hacking webcameras

[DNR]

Hacking webcams
Using Search engines
part one

Type this in google search box
inurl:viewerframe?
inurl:ViewerFrame?Mode=motion

++edited++

intitle:liveapplet inurl:LvAppl
allintitle:Brains, Corp. camera
inurl:indexFrame.shtml Axis
intitle:"WJ-NT104 Main Page"
inurl:"ViewerFrame?Mode="
intitle:"Live View / - AXIS" | inurl:view/view.shtml^
(intext:"MOBOTIX M1" | intext:"MOBOTIX M10") intext:"Open Menu" Shift-Reload
inurl:start.htm?scrw=
inurl:axis-cgi
inurl:"S=320x240" | inurl:"S=160x120" inurl:"Q=Mobile"
inurl:"next_file=main_fs.htm" inurl:img inurl:image.cgi
"Display Cameras" intitle:"Express6 Live Image"

e:
inurl:/view/index.shtml
inurl:"ViewerFrame?Mode="
inurl:netw_tcp.shtml
intitle:"supervisioncam protocol"
inurl:CgiStart?page=Single
inurl:indexFrame.shtml?newstyle=Quad
intitle:liveapplet
inurl:LvAppl
inurl:/showcam.php?camid
inurl:video.cgi?resolution=
inurl:image?cachebust=
intitle:"Live View / - AXIS"
inurl:view/view.shtml
intext:"MOBOTIX M1"
intext:"Open Menu"
intitle:snc-rz30
inurl:home/
inurl:"MultiCameraFrame?Mode="
intitle:"EvoCam"
inurl:"webcam.html"
intitle:"Live NetSnap Cam-Server feed"
intitle:"Live View / - AXIS 206M"
intitle:"Live View / - AXIS 206W"
intitle:"Live View / - AXIS 210"
inurl:indexFrame.shtml Axis
inurl:"ViewerFrame?Mode="
inurl:"MultiCameraFrame?Mode=Motion"
intitle:start
inurl:cgistart
intitle:"WJ-NT104 Main Page"
intext:"MOBOTIX M1"
intext:"Open Menu"
intext:"MOBOTIX M10"
intext:"Open Menu"
intext:"MOBOTIX D10"
intext:"Open Menu"
intitle:snc-z20 inurl:home/
intitle:snc-cs3 inurl:home/
intitle:snc-rz30 inurl:home/
intitle:"sony network camera snc-p1"
intitle:"sony network camera snc-m1"
intitle:"Toshiba Network Camera" user login
intitle:"netcam live image"
intitle:"i-Catcher Console - Web Monitor"
inurl:/home/home

++++ happy surfing, hope you get some sleep lolz ++

I came up with a control panel here:
http://wanwanhouse.homeip.net/ViewerFrame?Mode=Motion

So I can search for

inurl:homeip.net/viewerFrame?Mode=Motion

and I find..

http://live1000r.homeip.net:81/ViewerFrame?Mode=Motion
http://kurohime.homeip.net:8080/ViewerF ... Language=9

so I search for
inurl:homeip.net:8080/ViewerFrame?Mode=Motion
and I assume I can also change the port number (8080) to 81 too

But I find better luck with just plain old;
inurl:homeip.net/viewerFrame?Mode=Motion

I finally end up here:

http://daichi-yokohama.homeip.net/CgiStart?page=Single
It is another control panel for the webcam, now, up near the top left of the screen you see a camera icon, click on it and you'll see this person's room!

http://daichi-yokohama.homeip.net/CgiSn ... Language=1


I end up here

http://daichi-itabashi.homeip.net/CgiStart?page=Single

You can mouse over the japanese text on the buttons, and the browser (ie7) will show the html code for that button and its english.

I find a drop down menu on the left side and its frame rate for the camera, now it becomes live!


http://daichi-itabashi.homeip.net/CgiSt ... Language=1

the RPeriod is the number I chose for frame rate
You can now move the camera!

I goto
http://daichi-ebisu.homeip.net/CgiStart?page=Single

no image, but I use the drop down menu and choose refresh rate, and its active now!
http://daichi-ebisu.homeip.net/CgiStart ... Language=1
I can move the camera here too lolz

If you can't read japanese try this

the top left button with take you to the page to change the language, try to mouse over the choices in the middle of the page ...

This did not work, so I did this:
http://daichi-ebisu.homeip.net/CgiStart ... Language=2
when you make a selection, change the # after language to 2, 2 must mean english, 1 meaning japanese.

