EvilZone
Hacking and Security => Hacking and Security => : khofo August 26, 2014, 10:44:00 PM
-
Hey Guys,
While gathering info about my school's website I realized that the website is hosted inside the school, and not in a hosting company, and after a quick maltego mapping i realized all the services are hosted in the same place a kind of hub. Then I realized that perhaps the cameras are connected to the same network so I ran HttpRecon and realized that effectively it's a hub since the number of barracudas, NAS's and other services indicated that the wp website is only a small part of a huge network. I did not recognize any device that could be a camera nor did I recognize any interface the cameras may intercat with. So my question is that is it possible to find those cams via the websites url or I should have acess to the network itself. Here is attached the scan I made with httprecon.
Any useful reply, indication or clarification is welcome
-
The cameras are most likely only accesible from the inside. Only those standalone home monitoring systems stream live...
-
The cameras are most likely only accesible from the inside. Only those standalone home monitoring systems stream live...
Often these are put on a different network.
@op I think you should learn a bit about how networks are built.
If I would put that shit on the same network (which obviously no sane person would do) I would loose my job.
There is likely to be a network segment dedicated to the cameras, possibly on a seperate VLAN if not on a completely isolated zone.
If they went crazy on this shit it is also likely that there is additional MAC and/or IP filtering going on.
Its no bank but even things like 802.1x over ethernet is not uncommon these days.
Welcome to 2014.
Glad to ruin your day.
-
Oh, I see now I think I going to look for some documentation on how surveillance cameras are implemented in a an existent network. I thought that perhaps the cameras are accessible from outside via the website. But what would be common sense for the IT team is to isolate from general traffic and create a VPN or some kind of filtering. Anws thanks for the clarifications
-
There is always physical security ;)
It often sucks.
-
There is Ethernet ports in the walls connected to routers that are for sure used to make teachers computers connect to the network and not to offer WiFi I think getting access to this internal network physically may offer more possibilities. What I noticed indeed is that via the canteen WiFi which is accessible for students u can access all school's related online material such as the grades and school website much faster via the internal network and not an external request. But I think that there is some restrictions anws to access the network itself. I guess I'll take my laptop there someday and check this out.
-
Here is my advice on what you should do
1. You have already scaned the whole network that you could possibly do
2. What you need to do now is
-> find a software that will scan every IP address on the whole network and Scan EVERY single port open - Once it has scanned all ports - it will now grab all the banners off the ports for example
on ip 10.0.0.7 has ports 21 - 23 - 3306 on it when the banner scans those ports its going to output via file > /tmp/scan.txt - and display the banner such as
port 3306 -> banner > Mysql Version X
port 21 -> banner > Proftpd
port 80 -> Web Camera Software Version X
Now you know what ip + port is located on the network and now you have found the camera
If that does not work
Locate your local School office Principals - Assistant Principle - or any Supervisor
you have found those out you need to get the ip of his computer
Simply send him an email and wait for him to simply reply back
Now you have to get his account information
Simply start a MiTM attack on the subnet his ip is located on
Go talk to him and say hey someone stole my stuff can you see who done it on the camera?
behind the doors your executing a sniffing attack on his system
which now allows you access into his computer now you have access to the Camera System
and boom your done :)
----------------------------------
Also some networks have different Jack ports you will see the common color " blue "
but then there are other ports specifically designed for IT department , School officials , etc etc etc
it might be a color of orange , yellow , or whatever the Field technician that installed the cable had put in
plug your local computer that your on into that port - or a laptop
and start sniffing
and let the Fun begin
Have fun :)
-
Here is my advice on what you should do
1. You have already scaned the whole network that you could possibly do
2. What you need to do now is
-> find a software that will scan every IP address on the whole network and Scan EVERY single port open - Once it has scanned all ports - it will now grab all the banners off the ports for example
on ip 10.0.0.7 has ports 21 - 23 - 3306 on it when the banner scans those ports its going to output via file > /tmp/scan.txt - and display the banner such as
port 3306 -> banner > Mysql Version X
port 21 -> banner > Proftpd
port 80 -> Web Camera Software Version X
Now you know what ip + port is located on the network and now you have found the camera
If that does not work
Locate your local School office Principals - Assistant Principle - or any Supervisor
you have found those out you need to get the ip of his computer
Simply send him an email and wait for him to simply reply back
Now you have to get his account information
Simply start a MiTM attack on the subnet his ip is located on
Go talk to him and say hey someone stole my stuff can you see who done it on the camera?
behind the doors your executing a sniffing attack on his system
which now allows you access into his computer now you have access to the Camera System
and boom your done :)
----------------------------------
Also some networks have different Jack ports you will see the common color " blue "
but then there are other ports specifically designed for IT department , School officials , etc etc etc
it might be a color of orange , yellow , or whatever the Field technician that installed the cable had put in
plug your local computer that your on into that port - or a laptop
and start sniffing
and let the Fun begin
Have fun :)
well thanks a lot :)
Any software example that can do that ??
and I finally got the chance to use this
(http://i62.tinypic.com/1p72gp.jpg)
-
The thread is 3 weeks old............... That is no necromancy.
-
Eventhough his post is pretty blunt and lacks the a solution for the defensive arguments discussed below it is constructive therefor nercoing is acceptable.
-
nmap has a plugin built in called " banner "
http://nmap.org/nsedoc/scripts/banner.html
and just scan the subnet with the /24 command /27 etc etc
-
Do you have access to the cameras in person? if you do go ahead and look up their model/serial number online..
Not only will you know what port their control panel is likely to be on, you'll also (likely) be able to download firmware (and reverse it), and those cameras quite often have RCE or LFI type vulnerabilities.
Security on these SHOULD be very tight, but with what I've seen... it usually isn't.
Dont go scanning their whole damn network repeatedly.
-
Do you have access to the cameras in person? if you do go ahead and look up their model/serial number online..
Not only will you know what port their control panel is likely to be on, you'll also (likely) be able to download firmware (and reverse it), and those cameras quite often have RCE or LFI type vulnerabilities.
Security on these SHOULD be very tight, but with what I've seen... it usually isn't.
Dont go scanning their whole damn network repeatedly.
I'll look this up tomorrow, will an image search be enough or I'll should look for the serial number written on the camera
-
An image-search on a photo of the cctv-camera? I'd doubt it, serial number, vendor and/or model should bring up what you need. feel free to try tho.
-
An image-search on a photo of the cctv-camera? I'd doubt it, serial number, vendor and/or model should bring up what you need. feel free to try tho.
EDIT: this is definitely the camera :)
http://www.samsungsv.com/Product/Detail/13/Samsung-SED-1001R-Night-Vision-Indoor-Dome-Camera- (http://www.samsungsv.com/Product/Detail/13/Samsung-SED-1001R-Night-Vision-Indoor-Dome-Camera-)
EDIT 2: The camera is not an IP camera, only CAT5 cables and DVR, probably not connected to network perhaps the DVR is and storing on networks disk, this is the only way I guess