API tools faq
paste
Advertisement
RedBirdTeam

Cámaras Foscam y dispositivos de red claves codificadas

RedBirdTeam
May 19th, 2018
331
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.94 KB | None | 0 0
raw download clone embed print report
  1. Todas las cámaras y dispositivos de red de Foscam utilizan la misma clave privada SSL que está codificada en el firmware descargable. Las claves se extrajeron utilizando la utilidad 'binwalk' y permiten a un atacante a MITM cualquier dispositivo Foscam.
  2.  
  3. Dos problemas en uno que anulan SSL en dispositivos foscam:
  4. Todas las cámaras en red de Foscam usan la misma clave privada SSL que está codificada en el firmware descargable. Esto se extrae fácilmente usando una utilidad como binwalk y permitiría a un atacante a MITM cualquier dispositivo Foscam.Las claves SSL de un dispositivo son válidas para cualquier otro dispositivo. Ver los certificados CN a continuación: *.myfoscam.org
  5.  
  6. A continuación se encuentran los certificados ssl de dos dispositivos foscam.
  7.  
  8. openssl s_client -connect [REDACTED]myfoscam.org:443
  9.  
  10. CONNECTED(00000003)
  11. depth=0 C = CN, ST = Guangdong, L = Shenzhen, O = "Shenzhen Foscam Intelligent Technology Co,Ltd", CN = *.myfoscam.org
  12. verify error:num=20:unable to get local issuer certificate
  13. verify return:1
  14. depth=0 C = CN, ST = Guangdong, L = Shenzhen, O = "Shenzhen Foscam Intelligent Technology Co,Ltd", CN = *.myfoscam.org
  15. verify error:num=21:unable to verify the first certificate
  16. verify return:1
  17. ---
  18. Certificate chain
  19. 0 s:/C=CN/ST=Guangdong/L=Shenzhen/O=Shenzhen Foscam Intelligent Technology Co,Ltd/CN=*.myfoscam.org
  20. i:/C=CN/O=WoSign CA Limited/CN=WoSign Class 3 OV Server CA
  21. ---
  22. Server certificate
  23. -----BEGIN CERTIFICATE-----
  24. MIIFFDCCA/ygAwIBAgIQEMpzCCRnnDOkG7I+cxTlKTANBgkqhkiG9w0BAQUFADBP
  25. MQswCQYDVQQGEwJDTjEaMBgGA1UEChMRV29TaWduIENBIExpbWl0ZWQxJDAiBgNV
  26. BAMTG1dvU2lnbiBDbGFzcyAzIE9WIFNlcnZlciBDQTAeFw0xNTA0MDcwODIwMDda
  27. Fw0xNjEyMDcwOTIwMDdaMIGFMQswCQYDVQQGEwJDTjESMBAGA1UECAwJR3Vhbmdk
  28. b25nMREwDwYDVQQHDAhTaGVuemhlbjE2MDQGA1UECgwtU2hlbnpoZW4gRm9zY2Ft
  29. IEludGVsbGlnZW50IFRlY2hub2xvZ3kgQ28sTHRkMRcwFQYDVQQDDA4qLm15Zm9z
  30. Y2FtLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK8H1eeluYBP