So this japanese
http://daichi-ebisu.homeip.net/CgiStart ... Language=1

becomes English

http://daichi-ebisu.homeip.net/CgiStart ... Language=2


Of course this 'hack' works on apparently panasonic cameras.

I changed the inurl: to
inurl:CgiStart?page=Single&Resolution

and I found these:

http://kingy.viewnetcam.com/CgiStart?pa ... Language=0

http://gpigs.trebacz.com:50000/CgiStart ... Language=0

http://rfn.tzo.com:3000/CgiStart?page=S ... Language=0

http://takachiho.dip.jp:81/CgiStart?pag ... Language=1

So it is not specific to homeip.net

This one has multicameras on someone's small server room lolz

http://193.138.213.167/CgiStart?page=Mu ... ode=Motion

This is not a hack to me, but a leaky sneaky thing to search for when you are bored and sitting on a bunch of search engines..
more camera 'hacks; later

DNR

[CommonStray]

tsk tsk DNR dont you think think this should go in the tut section ^^

lol, dont worry we can move it later :p

good stuff, very interesting seeing how i talked to a local business owner recently about assessing his security between business's seems he owns a few places and can watch all his cameras from his office desk etc...anyways man keep up with the great stuff

[ayu]

oh, interesting indeed. Nice DNR ^^

This might actually be something fun to do when killing time late at nights

[isapiens]

so why do people connect their cameras to servers that broadcast them?
Are we supposed to be able to see this or did they just fuck it up?

[DNR]

People think they have anonymity because of the IP address, thinking it is too complicated. A nettech can simply make a link in a 'favorites' folder, so that person could simply click and see their camera. Simplicity makes for easy hacks.

If you take a look, a few of the control panels for cameras were locked - requiring a user/password. So I could not refresh the image or move the camera.

The tools were there, but human error/laziness prevails. I imagine a few cameras still have default admin/set up user/passwords.
(If I found them, I don't know if I would post them here )

I would have the camera locked and not use the default folder for saving shots.

Another lesson, this could actually make a good way to get someone to install a trojan on their computer - many of those camera appz required me to download a active-x control, why not make a fake page, on a webcam port, and have a trojan waiting. Thats a decent honeypot

DNR

[Big-E]

to download a active-x control, why not make a fake page, on a webcam port, and have a trojan waiting. Thats a decent honeypot

DNR

I can see it now, "18yo college girl webcam free" .

[isapiens]

something tells me they have plenty of those already...

[TheKingOfHearts]

it would be cool to see a viral video on one of those

check this one its a school
http://217.206.230.24:8080/simple.htm?feed=Killingworth
hopefully a parking lot fight would appear soon

thanks a lot DNR you really took it far
ive known this hack but not for so many cam models
and basically just the two first lines lol

is there a way to search also using keywords or location?

[DNR]

Hey Killer

check out this:
Restrict by Domain, region, or date (important for 0 day sploits)
http://www.google.com/advanced_search

got to drill down your NFO.

DNR

[DNR]

I feel a need to make a statement about this thread, just in case someone thinks I was being reckless in posting this thread.

As an admin of suck-o I knew I had to take on responsibility with the rank. The job pays nothing, and sometimes it is a thankless task. It does have its privileges, the grace of B_B. Him I owe, so off to work I go.

A couple of things were in play here, the strategy;
1. Find a thread topic to generate traffic, a decent discussion and page hits.
2. Write about something that I like, something that other members or visitors would like to read. Sometimes old topics can be revived, and written in a different perspective. The webcam hack was a year old.
3. Suck-o is a non-conformist forum, it is not just technical bullshit, it is also a forum for the hacker personality. FrankB was such an example (not to take his name lightly GBHS). The thread was not a Tut as CB suggested, but a rant.


Intruding on a network or device is a crime, and a moral decision.
I can't condone wrong, but I have to expose myself to the forum. I was just trying to make a connection, trying to speak in a language others might understand.

I don't want someone hacking my webcam, if I know how its done, I am safe. If you want to learn how to traverse directories on webservers, control a botnet, crash a computer, it is your decision.

DNR

This was a test, we will now return to your regular programming

[bad_brain]

hehe...I really missed your posts, man..

