8d87ca No.873
Here are some tools.
Joe's awesome shit for Windows
Put in some IPs and let computing power do the work for you.
Downloader
https://mega.co.nz/#!ztEyzBIL!N_zDGnu0f_J6IsYanAk_FLGX7O0IdruHpc1k5fwteZI
List Parser
https://mega.co.nz/#!u8dSWb5Q!tHdh4SCPTQwNCmSpLchLfp3gj2ihpajnMz_9pBlGAMg
Whatever Monkey
Make Shodan your bitch with Joe's TamperMonkey script:
http://pastebin.com/zJ7b2Sjp
Or strip down to URLs only with this TamperMonkey script:
http://pastebin.com/8cYX4wwV
Loonix
http://pastebin.com/T7wUh8ic
If you want do do some CLI shit, you might want to start with this code. Updated to download kcore files but it will not parse out credentials.
Netcam Firmware
http://pastebin.com/BzMsJPkp
Here's another one in bash.
TP-Link Firmware
http://pastebin.com/JzEu0QGy
And another one in bash.
Cisco PVC-2300
PLEASE RE-ADD LINK
Retrieve camera admin password with backdoor. Backdoor can be modified for root access. Refer to "Exploiting Network Surveillance Cameras Like A Hollywood Hacker" by Craig Heffner for in-depth usage.
Shodan IPCam Extractor by Arsouill3
v1.0
http://pastebin.com/wHpszvV3
v2.0
http://pastebin.com/G8VAyD2L
iSpy "Add Foscam" button
Diff file for commit 28fcbda3b9ef345adac54fdf098e2c1e1dd5a5d3
http://pastebin.com/Hsii1HWy
Adds a "Foscam (and Knockoffs)" button to the iSpy "Add Camera" dropdown. You enter the camera IP, username, and password, and it automatically sets up the camera for you.
MODS MODS MODS please edit this OP to contain the newest and hottest OC, plox. K thanks.
Post last edited at
9b8cb7 No.928
WHAT IT IS
IP cameras are attached to the Internet in order to allow their owners to access them remotely. This is stupid given that everything is exploitable.
Most of the time you're seeing FOSCAM firmware getting hacked because it's very easy to do and that firmware has a massive installed base.
If you have a IP camera that uses FOSCAM firmware you should upgrade it to the latest version, which can be found here:
http://foscam.us/firmware.html
The exploit doesn't require much description or proof of concept code:
http://archives.neohapsis.com/archives/bugtraq/2013-03/0080.html
Basically, entering the camera's public IP followed by //proc/kcore will cause a memory dump, which includes sensitive information like the camera admin credentials and, usually, network credentials.
The stream will time out after 2 minutes and your distance to the target camera will affect whether the credentials are included in the dump. Camera credentials will be located near the camera's name and many people also search for "nist" to find the creds.
9b8cb7 No.929
BUILD YOUR LIST
For the sake of efficiency an evil hacker would want to build a list of IP cameras in order to test them for 1) default credentials and 2) vulnerability to exploits.
It's not a requirement, though. Casuals can use Joe's Foscam Helper, which is a TamperMonkey script that enhances Shodan results (most current version linked in OP).
Back to list building…
https://www.shodan.io/search?query=%22netwave+ip+camera%22
Shodan.io crawls the web testing IPs and ports. The "netwave ip camera" string matches FOSCAM camera IPs. Since this exploit has a distance limit of a few hundred miles you should add "country" and/or "city" filters to your search.
Evil's "links only" TamperMonkey script makes the process of collecting links much faster (most current version linked in OP).
9b8cb7 No.930
GET CAMS: WINDOWS
This used to be a pretty manual process but thanks to Joe's File Downloader and Parser you too can get your hands on fresh cams!
Most current mega links are in the OP.
FILE DOWNLOADER
add instructions or features list
PARSER
1. Drag bruteforce log file onto "ListMasterFlex.exe"
2. Wait
How to configure:
Open settings.xml and edit certain values. If you break the config, just delete it and re-open the program. It will reset to default.