  31. 7x/7DLKPGneAnI9LWdMYbo+dIQKsyxQXRPOL+eWpQ/aWm/TAy0i4eDxmE0F7HmEn
  32. Y/m3Prl7TweSvFYcthDn77bJTXjbdKdLPFxc34j/KC2AdaJOJzGVJfmPuSVk2NW+
  33. mQyZxFuMU0X8M88+HwPX7leADUAjNdNIGcw4BG9xCrTY/6N/tk9an5iOHc+WKRQm
  34. P6S+2xCSHIUETpbPlpbRnk+FYDP8KLqdLwTgECIYEfsefNdasACyQ9EafWF1C683
  35. iuMAxtRe+mghklQoWYeslA6FhDcIZilPPkgnWjjqIkkAn+ik1q521aI3fUz/iGfM
  36. ugsGMuBmck0CAwEAAaOCAbMwggGvMAsGA1UdDwQEAwIFoDAdBgNVHSUEFjAUBggr
  37. BgEFBQcDAgYIKwYBBQUHAwEwCQYDVR0TBAIwADAdBgNVHQ4EFgQUYf1ztHxahhue
  38. DsBxwaJJhZHpTAIwHwYDVR0jBBgwFoAUYi6B2eNCeRSjzdlUim743pWqj5gwfwYI
  39. KwYBBQUHAQEEczBxMDUGCCsGAQUFBzABhilodHRwOi8vb2NzcDEud29zaWduLmNv
  40. bS9jbGFzczMvc2VydmVyL2NhMTA4BggrBgEFBQcwAoYsaHR0cDovL2FpYTEud29z
  41. aWduLmNvbS9jbGFzczMuc2VydmVyLmNhMS5jZXIwOQYDVR0fBDIwMDAuoCygKoYo
  42. aHR0cDovL2NybHMxLndvc2lnbi5jb20vY2ExLXNlcnZlci0zLmNybDAnBgNVHREE
  43. IDAegg4qLm15Zm9zY2FtLm9yZ4IMbXlmb3NjYW0ub3JnMFEGA1UdIARKMEgwCAYG
  44. Z4EMAQICMDwGDSsGAQQBgptRAQMCAQIwKzApBggrBgEFBQcCARYdaHR0cDovL3d3
  45. dy53b3NpZ24uY29tL3BvbGljeS8wDQYJKoZIhvcNAQEFBQADggEBAFSLG5spzqWY
  46. qzZmHTYvNPwFSF6AD1VXksIaqKvrj4x4tOR5JQz3JBpgHpchaxQlv0VxA12lmGRY
  47. kkF7vK48yVwlZkV6+ScYiK2PAVxpyJqqA42cv0vbna+cgoSbw5zz6/VjWdiAlqbl
  48. lS5Su2FsVuPJBEIbRXQshRJycmxG9JqKOWQRSNvxdO59EHyYSmo+avNLzGl218R4
  49. FeF4fEP4/QHmOPNzrDMFzfXFdlsO3T3WeXcmgeSyNGev9d6EwhP+LRJsawpVdRAq
  50. f1sqtSGbqN3iGQrEQeGMCDAE+U7nzTTCWBcFXg8O5077kiB/MZtx2kDpZf2p3qqt
  51. OVAbevhaNsE=
  52. -----END CERTIFICATE-----
  53. subject=/C=CN/ST=Guangdong/L=Shenzhen/O=Shenzhen Foscam Intelligent Technology Co,Ltd/CN=*.myfoscam.org
  54. issuer=/C=CN/O=WoSign CA Limited/CN=WoSign Class 3 OV Server CA
  55.  
  56. openssl s_client -connect [REDACTED]myfoscam.org:443
  57.  
  58.  
  59. CONNECTED(00000003)
  60.  
  61. depth=0 C = CN, ST = Guangdong, L = Shenzhen, O = "Shenzhen Foscam Intelligent Technology Co,Ltd", CN = *.myfoscam.org
  62. verify error:num=20:unable to get local issuer certificate
  63. verify return:1
  64. depth=0 C = CN, ST = Guangdong, L = Shenzhen, O = "Shenzhen Foscam Intelligent Technology Co,Ltd", CN = *.myfoscam.org
  65. verify error:num=21:unable to verify the first certificate
  66. verify return:1
  67. ---
  68. Certificate chain