[DNR]

D-Link Techinical data on webcams
They provide Emulators so you can see features for each system.
And here are the default user/passwords :>

Cameras Configuration Default Username Default Password
DCS-900 Rev. A Web Based , IPView , D-View Cam & Active X Plugin admin blank
DCS-900 Rev. B Web Based , IPView & D-View Cam admin blank
DCS-900W Web Based , IPView , D-View Cam & Active X Plugin blank blank
DCS-950 Web Based , IPView & D-View Cam admin admin
DCS-950G Web Based , IPView & D-View Cam admin admin
DCS-G900 Web Based , IPView & D-View Cam blank blank
DCS-1000 Web Based & IPView blank blank
DCS-1000W Rev. A Web Based , IPView & Active X Plugin blank blank
DCS-1000W Rev. B Web Based , IPView & Active X Plugin blank blank
DCS-1110 Web Based & IP View & D-View Cam admin admin
DCS-2000 Web Based , IP Surveillance & D-View Cam admin blank
DCS-2100 IP Surveillance & D-View Cam admin blank
DCS-2100+ Web Based , IP Surveillance & D-View Cam admin blank
DCS-2100G Web Based , IP Surveillance & D-View Cam admin blank
DCS-2120 Web Based , IP Surveillance & D-View Cam admin blank
DCS-3220 Web Based , IP Surveillance & D-View Cam admin blank
DCS-3220G Web Based , IP Surveillance & D-View Cam admin blank
DCS-3420 Web Based , IP Surveillance & D-View Cam admin blank
DCS-5220 IP Surveillance & D-View Cam admin blank
DCS-5300 Web Based , IP Surveillance & D-View Cam admin blank
DCS-5300G Web Based , IP Surveillance & D-View Cam admin blank
DCS-5300W Web Based , IP Surveillance & D-View Cam admin blank
DCS-6620 Web Based , IP Surveillance & D-View Cam admin blank
DCS-6620G Web Based , IP Surveillance & D-View Cam admin blank

Get IPview lite
http://www.driverskit.com/freedownload/ ... 18260.html
----------
Mobotix
http://artofhacking.com/etc/passwd-mobotix.htm
Product Version Port / Protocol Username Default Password Access
M10 HTTP admin meinsm 192.168.x.x
Look up the tech manuals yourself
---------
Axis Cameras
http://www.axis.com/techsup/faq/index.php?id=390
When trying to edit the unit's configuration the user is prompted with a login dialog asking for Username and Password.
Answer
Username: root
Password: pass

software to control device
http://www.axis.com/techsup/software/index.htm
----------
IPIX cameras
viewers, firmware, manuals
http://www.ipix.com/downloads.html

----------
Project unfinished

DNR

[DNR]

/bumped

I guess I'll work on this project again..
Watch for updates soon.

DNR

[Consumerwhore]

There is no way I'm getting any sleep tonight = /

[DNR]

this office setup still works

http://193.138.213.167/CgiStart?page=Mu ... ode=Motion

I still cut and pasted parts of the script to inurl: request like so on Google's Advanced Search page

Find web pages that have...CgiStart?page=Multi&Language=0&Page=1&Interval
all these words:
this exact wording or phrase: tip
one or more of these words

and I came up with some weird, unappropriate response:


http://221.251.109.90:84/CgiStart?page= ... esolution= ... http://taganka.cpms.ru/cam.php?cam=1 http://taganka.cpms.ru/cam.php?cam=2

huh it was some russians version of google dorks!

This is the html version of the file http://mysmart.ru/forum/index.php?act=P ... f=7&t=4167.
Google automatically generates html versions of documents as we crawl the web.


Версия для печати темы


Нажмите сюда для просмотра этой темы в обычном формате


Mysmart _ Зона без курения _ Подглядываем в Web камеры


Автор: Zico 23.11.2007, 14:25


Упс заходим в google.com и вводим в поиск вот это inurl:viewerframe?mode= открываем ссылочки и подглядываем в чужие веб камеры))) Камерами можно управлять, поворачивать.

