CCTV Security Vulnerabilities: A Step-by-Step Analysis

(Educational)
STEP - 1 : First manam CCTV camera IP find cheyyali ante Wi-Fi adapter undali. Ah
adapter ni Kali Linux ki connect cheyyandi.

STEP - 2 : Chesina tharvatha Kali Linux lo network interface find cheyyandi. Dhani
kosam kindha ichina command use cheyyandi...

Command: ifconfig

STEP - 3 : E command ichaka , mi Wi-Fi adapter interface kanipistadhi. Kindha

image observe cheyyandi. Ah image lo highlight chesindhi interface name. Ippudu
manam e interface name ni use cheskoni mana network ni scan cheyyali, then
manaku mana network lo unna ani IPs chupistadhi, including camera IPs. Network ni
scan cheyyaniki kindha unna command use cheyyandi.

Command: sudo arp-scan --interface <interface-name> -l

STEP - 4 : E command ichina tharvatha mana network lo unna anni IP addresses list
aithai. Then, okkokka IP address ni Google lo search chesi camera IP ni find
cheyyandi.

STEP - 5 : IP address find ayyaka kindha ichina command use chesi Nmap tho IP ni
scan cheyyandi Kali Linux loney.
Command: nmap <ip-address>

STEP - 6 : E command ichi scan chesaka open port chupistadhi. Andhulo HTTP port
number note cheskoni browser open cheyyandi. Browser lo CCTV camera IP:port
number ivvandi.

Example:

192.168.1.1:80

➢​ Idhi example matrame. Nen ichina IP place lo mi target camera IP ivvandi and
80 deggara HTTP port ivvandi. Max 80 eh untadhi port number but
okkokkasari different untadhi, chuskondi.

STEP - 7 : IP and port ivvagane login page aduguthadhi. Ah login page lo default
usernames and passwords try cheyyandi.

STEP - 8 : Successfull ga login aithe, same username, password Real Time

Streaming Protocol (RTSP) ki work avthayo ledho chudandi. Adhi ela chudali
annadhi kindha ichina steps follow avvandi.

RTSP Stream Access in VLC :

1.​ Open VLC

2.​ Click on Media
3.​ Select Open Network Streaming
4.​ Enter URL:​
rtsp://<ip-address>:<port-no>
5.​ URL enter cheyyagane login aduguthadhi. Username, password ichi login
cheyyandi.

If login aithe HTTP and RTSP renditiki same login details unnattu. Okavela login
avvakapothe, malli default credentials try cheyyandi.

Now, Let's See How to Bruteforce DVR

Step 1: Username and Password List Prepare Cheyyadam

Bruteforce attack cheyyali ante manaki username and password list kavali. E list
ela create cheyyalo kindha oka video link icha, ah video chudandi.

Link: https://www.instagram.com/reel/Cw7kbzEvyxj/?igsh=MXZycDdkY3NicTdmeg==
Ee video lo chusi create chesina word list ni username file laga and password
list laga renditiki okkati use cheyyandi but duplicate chesi two files laga divide
cheyandi and oka file ki “user.txt” and inko file ki “pass.txt” ani pettandi.

Step 2: Open Metasploit Framework

Kali Linux open chesi terminal lo kindha ichina command ivvandi.

Command:

msfconsole

E command ivvagane miku Metasploit Framework load avthundhi. Then, kindha

ichinna commands follow avvandi.

1st Command:

use auxiliary/scanner/misc/cctv_dvr_login

2nd Command:

set RHOSTS <target-ip>

3rd Command:

set USER_FILE <usernames file ekkada save chesaro ah path ivvandi ikkada>

4th Command:

set PASS_FILE <passwords file ekkada save chesaro ah path ivvandi ikkada>

5th Command:

exploit

●​ Exploit ichaka konchem sepu wait cheyyandi. Bruteforce attack start

avthundhi. Username and password find ayyaka attack stop avtundhi
automatic ga.

Step 3: Login to DVR

●​ Once username and password vachaka, just browser open chesi DVR IP and
port number ivvandi.

Example:

192.168.1.1:<port-no>
Ikkada IP place lo DVR IP ivvandi. Ila ichaka DVR login aduguthadhi. Bruteforce
attack lo find aina username and password ichi login cheyyandi.

NOTE:
●​ Miru CCTV camera network lo unnapudu matrame DVR loki browser nunchi
login avvagalgutharu.
●​ Vere ekkado undi login chesthe login avvadhu.

Thanks........

GOOGLE DORKS :

intitle:"Webcam" inurl:WebCam.htm

inurl:webcam site:skylinewebcams.com inurl:roma

intitle:"webcamXP" inurl:8080

intitle:"webcamxp 5" intext: "live stream"