<BackgroundColor> - Background color of overlay in hex argb
<ForegroundColor> - Foreground color (font) of overlay in hex argb
<FontFamily>
<FontSize>
<OutputFormat> - Format string for overlay. {0} = IP, {1} = username, {2} = password
<OutputFolder>
<SaveParams> - If true, also saves "get_params.cgi"
<SaveStatus> - If true, also saves "get_status.cgi"
<Threads> - Number of threads. Higher amount means it will go faster, but it will also be more demanding. Recommended 4, not recommended above 25.
<MaxTries> - Number of times to retry connecting to the camera.
<SnapshotTimeout> - Timeout to get snapshot in ms
<PageTimeout> - Timeout to get misc pages in ms (Params, Status)
<MaintenanceEnabled> - If true, performs maintenance on the settings file. (Currently, adds a trailing slash to the output folder
<SnapshotFormat> - Image output format. Options: "png", "jpg", "bmp"
Post last edited at
9b8cb7 No.931
GET CAMS: LINUX
Create your IP list and run the script. Output includes
- List of cams with default creds
- List of cams with kcore vulnerability (optional)
- HTML file "viewer" for default creds
- kcore files (optional)
Instructions are in the bash comments.
Most current pastebin link with source is in the OP
Post last edited at
9b8cb7 No.933
WHILE YOU WERE AWAY
DVR can be a beautiful thing.
Windows users highly recommend BlueIris: http://blueirissoftware.com/
Some based anon put up a mega:
https://mega.co.nz/#F!J5BVTJwK!294v6vD4CBD0eakgWDM43A
There's also iSpy:
http://www.ispyconnect.com/
For Linux (and maybe OSX) folks you can try ZoneMinder. My experience is that ZM works but the motion detection is horrible (too sensitive) so you might go through a large HDD every day or two.
http://www.zoneminder.com/
Post last edited at
abe0fc No.935
>>933
I tried using BlueIris but all it said when I plugged in the Ipcam info was that the camera was offline or some shit, even though I could access it from a regular internet browser.
Mind going into further detail on how to use BlueIris? Anyways, thanks for updating the links(Tht was my post you deleted), I was wondering why the navy seal copypasta was everywhere.
bfa815 No.938
>>935
There are several posters who use it so hopefully someone will be able to get you on track. The irc channel might be a good source too, depending on who's lurking.
abe0fc No.943
>>938
I tried a couple of times to get onto the IRC but it keeps saying I can't join the channel…
db1e66 No.945
>>943
Put the password, warmtires, after the channel name when you join.
Channel: #ipcam warmtires
9e0651 No.948
Kcore also holds the keys to E-mail addresses to send from for the IPcam.
Just so you know
046089 No.961
how much does connection matter in how many passwords you can crack with kcore?
sometimes i get a lot
sometimes i get none for long periods
1f865d No.971
Hi there I am new to this and so far so good but the TamperMoney where do I paste it :?
7c14d2 No.973
>>972
Click the little scroll with the plus symbol to the left of "Installed Userscripts". Paste scripts in the big textbox
046089 No.974
I have trouble connecting to cameras outside the US.. is this a problem for anybody else?
3d2860 No.975
>>974
Connecting, no. Half of the cams I watch are on the the opposite side of the planet from me.
046089 No.984
>>975
where are you from?
because im in the US and cant connect to anything in say, china.
18abce No.987
>>984
You can probably connect, you just can't get the kcore. If you run a batch of cams with default creds you should be able to get some hits and connect.
Also, China has a bit of a thing about accepting incoming connections from the US.
bfa815 No.991
Added tp-link exploit to the sticky.
a290c9 No.1015
Is there a guide for /tech/ illiterate noobs anywhere for this? All of this went over my head.
