Helping me testing my Cams

[iTpHo3NiX]

Are the camera's connected wireless or over ethernet ?
If they are connected wireless you are fucked basically, there is nothing more stupid than this.

They can run to a router that's not connected to the internet, and then either run the router as the VPN or a dedicated machine for more flexability.

[proxx]

They can run to a router that's not connected to the internet, and then either run the router as the VPN or a dedicated machine for more flexability.

Wireless also means a deauth attack, flatlining it right at the bottom of the chain.
IP camera's + wireless == fail

[Architect]

That's the gist of it.

[ande]

Are the camera's connected wireless or over ethernet ?
If they are connected wireless you are fucked basically, there is nothing more stupid than this.

I concur, optimally camera's should be wired to avoid jamming and hijacking. But a secure wifi setup should not have hijacking issues, only jamming.

[proxx]

I concur, optimally camera's should be wired to avoid jamming and hijacking. But a secure wifi setup should not have hijacking issues, only jamming.

Exactly and jamming is completely fatal.

[iTpHo3NiX]

As I stated, cameras should never be online. CCTV is a tried and true method on a DVR with not network. Physical attack is going to be the only method



The problem is companies like Lorex, QSee, Comcast, ADT, wtc. Tell you, hey you can view your cameras wherever you are never mentioning the security risk of your privacy. So everyone wants to be able to view their cameras from their ipad. I had a pharmacy get their cameras hacked because they wanted to view them at home. I warned them that camera systems should be PCI complient and treated just like their internal network that handles customer and payment information, but they didn't want to listen. They didn't even want to get the hardware to run a hardware firewall because they didn't want to pay for the hardware. They changed their tune when they got hacked. The hackers replaced their webview URL with a driveby, it was great!

[khofo]

The cams are connected via a kind of coax.
I'll try to be clear "my house" okay so imagine this and help me hack.
A place where there is lots of computers all centralized via a hub and a dozen cameras all also centralized on the hub via CCTV. So basically i connected my cams to the hub and from there I have coax to a TV where I can view the cams and also via the wifi I can access my cams with an http login.
HOW TO HACK THIS 

[lucid]

HOW TO HACK THIS

Caps lock won't help you in this neighborhood..

[iTpHo3NiX]

The cams are connected via a kind of coax.
I'll try to be clear "my house" okay so imagine this and help me hack.
A place where there is lots of computers all centralized via a hub and a dozen cameras all also centralized on the hub via CCTV. So basically i connected my cams to the hub and from there I have coax to a TV where I can view the cams and also via the wifi I can access my cams with an http login.
HOW TO HACK THIS 

Wow as stated a basic HTTP auth can be bruteforced via hydra or medusa, jtr, c&a, etc. Those "coax" things are called "BNC" and your system should not be online. A bruteforce or dictionary attack could lead to your system being compromised.

[khofo]

It's not online but I don't know how a hacker cam make his way to find the cam. I mean can the cams be easily found via Nmap or some scanning software?

[Architect]

Many cameras (webcam, security CCTVs etc.) are easily found by vulnerability scans and yes NMAP has modules for this as well, and a lot of cameras and CCTV setups are also easily exploitable services. This is why you should eliminate the possibility of an outside threat by never connecting to the internet, or at least having them secured on the internal network via firewall or iptables rules to only allow certain hosts (but NEVER by other internal services/hosts which could be vulnerable to other things and thus easily privilege escalated).

[khofo]

Ok thanks guys

[ThePH30N1X]

The cams are connected via a kind of coax.
I'll try to be clear "my house" okay so imagine this and help me hack.
A place where there is lots of computers all centralized via a hub and a dozen cameras all also centralized on the hub via CCTV. So basically i connected my cams to the hub and from there I have coax to a TV where I can view the cams and also via the wifi I can access my cams with an http login.
HOW TO HACK THIS

Don't use a hub. Use a switch.