Jump to content
Hak5 Forums

burton666

Active Members
  • Content count

    7
  • Joined

  • Last visited

About burton666

  • Rank
    Newbie
  1. Best way to "hack" ip-camera?

    It is possible to access the videostream using some videosoftware like CMS from pc and also I have sen that it is also possible accessing the stream using android and a couple of different apps. The problem seams to be that there is no native http access to the camera. The videostream is accessed using ip:34567 and password 123456 But I do not understand in what way the other software uses that info to access the videostream.
  2. Best way to "hack" ip-camera?

    Yes, you can read in this thread. Post a reply if you managed to get any more progress.
  3. Best way to "hack" ip-camera?

    ................d...{ "EncryptType" : "MD5", "LoginType" : "DVRIP-Web", "PassWord" : "nTBCS19C", "UserName" : "admin" } ....^...............{ "AliveInterval" : 20, "ChannelNum" : 1, "DeviceType " : "IPC", "ExtraChannel" : 0, "Ret" : 100, "SessionID" : "0x0000015E" } .....^...........6...{ "Name" : "SystemInfo", "SessionID" : "0x0000015E" } ....^...........2...{ "Name" : "SystemInfo", "Ret" : 100, "SessionID" : "0x15e", "SystemInfo" : { "AlarmInChannel" : 0, "AlarmOutChannel" : 0, "AudioInChannel" : 1, "BuildTime" : "2017-01-13 11:28:50", "CombineSwitch" : 0, "DeviceRunTime" : "0x00007C0A", "DigChannel" : 0, "EncryptVersion" : "Unknown", "ExtraChannel" : 0, "HardWare" : "S5-T(P)", "HardWareVersion" : "0000000000000000000000000000000000", "SerialNo" : "CEDC17B1347A3505", "SoftWareVersion" : "V3.01.70", "TalkInChannel" : 1, "TalkOutChannel" : 1, "UUID" : "Unknown", "VideoInChannel" : 1, "VideoOutChannel" : 1 } } .....^...........,...{ "Name" : "", "SessionID" : "0x0000015E" } ....^...........8...{ "Name" : "ChannelTitle", "SessionID" : "0x0000015E" } ....^...........:...{ "Name" : "", "Ret" : 100, "SessionID" : "0x0000015E" } .....^...........d...{ "ChannelTitle" : [ "CAM01" ], "Name" : "ChannelTitle", "Ret" : 100, "SessionID" : "0x0000015E" } .....^.........P.;...{ "Name" : "TalkAudioFormat", "SessionID" : "0x0000015E" } ....^.........Q.....{ "Name" : "TalkAudioFormat", "Ret" : 100, "SessionID" : "0x0000015E", "TalkAudioFormat" : [ { "BitRate" : 128, "EncodeType" : "G711_ALAW", "SampleBit" : 8, "SampleRate" : 44100 }, { "BitRate" : 128, "EncodeType" : "G711_ALAW", "SampleBit" : 8, "SampleRate" : 44100 }, { "BitRate" : 128, "EncodeType" : "G711_ALAW", "SampleBit" : 8, "SampleRate" : 44100 }, { "BitRate" : 128, "EncodeType" : "G711_ALAW", "SampleBit" : 8, "SampleRate" : 44100 }, { "BitRate" : 128, "EncodeType" : "G711_ALAW", "SampleBit" : 8, "SampleRate" : 44100 }, { "BitRate" : 128, "EncodeType" : "G711_ALAW", "SampleBit" : 8, "SampleRate" : 44100 }, { "BitRate" : 128, "EncodeType" : "G711_ALAW", "SampleBit" : 8, "SampleRate" : 44100 }, { "BitRate" : 128, "EncodeType" : "G711_ALAW", "SampleBit" : 8, "SampleRate" : 44100 }, { "BitRate" : 128, "EncodeType" : "G711_ALAW", "SampleBit" : 8, "SampleRate" : 44100 }, { "BitRate" : 128, "EncodeType" : "G711_ALAW", "SampleBit" : 8, "SampleRate" : 44100 }, { "BitRate" : 128, "EncodeType" : "G711_ALAW", "SampleBit" : 8, "SampleRate" : 44100 }, { "BitRate" : 128, "EncodeType" : "G711_ALAW", "SampleBit" : 8, "SampleRate" : 44100 }, { "BitRate" : 128, "EncodeType" : "G711_ALAW", "SampleBit" : 8, "SampleRate" : 44100 }, { "BitRate" : 128, "EncodeType" : "G711_ALAW", "SampleBit" : 8, "SampleRate" : 44100 }, { "BitRate" : 128, "EncodeType" : "G711_ALAW", "SampleBit" : 8, "SampleRate" : 44100 }, { "BitRate" : 128, "EncodeType" : "G711_ALAW", "SampleBit" : 8, "SampleRate" : 44100 } ] } .....^.........P.:...{ "Name" : "SystemFunction", "SessionID" : "0x0000015E" } ....^...........5...{ "Name" : "KeepAlive", "SessionID" : "0x0000015E" } ....^.........Q.J...{ "Name" : "SystemFunction", "Ret" : 100, "SessionID" : "0x0000015E", "SystemFunction" : { "AlarmFunction" : { "AlarmConfig" : false, "BlindDetect" : true, "LossDetect" : true, "MotionDetect" : true, "NetAbort" : true, "NetAlarm" : true, "NetIpConflict" : true, "StorageFailure" : true, "StorageLowSpace" : true, "StorageNotExist" : true, "VideoAnalyze" : false }, "CommFunction" : { "CommRS232" : true, "CommRS485" : true }, "EncodeFunction" : { "CombineStream" : false, "DoubleStream" : true, "SnapStream" : true, "WaterMark" : false }, "InputMethod" : { "NoSupportChinese" : false }, "MobileDVR" : { "CarPlateSet" : false, "DelaySet" : false, "GpsTiming" : false, "StatusExchange" : false }, "NetServerFunction" : { "Net3G" : false, "NetARSP" : true, "NetAlarmCenter" : true, "NetDAS" : false, "NetDDNS" : false, "NetDHCP" : true, "NetDNS" : true, "NetEmail" : false, "NetFTP" : false, "NetGodEyeAlarm" : false, "NetIPFilter" : true, "NetLocalSdkPlatform" : false, "NetMediaStream" : false, "NetMobile" : false, "NetMutliCast" : false, "NetNTP" : true, "NetNat" : false, "NetPPPoE" : true, "NetPhoneMultimediaMsg" : false, "NetPhoneShortMsg" : false, "NetPlatMega" : false, "NetPlatShiSou" : false, "NetPlatVVEye" : false, "NetPlatXingWang" : false, "NetRTSP" : false, "NetUPNP" : false, "NetVPN" : false, "NetWifi" : true }, "OtherFunction" : { "DownLoadPause" : true, "SDsupportRecord" : false, "SupportOnvifClient" : false, "USBsupportRecord" : false }, "PreviewFunction" : { "GUISet" : true, "Tour" : false }, "TipShow" : { "NoBeepTipShow" : false, "NoEmailTipShow" : true, "NoFTPTipShow" : true } } } .....^...........C...{ "Name" : "KeepAlive", "Ret" : 100, "SessionID" : "0x0000015E" } .....^...........]...{ "Name" : "OPTimeSetting", "OPTimeSetting" : "2017-05-24 21:01:43", "SessionID" : "0x15e" } ....^...........:...{ "Name" : "", "Ret" : 100, "SessionID" : "0x0000015E" } .....^...............{ "Name" : "OPMonitor", "OPMonitor" : { "Action" : "Start", "Parameter" : { "Channel" : 0, "CombinMode" : "NONE", "StreamType" : "Main", "TransMode" : "TCP" } }, "SessionID" : "0x15e" } ....^...........C...{ "Name" : "OPMonitor", "Ret" : 100, "SessionID" : "0x0000015E" }
  4. Best way to "hack" ip-camera?