046089 No.1019
>>1015
theres not much to understand.
basically youre in the right section.
ok:
all of these downloads and links posted here are tools to help you find and use cams easier.
the "tamper monkey script" (which you can set up as an extension in chrome, just search tamper monkey and paste the scripts that were posted) allows you to parse lists easier on shodan.io
shodan.io is where most people get their lists. you need to make an account (free) and then search ""netwave ip camera" country:"US" City:"saint""", for example.
once you have a list, copy and save it in notepad. import the list into the "downloader"
thats basically it…
next you may want to up your game with Blue Iris which allows you to watch and record multiple cams at once.
a290c9 No.1020
>>1019
>import the list into the "downloader"
What downloader?
And if I understand correctly the only way to hear sound is to use Internet Explorer, but I can't seem to get cams to work in it. Is there something specific you need to do?
046089 No.1021
>>1020
to be honest im having trouble with IE explorer now too.. i havent used it in a while. I cant get audio on it.
Anyway.
you need to look at OPs post. the first link is the downloader.
Also, tbh i just use Blue Iris and i can get audio on all my cams
fb9345 No.1023
>>1021
i use cam apps for phone or server and get audio. VLC is an option for windows if IE support is starting to break down.
171efe No.1072
>>1021
i cant get it to work in blueiris no matter what cam i try. i'd like to troll a few of these people but i cant send or receive audio
ecde06 No.1085
Here my contribution : Shodan IPCam extractor
http://pastebin.com/wHpszvV3
ecde06 No.1087
Shodan IPCam Extractor "2.0" (testing default credentials from a file added) : http://pastebin.com/G8VAyD2L
credentials.txt : http://pastebin.com/NmQQ6w37
fb9345 No.1095
>>1085
Dope, keep it up anon.
171efe No.1097
>>930
I made some edits to Joes downloader.
I added a changelog to the help menu which tells what all I changed
Added a checkbox that, when checked (auto), automatically parses and downloads the kcore from that IP while moving the cursor focus back to the text box. (makes it faster to paste them in if you're not using a list)
added keyboard shortcut keys to everything.
https://mega.nz/#!ZZZkEZ6I!6_LCqUvEVLVbS3PwIjeDssoxt5DvDAMUoQjrWZiiS6Q
171efe No.1098
>>1097
just one note, I left the source code attached in the zip in case anyone wants to build off these.
4ff68c No.1103
iSpy "Add Foscam" button
Diff file for commit 28fcbda3b9ef345adac54fdf098e2c1e1dd5a5d3
http://pastebin.com/Hsii1HWy
Adds a "Foscam (and Knockoffs)" button to the iSpy "Add Camera" dropdown. You enter the camera IP, username, and password, and it automatically sets up the camera for you.
Allows easy setup in iSpy of video and two-way audio (yes, you can talk through it!)
Get the iSpy source from https://github.com/ispysoftware/iSpy (in C#), and in the folder run "patch -p1 < foscam-mod.diff", where "foscam-mod.diff" is the downloaded pastebin file. Afterwards, compile with Visual Studio.
Do not forget to setup VLC within iSpy. To do this, see "iSpy\VLC64\readme.txt".
Post last edited at
ecde06 No.1107
IPCam Viewer :
Here a way to export IP from your Joe's bruteforce file : https://mega.nz/#!A5BmCIDI!gQvnmjfvz_Rp-ZrFsriwch7QMrgpsmMn_yBKIIHl_CY
Bash script. cURL required :
./IPCam_viewer.sh "$path"
Two different views, two ways of filtering, four ways of sorting.
2bd51f No.1111
>>1103
Can you spoonfeed me with a compiled version?
I hate to ask, but i'm not sure how to go about it.
5b099c No.1116
Shodan IPCam Extractor by Arsouill3
how can i use this code
ecde06 No.1117
>>1116
Hey !
You need to subscribe to Shodan.io. It's not free but it allows you to get minimum 1 million IP per month (for 20 bucks per month).
