Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Let me know if you find anything that isnt on this list that should be added
- Collection of shodan keywords for webcams :
- webcamxp
- webcam 7
- IPCamera_Logo (admin/admin)
- Vivotek Network Camera -401
- Server: SQ-WEBCAM (admin/admin)
- maygion (admin/admin)
- Netwave IP Camera (foscam exploit)
- Server: U S Software Web
- yawcam
- Android Webcam Server -Authenticate
- Server: i-Catcher Console
- ADH-web
- Server: VB100
- Auther: Steven Wu
- title:'+tm01+'
- D-Link Internet Camera 200
- imagiatek ipcam (admin/)
- Server: VCS-VideoJet-Webserver
- Boa ipcam (admin/123456)
- hikvision Content-Length: 1341 (admin/12345)
- "webcam" "last-modified"
- has_screenshot:true -port:5900 -port:5901 -port:6000
- Content-Length: 695 (root/pass)
- title:"NetCamXL"
- title:"WVC210 Wireless-G PTZ Internet Camera with Audio"
- d-Link Internet Camera, 200 OK
- title:"DCS-5300G" Server: D-Link Internet Camera
- title:"Login cgicc form" (admin/)
- LNE3003 Wireless IP Camera (admin/admin)
- title:"DCS-5220 IP camera"
- title:"Web Viewer for Samsung DVR" Content-Length: 2524 (admin/4321)
- title:"IP CAMERA Viewer" Content-Length: 703
- abelcam
- Brickcom
- admin/admin
- or try
- rtsp://ip/channel1
- sometimes no auth needed for rtsp :-)
- also work on vlc :
- http://admin:admin@ip/channel1
- Downloader:
- https://drive.google.com/open?id=1HJhQ8U02RA1cJ3ipBE_OwVlS8c48w8y3
- List Parser:
- https://drive.google.com/open?id=143_ZiTA_9e-kDPVDdQ_S7aDMo3KEr_iP
- Make Shodan your bitch with Joe's TamperMonkey script:
- https://pastebin.com/apGYXCiT
- Or strip down to URLs only with this TamperMonkey script:
- https://pastebin.com/a4m85aK4
- Loonix
- https://pastebin.com/fm9dM8q7
- Grabb CCTV all Type (foscam , axis , sony , ..)
- https://github.com/CCrashBandicot/IPCam
- https://github.com/CCrashBandicot/IPCam/blob/master/netcam_viewer.sh
- If you want do do some CLI shit, you might want to start with this code. Updated to download kcore files but it will not parse out credentials.
- Netcam Firmware
- https://pastebin.com/2HBvR2ye
- Shodan IPCam Extractor by Arsouill3
- v1.0
- https://pastebin.com/RjdhjFBh
- v2.0
- https://pastebin.com/N6FjMRYC
- iSpy "Add Foscam" button
- Diff file for commit 28fcbda3b9ef345adac54fdf098e2c1e1dd5a5d3
- https://pastebin.com/hM8R4fNj
- Adds a "Foscam (and Knockoffs)" button to the iSpy "Add Camera" dropdown. You enter the camera IP, username, and password, and it automatically sets up the camera for you.
- BUILD YOUR LIST
- For the sake of efficiency an evil hacker would want to build a list of IP cameras in order to test them for 1) default credentials and 2) vulnerability to exploits.
- It's not a requirement, though. Casuals can use Joe's Foscam Helper, which is a TamperMonkey script that enhances Shodan results (most current version linked in OP).
- Back to list building…
- https://www.shodan.io/search?query=%22netwave+ip+camera%22
- Shodan.io crawls the web testing IPs and ports. The "netwave ip camera" string matches FOSCAM camera IPs. Since this exploit has a distance limit of a few hundred miles you should add "country" and/or "city" filters to your search.
- Evil's "links only" TamperMonkey script makes the process of collecting links much faster (most current version linked in OP).
- BUILD YOUR LIST
- For the sake of efficiency an evil hacker would want to build a list of IP cameras in order to test them for 1) default credentials and 2) vulnerability to exploits.
- It's not a requirement, though. Casuals can use Joe's Foscam Helper, which is a TamperMonkey script that enhances Shodan results (most current version linked in OP).
- Back to list building…
- https://www.shodan.io/search?query=%22netwave+ip+camera%22
- Shodan.io crawls the web testing IPs and ports. The "netwave ip camera" string matches FOSCAM camera IPs. Since this exploit has a distance limit of a few hundred miles you should add "country" and/or "city" filters to your search.
- Evil's "links only" TamperMonkey script makes the process of collecting links much faster (most current version linked in OP).
- GET CAMS: WINDOWS
- This used to be a pretty manual process but thanks to Joe's File Downloader and Parser you too can get your hands on fresh cams!
- Most current mega links are in the OP.
- FILE DOWNLOADER
- add instructions or features list
- PARSER
- 1. Drag bruteforce log file onto "ListMasterFlex.exe"
- 2. Wait
- How to configure:
- Open settings.xml and edit certain values. If you break the config, just delete it and re-open the program. It will reset to default.
- <BackgroundColor> - Background color of overlay in hex argb
- <ForegroundColor> - Foreground color (font) of overlay in hex argb
- <FontFamily>
- <FontSize>
- <OutputFormat> - Format string for overlay. {0} = IP, {1} = username, {2} = password
- <OutputFolder>
- <SaveParams> - If true, also saves "get_params.cgi"
- <SaveStatus> - If true, also saves "get_status.cgi"
- <Threads> - Number of threads. Higher amount means it will go faster, but it will also be more demanding. Recommended 4, not recommended above 25.
- <MaxTries> - Number of times to retry connecting to the camera.
- <SnapshotTimeout> - Timeout to get snapshot in ms
- <PageTimeout> - Timeout to get misc pages in ms (Params, Status)
- <MaintenanceEnabled> - If true, performs maintenance on the settings file. (Currently, adds a trailing slash to the output folder
- <SnapshotFormat> - Image output format. Options: "png", "jpg", "bmp"
- GET CAMS: LINUX
- Create your IP list and run the script. Output includes
- - List of cams with default creds
- - List of cams with kcore vulnerability (optional)
- - HTML file "viewer" for default creds
- - kcore files (optional)
- Instructions are in the bash comments.
- Most current pastebin link with source is in the OP
- WHILE YOU WERE AWAY
- Windows users highly recommend BlueIris: http://blueirissoftware.com/
- Full version:
- Link Coming Soon!
- ISpy software itself isnt the best its better to go with the web version (Less CPU):
- http://www.ispyconnect.com/download-agent.aspx
- For Linux (and maybe OSX) folks you can try ZoneMinder. My experience is that ZM works but the motion detection is horrible (too sensitive) so you might go through a large HDD every day or two.
- http://www.zoneminder.com/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement