EvilZone
Hacking and Security => Hacking and Security => : khofo April 21, 2014, 12:52:29 AM
-
Hello Guys,
I am a bit paranoiac when it comes to privacy and I learned hacking basically for not being hacked. Yesterday I installed some cameras over the house and connected them to my hub they are controlled over ip. So I would like to test how secure these cams are I have Kali Linux installed and I want to know if someone can have access to them if he is connected to my wifi. If there any method that is know or techniques to try to "take over" my cams so I can set countermeasure. I really never tried it before. I don't want in details tutorial just the tool and a general idea.
Thanks fellow hackers
-
Please tell me you have a DMZ. If not, yes, they're internet accessible and you deserve to get your cameras hacked.
-
Well generally IP cams (if that's what you are referring to) have a simple log-in interface with no break-in countermeasures. Cheaper cams just gives you a basic HTTP auth window which can be easily brute-forced with shit like THC-Hydra or Medusa (personally I like Medusa more).
For countermeasures, I'd say, if it is possible, assign them local static IPs from your router DHCP and only make them accessible from the inside of your LAN. Oh and set an uber strong password too.
-
For countermeasures, I'd say, if it is possible, assign them local static IPs from your router DHCP and only make them accessible from the inside of your LAN. Oh and set an uber strong password too.
I just wanted to say that he mentioned that if they're connected to his wifi if they would be able to break in...
At a security standpoint and you want to be super paranoid, simply don't put the cameras online, however if you want the cameras to be viewed online, the most secure way to go about doing it is to have them only connectable from a VPN. Lock them to just a VPN and connect to your VPN to get access to your cameras. However if that's not an option a 15 character alpha-numeric non-dictionary password should suffice as it would take a LONG while to bruteforce that sumabitch.
Then who's to say what IP cams you're using and whether their remote viewing software has public or private exploits/bypasses and his dorkable or gets indexed with google.
-
Okay,
Thanks I am actually not connecting then to the intenet in my house I have multiple PC's and routers all connected to a hub where there is HDD's and managing and my cams are connected there
-
@DeepCopy: That would be a bad idea in case his VPN decides to go offline or for any reason is not available, then he would be completely locked out.
Typically you want an internal network for the CCTVs which are separated from the internet, and completely isolated from any other network devices. Alternately you could just block everything by using iptables or straight from your router, and only allow certain IP's (like your controller PC) Basically this means you have maybe a router, switch, few laptops, desktop, and none of these can communicate with the cam setup but the one you need. And yes, strong passwords, a DMZ and maybe an IPS/IDS on the network with the cams (but all networks have/should have something similar if running security cameras).
Also note that you should not use common ports for these devices, which should prevent most skiddy attacks.
How many cameras are you trying to setup? I have experience with these things, not the setting up part but the "access" part. And I will tell you that most people have no idea how to really do it the correct way which leads them to getting their systems owned. That includes home and industrial CCTVs.
-
@DeepCopy: That would be a bad idea in case his VPN decides to go offline or for any reason is not available, then he would be completely locked out.
Are you sure you know what you're talking about? I've set up cameras for businesses that insisted they be able to opporate their cameras remotely although I strongly advised against it. The fact of the matter is no cameras should be online. The most secure way is to put them behind a VPN. So the setup would be offline cameras on a LAN with your VPN, the VPN acts as a gateway to the LAN with the cameras. Strong VPN password as well as DVR password.
So if his VPN goes out he can go home and restart it and his cameras wont be accessible in the meantime.
-
Yes, I know what I'm talking about. If his VPN is down indefinitely, how does he access a service hardwired to only accept connections from there and not elsewhere? Do you understand what I'm saying?
-
Yes, I know what I'm talking about. If his VPN is down indefinitely, how does he access a service hardwired to only accept connections from there and not elsewhere? Do you understand what I'm saying?
No I do not understand what you are talking about. He controls his VPN. A VPN is a Virtual Private Network. Its not a remote service that he connects to it's at his home. He sets up the VPN with something like OpenVPN server. Why would his VPN be down indefinitely? Its at his house, if there's an issue he goes and resets his box he's using as a VPN server. On top of that his cameras are at his own house.
Let me break this down as simple as possible
IP cameras connected to local lan with no direct access to the internet. On a seperated isolated network has a VPN that's connected to the isolated network thats has the IP Cameras, so the VPN is the only way to connect to his private LAN cameras. That way he needs to connect to his VPN as the only way to establish a LAN connection to his cameras.
He controls the VPN at home along with the cameras, so how is his VPN going to go down indefinitely? It's at his house along with the cameras?
(http://cdn.instructables.com/FR3/X8GT/HIW8FOTM/FR3X8GTHIW8FOTM.MEDIUM.jpg)
Ex of how to set an OpenVPN up
http://www.instructables.com/id/Host-Your-Own-Virtual-Private-Network-VPN-with-O/?ALLSTEPS
-
Dude, you realize you never mentioned it would be a home VPN server, so don't be a dick.
-
Dude, you realize you never mentioned it would be a home VPN server, so don't be a dick.