Otherwise, use Joe Tampermonkey scripts to download all the IP manually and for free …
11ed1e No.1123
Mr Joe , there are more netwave cam has base64 encode user name and password , could you upgrade your downloader for base64 decode please
11ed1e No.1124
>>873
Mr Joe , there are more netwave cam has base64 encode user name and password , could you upgrade your downloader for base64 decode please
e020a9 No.1126
>>1124
Can you upload a kcore dump of these somewhere? I have never noticed one
afb1bd No.1129
>>1126
okay bro , when i get it i will upload it for you , and do you have anything about DVDR
9bb284 No.1131
>>1097
Nice workd Strider.
I like the "Auto Download on Pate" Option very much.
Just one thing and its perfect:
Can you make the Snapshot Preview Window bigger? Just a little bit
e37679 No.1132
>>1097
Is there an option to stop the download?
Sometimes I wanna change the server and continue
55a73d No.1133
>>1097
When I have to download one kcore again it doesnt bruteforce automatically. i have to right click and force it
a28747 No.1134
>>1097
Could you add a new field"Login" with the bruteforced credentials next to "URL" "Status", so you can see that the IP already successfully bruteforced?
a51b8f No.1144
what can i do with patched cam ?
cac0b6 No.1145
>>1144
Cry about it being patched.
Cheer about foscam finally getting their shit together.
>Your choice
11ed1e No.1153
>>1144
same question … what can i do with patched cam ?
ba16e6 No.1164
>>1144
>>1153
Try to find a new exploit in the newest firmware. Although that would be really difficult because IPcams have different firmware's and shit… The reason we can do this is because a lot of people still use the old exploited firmware. The newest (the updated ones by the producers themselves) are of course patched.
046089 No.1165
I found out that if you have an EDU email account you can just email the main guy at Shodan.io and he will upgrade your account.
Does anybody know if its possible to hack/use other servers around the world to increase your chance kcore working in certain areas?
3430ca No.1171
>>1165
I want to know that with the servers too.
As an Euro faggot my exp is that you should use the nearest server to your own home. Not the the nearest server to the cam location.
For example: I stay in the Netherlands and want some Italian cam. I use an Server located in Amsterdam and have better results with the full download of the 4,5 mb kcore than using an Italian one. Dunno really why
046089 No.1180
>>1171
>Not the the nearest server to the cam location.
>For example: I stay in the Netherlands and want some Italian cam. I use an Server located in Amsterdam and have better results with the full download of the 4,5 mb kcore than using an Italian one. D
thats interesting.
in the sticky though it says kcore only works within 100 miles of your location.
Ive however cracked kcore from over 100 miles plenty of times
f91739 No.1182
>>1180
>>1180
Only 100 miles? Maybe the 100 means that it is almost guaranteed. Cause I am sure that 50% of the cams I watch are far more away than 160 km.
1517fa No.1196
1517fa No.1197
So as a newbie I found this all very confusing took me 2 days but finally got it going. It is awesome.
While I haven't had any real wins yet I can tell they are coming.
Here is my beginners tutorial.
1. Install google chrome and .net framework 4.1
2. download and install Tampermonkey from the chrome webstore (free).
3. copy this script and paste into Tampermonkey http://pastebin.com/8cYX4wwV
4. goto http://www.shodan.io and create a free account.
5. put this into search box - netwave ip camera country:us city:"cleveland". you can change the city and country.
copy all the ip's into a text file you can get up to 50 per city.
6.download and unzip Joe's FileDownloader_13.6 https://mega.co.nz/#!ztEyzBIL!N_zDGnu0f_J6IsYanAk_FLGX7O0IdruHpc1k5fwteZI
7. start filedownloader and import your text file containing the ip's.
8. download and unzip listmasterflex from https://mega.co.nz/#!u8dSWb5Q!tHdh4SCPTQwNCmSpLchLfp3gj2ihpajnMz_9pBlGAMg
9. edit the settings.xml file with these values http://pastebin.com/V2ergfWY
10. drag the bruteforce.log file Joe's filedownloader created ontop of listmasterflex.
11. Open the snapshots folder and look at what you have found.
edccd5 No.1199
>>1198
I always lurk in the IRC, as does joe and other contributors to the scripts and apps linked from the board. I've noticed a lot of people joining and then parting after a few minutes. We're not super active but you'll never have to wait more than 24 hrs for a response or for us to join in on some conversation.
c7d77a No.1202
With Foscam, point/tilt option works fine.