    Ok, some update. I managed to get access to the camera from PC using a program called "CMS". I used the login/pass: admin/123456 <IP>:34567 and channel=1 But now the next problem, I still can'f figure out what url to use to be able to get a snapshot or to be able to add the camera to any ip-camera software. I tried using wireshark but could not understand if it is possible to get any relevant info from there. Strange thing is that I can see another login in plaintext in wireshark but don't understand what that is for as admin/123456 is used for the login. Here is the wireshark-file. wireshark log
  5. Best way to "hack" ip-camera?

    I really suck at wireshark so tho only packet capture I got is a really messy one directly from my android phone where I used some generic packet capture app. But I decoded the android app and tried searching for anything useful, found alot of strange stuff but nothing that helps me get the videostream. But maybe someone more skilled could have a look at it and see if they get anything useful from it? decoded android app
  6. Best way to "hack" ip-camera?

    Thanks, but I tried both of those suggestions and nothing works
  7. Best way to "hack" ip-camera?

    I recently bought a cheap ip-camera from ebay but noticed after I recieved it that you had to use android/ios apps to get access to it. And after reading the ebay info again it actually says that it is only compatible with Android/IOS. Ebay link After setting up the wifi from the app I thought that it would be easy to log in using port 8080, 80 or similar and just find the correct path to the videostream. I have done a portscan and port 80 and 23 is open and I also found that port 22334 is used from spying on the packets from my android phone. I tried a lot of paths using iSpys camera url generator but none of them work. if I just enter <IP>:80 in a browser I get a file downloaded witch contains only this: "<H1>Index of /mnt/web/</H1>" I also tried hydra on the telnet port 23 using some camera password-lists from github. But it takes forever to complete. I also tried all random telnet user/pass combinations I could think of like: admin:admin, admin:(blank), root:root, etc. Anyone knows how I should proceed? And would access to telnet get me anywhere? My goal is to be able to get the videostream by URL so that I can add it in some camera software. When capturing the packets from the app the trafik was pretty big, like ~1Mb for around 30s of capturingtime so I guess that that port 22334 is probably used for the videostream. On the box it says: 360Eye S Model: EC11-I6 And when trying to log in using telnet this comes up: IPC365 Login:
×