Sign in or Sign up

Cameradar v2.0 - Hack into RTSP CCTV cameras 10/12/17
Started by D1G174L


Rate this topic
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5


2 posts in this topic
[NS]D1G174L Offline
Pentester
***


NulledSystems
Posts: 95
Threads: 19
Joined: Fri Mar 2017
Reputation: 8

CZPoints: 14 CZP
ContributorDiamondBomb ContentDonator
10-12-2017, 06:01 PM -
#1
Cameradar v2.0 - Hack into RTSP CCTV cameras 

[font=Arial][Image: Cameradar.gif]



An RTSP stream access tool that comes with its library.

Cameradar allows you to
  • Detect open RTSP hosts on any accessible target host
  • Detect which device model is streaming
  • Launch automated Dictionary Attacks to get their stream route  /(e.g.:live.sdp)
  • Launch automated Dictionary Attacks to get the username and password of the cameras
  • Retrieve a complete and user-friendly report of the results

Docker Image for Cameradar

Install docker[color=#2a3744] on your machine, and run the following command:

Code:
docker run -t ullaakut/cameradar -t <target> <other command-line options>

See Commands here : https://github.com/EtixLabs/cameradar#co...ne-options

Installing the binary :


Dependencies
Code:
go


Code:
glide


Installing Glide

Steps to install

Make sure you installed the dependencies mentionned above.
  1. go get github.com/EtixLabs/cameradarcd $GOPATH/src/github.com/EtixLabs/cameradarglide installcd cameradargo install

The  binary is now in your ready to be used. See command line options at https://github.com/EtixLabs/cameradar#co...ne-options

Code:
cameradar

Code:
$GOPATH/bin
Library

Dependencies of the library
  • curl-dev libcurl (depending on your OS)nmapgithub.com/pkg/errorsgopkg.in/go-playground/validator.v9github.com/andelf/go-curl
Installing the library

Code:
go get github.com/EtixLabs/cameradar

After this command, the cameradar library is ready to use. Its source will be in:
Code:
$GOPATH/src/pkg/github.com/EtixLabs/cameradar 



Discovery

You can use the cameradar library for simple discovery purposes if you don't need to access the cameras but just to be aware of their existence.


[Image: Cameradar_2_NmapPresets.png]


This describes the nmap time presets. You can pass a value between 1 and 5 as described in this table, to the NmapRun function. 


Attack
If you already know which hosts and ports you want to attack, you can also skip the discovery part and use directly the attack functions. The attack functions also take a timeout value as a parameter.

Data models
Here are the different data models useful to use the exposed functions of the cameradar library.

[Image: Cameradar_3_Models.png]


Dictionary loaders

The cameradar library also provides two functions that take file paths as inputs and return the appropriate data models filled.

Configuration
The RTSP port used for most cameras is 554, so you should probably specify 554 as one of the ports you scan. Not specifying any ports to the cameradar application will scan the 554 and 8554 ports.
docker run -t --net=host ullaakut/cameradar -p "18554,19000-19010" -t localhost

 will scan the ports 18554, and the range of ports between 19000 and 19010 on localhost.
You can use your own files for the ids and routes dictionaries used to attack the cameras, but the Cameradar repository already gives you a good base that works with most cameras, in the /dictionaries folder.


  1. docker run -t -v /my/folder/with/dictionaries:/tmp/dictionaries \           ullaakut/cameradar \           -r "/tmp/dictionaries/my_routes" \           -c "/tmp/dictionaries/my_credentials.json" \           -t 172.19.124.0/24
This will put the contents of your folder containing dictionaries in the docker image and will use it for the dictionary attack instead of the default dictionaries provided in the cameradar repo.


Check camera access
If you have VLC Media Player, you should be able to use the GUI or the command-line to connect to the RTSP stream using this format : 
Code:
rtsp://username:[email protected]:port/route

With the above result, the RTSP URL would be 
Code:
rtsp://admin:[email protected]:554/live.sdp


By Lydecker Black (Dump3R)
This post was last modified: 10-12-2017, 06:15 PM by D1G174L. Edit Reason: Forgot to credit


Corruption Offline
Administrator
*******


Administrators
Posts: 291
Threads: 67
Joined: Fri Mar 2017

CZPoints: 119 CZP
10-12-2017, 06:05 PM -
#2
I really like this tutorial. Very awesome personally will use it soon.
Dox Offline
Cyber Security Student
***


Contributor
Posts: 414
Threads: 125
Joined: Mon Oct 2017
Reputation: 6

CZPoints: 134 CZP
OnFireContributor
10-15-2017, 02:14 PM -
#3
Is this program compatible by Windows etc? Would be useful to know lol.
Contact E-Mail: [email protected]
BTC Address: 1JmJrbmQn4Bg24r68bSyZ7TxNZGad3iPWM




Users browsing this thread: 1 Guest(s)