2 questions:
1- Is there a zoom function?
2- I can never hear audio. When I click the audio button it starts a VLC feed which doesn't work. (VLC works fine on my pc)
cccaf7 No.1207
Can somebody explain to me why the foscam exploit depends on being geographically close to the subject?
e65d37 No.1208
>>1207
The exploit makes the camera dump it's memory in a stream that times out after approx 2 minutes.
The closer you are to the camera the more data you can download before it times out. The creds in the file are around the 3.5-4K mark so anything less than that is pretty useless.
Connection speed also helps, not just location. If I time it right (early morning) I can download a full 4.5k from over 600 miles away.
59e979 No.1209
1-
Does Joe's downloader only work for Foscams? If yes, is there another system for getting logins/passwords of other cams?
2- What percentage of results end up in "could not reach address" for you? With me it's around 85%. Any reason why or anything I can do?
3-
I recall reading somewhere that once you have a cam URL you can also find out more personal details of the owner (I'm not talking about Device Management etc) by changing part of the URL . Does this ring any bells for anyone?
Hoping someone can reply, almost no activity in this "forum".
965852 No.1210
Anyone have a basic tutorial how to install the full version of BlueIris? I can't work out the exact crack/patch instructions. Sorry I'm dumb.
1653c7 No.1212
>>1209
1- Joe's downloader work only for Foscams and other foscam compatible cams. Yes there are other tricks to get login/passwords of some brands.
2- I don't use Joe's downloader but with my own downloader it's quite the same ratio
3- Do you think about user's email password or other things ?
e51736 No.1213
ListMasterFlex crashes for me as soon as it opens… Is there a fix for this?
458881 No.1214
>>1213
dont open it, just drag and drop the bruteforce file on it
965852 No.1215
>>1212
1- What tricks work for other Cams logins?
3- Both email passwords and info indicating info on camera location (better than ip location)
965852 No.1216
Can anyone help with installing full version of Blue Iris?
Can't work out how to patch.
9ab07f No.1217
>>1216
I cant, but I suggest to use Ispy. Its easy and even on old systems you can monitor around 10-15 cams without a crash or raping the performance.
The framerate isnt the best tho.
Too add a cam in Ispy you can use the the "Wizard". You dont need to know anything about the cam- except the logins and the IP/Port of course.
But I am also interested in a Blue Iris step by step
965852 No.1218
Blue Iris is a million times easier to set up than ispy. I gave up on ispy after trying 10 times to add a camera. The wizrad is for shit.
e814b7 No.1219
>>1218
1.Click on "Add" and then "IP Camera with Wizard"
2.Click "Not Listed" and "Next"
3.Username and Password and "Next"
4.IP and Port and "Next"
(IP without any http://)
5.Now wait until Ispy find the VLC Stream. Dont add the FFMPEG who appears first. Wait.
6. After you added the VLC Stream you can edit the Cameras Name, FPS, Alarm etc.
self explanatory menu
e814b7 No.1220
+ ISpy is perfect for monitoring. You can watch, listen and record.
- If you want to speak to individuals - you need more informations about the cam and I would recommend a browser
- The FPS is low. Around 10-15 even when your Connection is good and the cam is next door.
+ On my 2008 Core 2 Duo Crapbook I can monitor around 20 Cams with CPU Usages of around 75%
The lower the FPS per Cam the more Cams you can add
+Almost no Crashes since Version 6.4.
a32d10 No.1225
Does anyone here think ispy is better than blue iris?
76b947 No.1229
>>1225
It's not about better or worse. Both works. ISpy is easy and free. And if you really have probs cracking Blue Iris you probably have your answer.
smile.jpg
af27ce No.1233
>>1229
I use the free version with the annoying watermark. I can't work out how to apply the patch mentioned in the OP to have a free full version.
dfa1a4 No.1235
>>1233
Post a win and I help you with BI