вот еще несколько возможных запросов в google для поиска камер
inurl:"ViewerFrame?Mode="
inurl:netw_tcp.shtml
intitle:"supervisioncam protocol"
inurl:CgiStart?page=Single
inurl:indexFrame.shtml?newstyle=Quad
intitle:liveapplet inurl:LvAppl
inurl:/showcam.php?camid
inurl:video.cgi?resolution=
inurl:image?cachebust=
intitle:"Live View / - AXIS"
inurl:view/view.shtml
intext:"MOBOTIX M1"
intext:"Open Menu"
intitle:snc-rz30
inurl:home/
inurl:"MultiCameraFrame?Mode="
intitle:"EvoCam" inurl:"webcam.html"
intitle:"Live NetSnap Cam-Server feed"
intitle:"Live View / - AXIS 206M"
intitle:"Live View / - AXIS 206W"
intitle:"Live View / - AXIS 210"
inurl:indexFrame.shtml Axis
inurl:"ViewerFrame?Mode="
inurl:"MultiCameraFrame?Mode=Motion"
intitle:start inurl:cgistart
intitle:start inurl:cgistart
intext:"MOBOTIX M1" intext:"Open Menu"
intext:"MOBOTIX M10" intext:"Open Menu"
intext:"MOBOTIX D10" intext:"Open Menu"
intitle:snc-z20 inurl:home/
intitle:snc-cs3 inurl:home/
intitle:snc-rz30 inurl:home/
intitle:"sony network camera snc-p1"
intitle:"sony network camera snc-m1"
site:.viewnetcam.com -http://www.viewnetcam.com
intitle:"Toshiba Network Camera" user login
intitle:"netcam live image"
intitle:"i-Catcher Console - Web Monitor"
inurl:/home/home
\"TOSHIBA Network Camera - User Login\"
inurl:home/homeJ.html
inurl:"ViewerFrame?Mode="
inurl:netw_tcp.shtml
intitle:"supervisioncam protocol"
inurl:CgiStart?page=Single
inurl:indexFrame.shtml?newstyle=Quad
intitle:liveapplet inurl:LvAppl
inurl:/showcam.php?camid
inurl:video.cgi?resolution=
inurl:image?cachebust=
intitle:"Live View / - AXIS"
inurl:view/view.shtml
intext:"MOBOTIX M1"
intext:"Open Menu"
intitle:snc-rz30
inurl:home/
inurl:"MultiCameraFrame?Mode="
intitle:"EvoCam" inurl:"webcam.html"
intitle:"Live NetSnap Cam-Server feed"
intitle:"Live View / - AXIS 206M"
intitle:"Live View / - AXIS 206W"
intitle:"Live View / - AXIS 210"
inurl:indexFrame.shtml Axis
inurl:"ViewerFrame?Mode="
inurl:"MultiCameraFrame?Mode=Motion"
intitle:start inurl:cgistart
intitle:"WJ-NT104 Main Page"
intext:"MOBOTIX M1" intext:"Open Menu"
intext:"MOBOTIX M10" intext:"Open Menu"
intext:"MOBOTIX D10" intext:"Open Menu"
intitle:snc-z20 inurl:home/
intitle:snc-cs3 inurl:home/
intitle:snc-rz30 inurl:home/
intitle:"sony network camera snc-p1"
intitle:"sony network camera snc-m1"
site:.viewnetcam.com -http://www.viewnetcam.com
intitle:"Toshiba Network Camera" user login
intitle:"netcam live image"
intitle:"i-Catcher Console - Web Monitor"
inurl:/home/home

Пишем в комменты ссылки на интересные камеры)


Автор: Zico 23.11.2007, 14:36


http://221.251.109.90:84/CgiStart?page= ... ayout=Div4


Автор: Убийца матрешек 27.11.2007, 16:04


...


Автор: corvax 27.11.2007, 23:35


Нужна! У меня питон скоро проснется как раз!


Автор: Gazza 28.11.2007, 1:08


хаха
вышел на вебкамеру с каким-то мужичком

он увидел, что я управляю камерой и помахал рукой
я ему в ответ покачал камерой вверх-вниз
технологии млин

А вот это самые крутые вебкамеры москвы с видеопотоком, а не просто картинками. Всем иностранцам показываю...

http://taganka.cpms.ru/cam.php?cam=1

http://taganka.cpms.ru/cam.php?cam=2

http://taganka.cpms.ru/cam.php?cam=3

--- the above link works, a city view somewhere..

But I know
http://kurohime.homeip.net:8080/ViewerF ... Language=7

works, you'll have to allow active script to install to view and operate the cameras. It is a nice view of japan mountian - no porn. No control options.
Set the Language= to 2 for english

The method is still the same cut and input url code to search engines and see if they picked any webpages up with those keywords. The problem is google and others have caught on and probably filter this stuff out.

DNR