Jump to content

Was given permission to pentest a Ip Camera Setup


triptech

Recommended Posts

A good friend of mine setup an ip camera system for me to pentest he system is using wifi from a open park hotspot then fed to a dns server i have been able to get its external addresse but not its inside one yet is there a way to get in. It is linked online for people to view its live feed i checked for open ports there are couple i tried some basic attacks and no luck. Any other suggestions? Also like i said i have full permission or i would not be doing this.

Link to comment
Share on other sites

The car analogy here would be "Can you fix the problem with my car? I can tell you it's blue."

Do you really know nothing yet of the system? What cameras are they using, what device is the info being sent to, what hotspots are they using? Also, I highly doubt anybody is sending a video feed to a DNS server.

Link to comment
Share on other sites

I hope it's the language barrier at play here, because you're not making a lot of sense. DNS is the domain name service - the thing that says "forums.hak5.org" is IP 12.23.34.45 or whatever. It does *NOTHING* with a video stream.

Let's assume that the IP camera simply records and spits out its video feed onto the network for interested parties to see. It implies that interested parties must be able to find it so it's either on a fixed IP via its login (which you can attack) or once it's connected to the open wifi network it reaches out to a DNS service to inform it of the IP address it's currently using. Since this step goes over this open wifi network it means you can attack that aswell. Try to MitM the connection.

As a general setup, it's weak. If someone has

it means they could go through this park unobserved since the video captured by the camera can't be delivered onto the network and, thus, seen or recorded by anybody.
Link to comment
Share on other sites

Yeah, probably this bit:

once it's connected to the open wifi network it reaches out to a DNS service to inform it of the IP address it's currently using.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...