Light

boomsec / megapixel-ip-camera-poc Goto Github PK

View Code? Open in Web Editor NEW

4.0 1.0 1.0 37 KB

This is a proof of concept script I put together that exploits the default credentials of exposed Megapixel IP Cameras.

License: MIT License

Python 32.65% HTML 67.35%

admin admin-panel camera default-password insecure ipcam ipcamera insecure-camera

megapixel-ip-camera-poc's Introduction

G'day I'm Boom. I am a service desk technician that has an obsession interest in cyber security

❓ About Me

🧑‍💻 I'm a service desk technician by trade
🔒 I learn and study different aspects of cyber security by interest
🌱 I'm currently learning PowerShell
🔨 Often seen ~~breaking~~ working on:
∘ Installing a New Linux Distro
∘ Writing Code
∘ Installing Upgrades to Their PC
🪟 I'm currently running 3 different opeating systems on different devices
📷 I also take Photos sometimes

🖥️ My PC

CPU: Intel i5-12600K
GPU: AMD Radeon RX 7900 XTX 24GB
RAM: 32GB (4x8GB) Corsair Vengeance Pro RGB CL18
Case: Cougar Darkblader
Cooler: Deepcool AK620
Motherboard: MSI MAG B660 TOMAHAWK
OS: Windows 11

Thank you for coming to my ted talk

Now go check out some of my GitHub Repos... Or don't... I am not the boss of you 🤣

megapixel-ip-camera-poc's People

Contributors

Stargazers

Watchers

Forkers

fishke22

megapixel-ip-camera-poc's Issues

fyi: auth-bypass for image / pseudo moving image

Hey there.
Found you via Shodan+OSINT ;-)

Just an fyi:
Once you come up against these cams there's a URI that gives a static image via non-auth, as long as the cam is exposed via HTTP (any port)
e.g.
https://www.shodan.io/host/82.64.91.107
Shodan has the static image on 80/tcp and 554/tcp (same image).
We can obviously get full moving image+audio via 554/tcp (RTSP).
But, what about when 554/tcp isn't available?

If we were to go to:
hxxp://82.64.91.107/jpgmulreq/1/image.jpg?key=&lq=12
(URI defanged to prevent auto-linking, change to http for it to work)
We get a single static image.
Press F5 to refresh.
Or, craft a little local .html that pulls that image in, and some .js to refresh it every 500ms.

For an example of that, see:
https://pastebin.com/raw/Qsej1DbP
(change the IP+port accordingly. Or view as-is to see guards at a desk in RU ;-) )

Feel free to find+add me on Twitter/X, if you have an account there.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.