TomSwango Posted February 1, 2014 Posted February 1, 2014 I am a complete newbie to hacking but have a problem that requires me to learn a little about hacking. Problem is that I need to recover the log on name and password for wireless wifi cameras. Facts: I have 12 Foscam FI8910W wireless cameras all with the same user name and password. The camera are mounted outside on of an apartment building three floors about the ground. To hire someone to climb up to each camera, remove it, bring it to the office, reset it, and then remount it is my last choice. Some of the cameras talk to a cisco 4500 router, and some of the cameras talk to the router through a Ubiquiti PicoStation since they are too far from the router to talk directly to it. All of the foscams and the router have the latest firmware updates. My desktop computer is connected to the router by a network cable and is running windows 7. I use blue iris software to record my cameras and blue iris stores the user names and passwords to the cameras in the windows registry but it is encrypted so I can not read it. The foscam support is telling me that the user name and passwords can not be recovered but I can't believe that there is not some way to get them from my registry or intercept them when the blue iris recording software logs onto the cameras to record them. How do I solve this. thanks Tom Quote
mreidiv Posted February 1, 2014 Posted February 1, 2014 (edited) well if you can get the encrypted hash from the reg. then try an online hash cracker like crackstation Edited February 1, 2014 by mreidiv Quote
Noah Posted February 2, 2014 Posted February 2, 2014 Try running wireshark on your desktop when the camera authenticates and see if you can see the password in the packet capture. Quote
Sitwon Posted February 2, 2014 Posted February 2, 2014 Unless the software is just sending the encrypted hashes from your registry in the packets, it must first decrypt them in memory in order to authenticate with the cameras. So you should be able to attach a debugger to the process and sniff them out of memory. How to use a debugger is outside the scope of this response, but I'm sure you can find resources online to help you if you decide to go down that path. In either case, the first step is to see what you can sniff with Wireshark. It may be that the username and password are being sent in plain text, or only weakly hashed. Alternatively, you could try a dictionary attack against the cameras. Quote
TomSwango Posted February 3, 2014 Author Posted February 3, 2014 I now have the user name but still need the password. Can someone tell me what program I should use to try a "dictionary attack" against the camera. Where I can input the camera ip, port number, user name and let it just keep trying passwords until it finds the correct on. thanks Tom Quote
Guest spazi Posted February 5, 2014 Posted February 5, 2014 Do you have the hashed password? If so, try looking up the hashes in a database online, there are several and free ones.If you want to try a dictionary attack against the camera, try using THC-Hydra. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.