  69. 0 s:/C=CN/ST=Guangdong/L=Shenzhen/O=Shenzhen Foscam Intelligent Technology Co,Ltd/CN=*.myfoscam.org
  70. i:/C=CN/O=WoSign CA Limited/CN=WoSign Class 3 OV Server CA
  71. ---
  72. Server certificate
  73. -----BEGIN CERTIFICATE-----
  74. MIIFFDCCA/ygAwIBAgIQEMpzCCRnnDOkG7I+cxTlKTANBgkqhkiG9w0BAQUFADBP
  75. MQswCQYDVQQGEwJDTjEaMBgGA1UEChMRV29TaWduIENBIExpbWl0ZWQxJDAiBgNV
  76. BAMTG1dvU2lnbiBDbGFzcyAzIE9WIFNlcnZlciBDQTAeFw0xNTA0MDcwODIwMDda
  77. Fw0xNjEyMDcwOTIwMDdaMIGFMQswCQYDVQQGEwJDTjESMBAGA1UECAwJR3Vhbmdk
  78. b25nMREwDwYDVQQHDAhTaGVuemhlbjE2MDQGA1UECgwtU2hlbnpoZW4gRm9zY2Ft
  79. IEludGVsbGlnZW50IFRlY2hub2xvZ3kgQ28sTHRkMRcwFQYDVQQDDA4qLm15Zm9z
  80. Y2FtLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK8H1eeluYBP
  81. 7x/7DLKPGneAnI9LWdMYbo+dIQKsyxQXRPOL+eWpQ/aWm/TAy0i4eDxmE0F7HmEn
  82. Y/m3Prl7TweSvFYcthDn77bJTXjbdKdLPFxc34j/KC2AdaJOJzGVJfmPuSVk2NW+
  83. mQyZxFuMU0X8M88+HwPX7leADUAjNdNIGcw4BG9xCrTY/6N/tk9an5iOHc+WKRQm
  84. P6S+2xCSHIUETpbPlpbRnk+FYDP8KLqdLwTgECIYEfsefNdasACyQ9EafWF1C683
  85. iuMAxtRe+mghklQoWYeslA6FhDcIZilPPkgnWjjqIkkAn+ik1q521aI3fUz/iGfM
  86. ugsGMuBmck0CAwEAAaOCAbMwggGvMAsGA1UdDwQEAwIFoDAdBgNVHSUEFjAUBggr
  87. BgEFBQcDAgYIKwYBBQUHAwEwCQYDVR0TBAIwADAdBgNVHQ4EFgQUYf1ztHxahhue
  88. DsBxwaJJhZHpTAIwHwYDVR0jBBgwFoAUYi6B2eNCeRSjzdlUim743pWqj5gwfwYI
  89. KwYBBQUHAQEEczBxMDUGCCsGAQUFBzABhilodHRwOi8vb2NzcDEud29zaWduLmNv
  90. bS9jbGFzczMvc2VydmVyL2NhMTA4BggrBgEFBQcwAoYsaHR0cDovL2FpYTEud29z
  91. aWduLmNvbS9jbGFzczMuc2VydmVyLmNhMS5jZXIwOQYDVR0fBDIwMDAuoCygKoYo
  92. aHR0cDovL2NybHMxLndvc2lnbi5jb20vY2ExLXNlcnZlci0zLmNybDAnBgNVHREE
  93. IDAegg4qLm15Zm9zY2FtLm9yZ4IMbXlmb3NjYW0ub3JnMFEGA1UdIARKMEgwCAYG
  94. Z4EMAQICMDwGDSsGAQQBgptRAQMCAQIwKzApBggrBgEFBQcCARYdaHR0cDovL3d3
  95. dy53b3NpZ24uY29tL3BvbGljeS8wDQYJKoZIhvcNAQEFBQADggEBAFSLG5spzqWY
  96. qzZmHTYvNPwFSF6AD1VXksIaqKvrj4x4tOR5JQz3JBpgHpchaxQlv0VxA12lmGRY
  97. kkF7vK48yVwlZkV6+ScYiK2PAVxpyJqqA42cv0vbna+cgoSbw5zz6/VjWdiAlqbl
  98. lS5Su2FsVuPJBEIbRXQshRJycmxG9JqKOWQRSNvxdO59EHyYSmo+avNLzGl218R4
  99. FeF4fEP4/QHmOPNzrDMFzfXFdlsO3T3WeXcmgeSyNGev9d6EwhP+LRJsawpVdRAq
  100. f1sqtSGbqN3iGQrEQeGMCDAE+U7nzTTCWBcFXg8O5077kiB/MZtx2kDpZf2p3qqt
  101. OVAbevhaNsE=
  102. -----END CERTIFICATE-----
  103.  
  104.  
  105. Foscam has had two years to fix this and has not.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!