Thought it was pretty straight forward... I wasn't being a dick, you just kept telling me how bad my suggestion was without even understanding what I was saying...
Plus 4 posts up I stated:
...
The most secure way is to put them behind a VPN. So the setup would be offline cameras on a LAN with your VPN, the VPN acts as a gateway to the LAN with the cameras.
...
So if his VPN goes out he can go home and restart it and his cameras wont be accessible in the meantime.
-
Then I probably misread what you were saying
-
Then I probably misread what you were saying
I said VPN and you automatically assumed a server in some distant country with a VPN server installed as an anonymity method that it's commonly used for instead of its original purpose to be able to connect to your local network from a remote connection.
Could also be set up the same way via SSH as well btw
-
Alright alright, twas a simple misunderstanding. I don't want to lock this so just stop arguing.
-
Hello Guys,
I am a bit paranoiac when it comes to privacy and I learned hacking basically for not being hacked. Yesterday I installed some cameras over the house and connected them to my hub they are controlled over ip. So I would like to test how secure these cams are I have Kali Linux installed and I want to know if someone can have access to them if he is connected to my wifi. If there any method that is know or techniques to try to "take over" my cams so I can set countermeasure. I really never tried it before. I don't want in details tutorial just the tool and a general idea.
Thanks fellow hackers
Are the camera's connected wireless or over ethernet ?
If they are connected wireless you are fucked basically, there is nothing more stupid than this.
-
Are the camera's connected wireless or over ethernet ?
If they are connected wireless you are fucked basically, there is nothing more stupid than this.
They can run to a router that's not connected to the internet, and then either run the router as the VPN or a dedicated machine for more flexability.
-
They can run to a router that's not connected to the internet, and then either run the router as the VPN or a dedicated machine for more flexability.
Wireless also means a deauth attack, flatlining it right at the bottom of the chain.
IP camera's + wireless == fail
-
That's the gist of it.
-
Are the camera's connected wireless or over ethernet ?
If they are connected wireless you are fucked basically, there is nothing more stupid than this.
I concur, optimally camera's should be wired to avoid jamming and hijacking. But a secure wifi setup should not have hijacking issues, only jamming.
-
I concur, optimally camera's should be wired to avoid jamming and hijacking. But a secure wifi setup should not have hijacking issues, only jamming.
Exactly and jamming is completely fatal.
-
As I stated, cameras should never be online. CCTV is a tried and true method on a DVR with not network. Physical attack is going to be the only method
(http://cdn.meme.li/instances/300x300/48857222.jpg)
The problem is companies like Lorex, QSee, Comcast, ADT, wtc. Tell you, hey you can view your cameras wherever you are never mentioning the security risk of your privacy. So everyone wants to be able to view their cameras from their ipad. I had a pharmacy get their cameras hacked because they wanted to view them at home. I warned them that camera systems should be PCI complient and treated just like their internal network that handles customer and payment information, but they didn't want to listen. They didn't even want to get the hardware to run a hardware firewall because they didn't want to pay for the hardware. They changed their tune when they got hacked. The hackers replaced their webview URL with a driveby, it was great!
-
The cams are connected via a kind of coax.
I'll try to be clear "my house" okay so imagine this and help me hack.
A place where there is lots of computers all centralized via a hub and a dozen cameras all also centralized on the hub via CCTV. So basically i connected my cams to the hub and from there I have coax to a TV where I can view the cams and also via the wifi I can access my cams with an http login.
HOW TO HACK THIS
-
HOW TO HACK THIS
Caps lock won't help you in this neighborhood..
-
The cams are connected via a kind of coax.
I'll try to be clear "my house" okay so imagine this and help me hack.
A place where there is lots of computers all centralized via a hub and a dozen cameras all also centralized on the hub via CCTV. So basically i connected my cams to the hub and from there I have coax to a TV where I can view the cams and also via the wifi I can access my cams with an http login.
HOW TO HACK THIS
Wow as stated a basic HTTP auth can be bruteforced via hydra or medusa, jtr, c&a, etc. Those "coax" things are called "BNC" and your system should not be online. A bruteforce or dictionary attack could lead to your system being compromised.
-
It's not online but I don't know how a hacker cam make his way to find the cam. I mean can the cams be easily found via Nmap or some scanning software?
-
Many cameras (webcam, security CCTVs etc.) are easily found by vulnerability scans and yes NMAP has modules for this as well, and a lot of cameras and CCTV setups are also easily exploitable services. This is why you should eliminate the possibility of an outside threat by never connecting to the internet, or at least having them secured on the internal network via firewall or iptables rules to only allow certain hosts (but NEVER by other internal services/hosts which could be vulnerable to other things and thus easily privilege escalated).
-
Ok thanks guys :)
-
The cams are connected via a kind of coax.
I'll try to be clear "my house" okay so imagine this and help me hack.
A place where there is lots of computers all centralized via a hub and a dozen cameras all also centralized on the hub via CCTV. So basically i connected my cams to the hub and from there I have coax to a TV where I can view the cams and also via the wifi I can access my cams with an http login.
HOW TO HACK THIS
Don't use a hub. Use a switch.