Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help me hack my camera


  • Please log in to reply
4 replies to this topic

#1 dantose

dantose

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 27 April 2017 - 07:25 PM

ok, so I picked up this cheap IP cam to crew around with, and as I was looking around for info, got some cool ideas:

 

20170428_083157.jpg

 

Now, you've never heard of "carpo cam" because it's a chinese rebrand. The model number, CP-7892wip, shows up in a google search with a near match on T-7892wip which is on a list of webcams with known vulnerabilities. A port scan shows 


Discovered open port 23/tcp on 192.168.0.111

Discovered open port 81/tcp on 192.168.0.111

Discovered open port 8600/tcp on 192.168.0.111


Not shown: 64726 closed ports, 806 filtered ports

PORT     STATE SERVICE    VERSION

23/tcp   open  telnet     BusyBox telnetd

81/tcp   open  tcpwrapped

8600/tcp open  tcpwrapped

MAC Address: XXXXXXXXX (Ferran Scientific)

Device type: general purpose

Running: Linux 2.6.X

OS CPE: cpe:/o:linux:linux_kernel:2.6

OS details: Linux 2.6.9 - 2.6.30


TCP Sequence Prediction: Difficulty=202 (Good luck!)

IP ID Sequence Generation: All zeros



TRACEROUTE

HOP RTT     ADDRESS

1   2.31 ms 192.168.0.111


So, 3 ports, some version of linux. Most notably, there's that telnet port on 23. I've tried a few passwords from similar situations, root:123456/111111/888888, etc, but no luck so far.

 

The stream I guess is on 81, no HTTP service found, no ftp, no rtsp.

 

I've done some brief poking around with wireshark, but nothing jumped out at me of particular utility. I'll try again when I have time to really dig through it. I'm hoping to snag the stream password/protocols from that. 



BC AdBot (Login to Remove)

 


#2 Captain_Chicken

Captain_Chicken

  • BC Advisor
  • 1,354 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:12 PM

Posted 27 April 2017 - 09:22 PM

If you have nikto installed do nikto -h (ipaddress). If it's not installed, do sudo apt-get install nikto

Computer Collection:

Spoiler

Spoiler

Spoiler

Spoiler

#3 dantose

dantose
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 28 April 2017 - 06:09 PM

If you have nikto installed do nikto -h (ipaddress). If it's not installed, do sudo apt-get install nikto

Hmm... haven't played around with that one. Really, I haven't played with much of any of this stuff for over a decade, so I've been havign to relearn a bunch



#4 dantose

dantose
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 05 May 2017 - 06:21 PM

If you have nikto installed do nikto -h (ipaddress). If it's not installed, do sudo apt-get install nikto

no web server found on [ip]

 

Finally got off my butt and downloaded a live image of Kali. Just need to figure out which tool will be best for cracking the telnet login. I think Hydra is supposed to work, but need to get a decent list and sit down to figure out the arguments it takes.

 

EDIT: update

 

So, hydra yielded a predictably weak password of root:1234

 

However, when i try and actually telnet in it's saying wrong password. Hmm...

 

Any ideas?

 

EDIT2: ok, weird. Just ran it again and it hit on root:shadow. Thinking false positive


Edited by dantose, 06 May 2017 - 12:14 AM.


#5 phughes0510

phughes0510

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 11 January 2018 - 09:32 PM

dantose, 

I have the same camera and lost my software and instructions... I came across your port scan and started looking around on my camera. I found that if you just look for the web server on port 81 'http://(ipaddress):81'. it would connect to the web interface and give you the option to download the software and manage the camera. In your case, just use 'http://192.168.0.111:81'. The web interface has security and the username/password should be printed on the back of the camera (mine was admin/888888).

 

I know this is an old post, but hope this either helps you or other users...

Good luck,

Patrick






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users