DHCP
Toshiba root ikwd DHCP
Toshiba root ikwb
VideoIQ supervisor supervisor DHCP
Vivotek root DHCP
Ubiquiti ubnt ubnt
Uniview admin 123456 DHCP
Verint admin admin DHCP
VideoIQ supervisor supervisor DHCP
Vivotek root DHCP
W-Box (Hikvision OEM, old) admin wbox123 DHCP
W-Box (Sunell OEM, new) admin admin DHCP
Wodsee admin DHCP

To make the exploit we can use the Hydra tool.

ip camera exploit

Example: hydra -l Username -P password.txt IP:port(victim)

File password.txt


ip camera exploit


  • Hack CCTV camera using exploit vulnerabilities

In this section, we have a lot of exploitation options. In the article scope of my article, I will introduce you a tool to exploit the error of Netwave IP cameras.


Framework for obtaining all the credentials stored in vulnerable Netwave IP cameras. Can be used to break into IP cameras, use for research only.


You’re required to install Python 3.x

apt-get install python3

You also require to have Shodan module installed

pip install shodan

You need cURL for this to work as well

apt-get install curl

Using Shodan API

This tool requires you to own an upgraded Shodan API

You may obtain one for free in Shodan if you sign up using a .edu email.




Leave a Reply