triptech Posted July 25, 2015 Posted July 25, 2015 A good friend of mine setup an ip camera system for me to pentest he system is using wifi from a open park hotspot then fed to a dns server i have been able to get its external addresse but not its inside one yet is there a way to get in. It is linked online for people to view its live feed i checked for open ports there are couple i tried some basic attacks and no luck. Any other suggestions? Also like i said i have full permission or i would not be doing this. Quote
cooper Posted July 25, 2015 Posted July 25, 2015 The car analogy here would be "Can you fix the problem with my car? I can tell you it's blue." Do you really know nothing yet of the system? What cameras are they using, what device is the info being sent to, what hotspots are they using? Also, I highly doubt anybody is sending a video feed to a DNS server. Quote
triptech Posted July 25, 2015 Author Posted July 25, 2015 It is connected to public open wifi . then fed through DNS server out to public on a URL. It is a foscam IP camera Quote
cooper Posted July 25, 2015 Posted July 25, 2015 I hope it's the language barrier at play here, because you're not making a lot of sense. DNS is the domain name service - the thing that says "forums.hak5.org" is IP 12.23.34.45 or whatever. It does *NOTHING* with a video stream. Let's assume that the IP camera simply records and spits out its video feed onto the network for interested parties to see. It implies that interested parties must be able to find it so it's either on a fixed IP via its login (which you can attack) or once it's connected to the open wifi network it reaches out to a DNS service to inform it of the IP address it's currently using. Since this step goes over this open wifi network it means you can attack that aswell. Try to MitM the connection. As a general setup, it's weak. If someone has it means they could go through this park unobserved since the video captured by the camera can't be delivered onto the network and, thus, seen or recorded by anybody. Quote
V3sth4cks153 Posted July 25, 2015 Posted July 25, 2015 (edited) I don't know if this makes sense but maybe he's talking about Dynamic DNS like No-IP or DynDNS ? To make it so that you can see the feed from anywhere. Edited July 25, 2015 by V3sth4cks153 Quote
cooper Posted July 25, 2015 Posted July 25, 2015 Yeah, probably this bit: once it's connected to the open wifi network it reaches out to a DNS service to inform it of the IP address it's currently using. Quote
V3sth4cks153 Posted July 25, 2015 Posted July 25, 2015 (edited) Oh yeah hadn't seen that ! My bad. Edited July 25, 2015 by V3sth4cks153 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.