burton666

Best way to "hack" ip-camera?

6 posts in this topic

I recently bought a cheap ip-camera from ebay but noticed after I recieved it that you had to use android/ios apps to get access to it. And after reading the ebay info again it actually says that it is only compatible with Android/IOS.

Ebay link

After setting up the wifi from the app I thought that it would be easy to log in using port 8080, 80 or similar and just find the correct path to the videostream.
I have done a portscan and port 80 and 23 is open and I also found that port 22334 is used from spying on the packets from my android phone.

I tried a lot of paths using iSpys camera url generator but none of them work. if I just enter <IP>:80 in a browser I get a file downloaded witch contains only this: "<H1>Index of /mnt/web/</H1>"
I also tried hydra on the telnet port 23 using some camera password-lists from github. But it takes forever to complete. I also tried all random telnet user/pass combinations I could think of like: admin:admin, admin:(blank), root:root, etc.

Anyone knows how I should proceed? And would access to telnet get me anywhere? My goal is to be able to get the videostream by URL so that I can add it in some camera software.
When capturing the packets from the app the trafik was pretty big, like ~1Mb for around 30s of capturingtime so I guess that that port 22334 is probably used for the videostream. 

On the box it says: 360Eye S
Model: EC11-I6

And when trying to log in using telnet this comes up:
IPC365 Login:
 
0

Share this post


Link to post
Share on other sites

From a quick google I see you have asked a few places. ispyconnect seems to support IPC365 maybe this allows you to do what you want.

https://www.ispyconnect.com/man.aspx?n=IPC#

If you need telnet access then maybe try setting up an account on the android app (like described in the user manual) and then using those credentials on the terminal to get in. Worth a try.

0

Share this post


Link to post
Share on other sites

Thanks, but I tried both of those suggestions and nothing works

0

Share this post


Link to post
Share on other sites

Posted (edited)

3 hours ago, burton666 said:

Thanks, but I tried both of those suggestions and nothing works

There are a couple of things online that look similar (but not identical) to the camera you have bought - did you already try: -
 

User = root
Password = 123456
or 
User = ADMIN
Password = 123456789

if they don’t work then I would stick to your brute force or alternatively open it up and see if there is a serial/uart you can tap into.

Edited by Just_a_User
0

Share this post


Link to post
Share on other sites

Would you be willing to provide a copy of the PCAP file for us to view? Also, see if there is any firmware available to download (smh 'unbranded'), might get lucky and find the username and password in plaintext in there using the tool 'binwalk'.

0

Share this post


Link to post
Share on other sites

I really suck at wireshark so tho only packet capture I got is a really messy one directly from my android phone where I used some generic packet capture app.

But I decoded the android app and tried searching for anything useful, found alot of strange stuff but nothing that helps me get the videostream. But maybe someone more skilled could have a look at it and see if they get anything useful from it? decoded android app

 

 

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.