Jump to content

Recommended Posts

Posted

I am a complete newbie to hacking but have a problem that requires me to learn a little about hacking.

Problem is that I need to recover the log on name and password for wireless wifi cameras.

Facts:

I have 12 Foscam FI8910W wireless cameras all with the same user name and password.

The camera are mounted outside on of an apartment building three floors about the ground.

To hire someone to climb up to each camera, remove it, bring it to the office, reset it, and then remount it is my last choice.

Some of the cameras talk to a cisco 4500 router, and some of the cameras talk to the router through a Ubiquiti PicoStation since they are too far from the router to talk directly to it.

All of the foscams and the router have the latest firmware updates.

My desktop computer is connected to the router by a network cable and is running windows 7.

I use blue iris software to record my cameras and blue iris stores the user names and passwords to the cameras in the windows registry but it is encrypted so I can not read it.

The foscam support is telling me that the user name and passwords can not be recovered but I can't believe that there is not some way to get them from my registry or intercept them when the blue iris recording software logs onto the cameras to record them.

How do I solve this.

thanks Tom

Posted (edited)

well if you can get the encrypted hash from the reg. then try an online hash cracker like crackstation

Edited by mreidiv
Posted

Unless the software is just sending the encrypted hashes from your registry in the packets, it must first decrypt them in memory in order to authenticate with the cameras. So you should be able to attach a debugger to the process and sniff them out of memory.

How to use a debugger is outside the scope of this response, but I'm sure you can find resources online to help you if you decide to go down that path.

In either case, the first step is to see what you can sniff with Wireshark. It may be that the username and password are being sent in plain text, or only weakly hashed.

Alternatively, you could try a dictionary attack against the cameras.

Posted

I now have the user name but still need the password. Can someone tell me what program I should use to try a "dictionary attack" against the camera.

Where I can input the camera ip, port number, user name and let it just keep trying passwords until it finds the correct on.

thanks

Tom

Posted

Do you have the hashed password? If so, try looking up the hashes in a database online, there are several and free ones.

If you want to try a dictionary attack against the camera, try using THC-Hydra.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...