2/29/2024 0 Comments Live spy cam feedI could setup an automatic poll and fetch and pull them into my NVR. The cam interface has the recordings as discrete files, so I was thinking the FTP credentials could be useful. So I was hoping there was a stream they were trying to hide that I could intercept, maybe spoof the intended target and then I wouldn't have to let this thing send every capture to some server in china. I just really want to avoid having to use the remote server to access the cam. I'd rather not take it apart to determine the underlying chipset, but that would at least lead me to the firmware which could be useful. I have run some brute force attacks (Hydra) against both ports but no joy. I found an FTP port and a telnet port open but the authentication is not tied to the camera configuration. If I hardline my laptop into my modem, and do the port mirroring that way, then run the capture would that get me more useful packets? User Datagram Protocol, Src Port: 28467, Dst Port: 27772Ĭlick to expand.How about this to get more useful data from the capture: 00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) = Differentiated Services Codepoint: Default (0) = LG bit: Globally unique address (factory default) Service Info: Host: anyka Device: webcam CPE: cpe:/h:dlink:dcs-932l TCP Sequence Prediction: Difficulty=258 (Good luck!) OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3 If you know the service/version, please submit the following fingerprint at Nmap Fingerprint Submitter 2.0 : |_drwxr-xr-x 6 root root 0 Nov 22 00:37 varġ service unrecognized despite returning data. | drwxr-xr-x 2 root root 0 Nov 22 00:37 tmp | dr-xr-xr-x 13 root root 0 Nov 22 00:37 sys | lrwxrwxrwx 1 root root 11 Jun 19 03:00 init -> bin/busybox | drwxr-xr-x 4 root root 0 Nov 22 00:37 dev | ftp-anon: Anonymous FTP login allowed (FTP code 230) NSE: Couldn't resolve, scanning 10.0.0.1 instead.Ģ1/tcp open ftp BusyBox ftpd (D-Link DCS-932L IP-Cam camera) Initiating OS detection (try #1) against 192.168.0.1 at 16:39Ĭompleted Parallel DNS resolution of 1 host. Initiating Parallel DNS resolution of 1 host. Starting Nmap 7.60 ( Nmap: the Network Mapper - Free Security Scanner ) at 16:39 GMT Standard TimeĬompleted ARP Ping Scan at 16:39, 0.38s elapsed (1 total hosts)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |