A Google Dork is a search that uses one or more of these advanced techniques to reveal something interesting. Something important to keep in mind, the web can be crawled by anyone. Google automatically indexes a website, and unless sensitive information is explicitly blocked from indexing (nofollow, robots.txt), all of the content can be searched via Dorks or advanced search operators.
A few security webcam searches using Dorks
1
intitle:liveapplet Mostly security cameras, car parks, colleges, clubs, bars etc.
1
intitle:”snc-rz30 home” Mostly security cameras, shops, car parks
1
inurl:LvAppl intitle:liveapplet Mostly security cameras, car parks, colleges etc.
1
2
inurl:lvappl A huge list of webcams around the world, mostly security cameras, car parks, colleges
etc.
1
inurl:axis-cgi/jpg Mostly security cameras
1
inurl:”webcam.html” Mostly European security cameras
1
intitle:”Live View / – AXIS” Mostly security cameras, car parks, colleges etc.
1
intitle:”LiveView / – AXIS” Mostly security cameras, car parks, colleges etc.
1
inurl:view/view.shtml Mostly security cameras, car parks, colleges etc.
1
control/userimage.html
inurl:LvAppl
Dork: inurl:axis-cgi/jpg
Dork: inurl:view/view.shtml
Hacking Security Cameras Using Shodan
Shodan is a search engine for Internet-connected devices. Google lets you search for websites, Shodan lets you search for every device connected to the internet.
Find security cams on the Shodan website
Website: https://shodan.io/
Searching for Hikvision:
1
Hikvision
1
Hikvision 8080
💚Shodan Dorks❤
A small collection of search queries for Shodan
This was written for educational purpose and pentest only.The author will be not responsible for any damage..!The author of this tool is not responsible for any misuse of the information.You shall not misuse the information to gain unauthorized access.This information shall only be used to expand knowledge and not forcausing malicious or damaging attacks.Performing any hacks without written permission is illegal..!!!
Chromecasts / Smart TVs →"Chromecast:" port:8008
Traffic Light Controllers / Red Light Cameras →mikrotik streetlight
IP cams, some of which are unprotected →IP Cams
+ 21k surveillance cams, user: admin; NO PASSWORD →NETSurveillance uc-httpd
DICOM Medical X-Ray Machines →Secured by default, thankfully, but these 1,700 + machines still have no business being on the internet..!DICOM Server Response
Door / Lock Access Controllers →"HID VertX" port:4070
Electric Vehicle Chargers mag_right →"Server: gSOAP/2.8" "Content-Length: 583"
Remote Desktop →Unprotected..!"authentication disabled" "RFB 003.008"
Windows RDP →99.99% are secured by a secondary Windows login screen."\x03\x00\x00\x0b\x06\xd0\x00\x00\x124\x00"
Lantronix ethernet adapter's →admin interface open, NO PASSWORD required.Press Enter Setup Mode port:9999
Pi-hole Open DNS Servers →"dnsmasq-pi-hole" "Recursion: enabled"
Already Logged-In as root via Telnet →"root@" port:23 -login -password -name -Session
Android Root Bridges →A tangential result of Google’s dumb fractured update approach."Android Debug Bridge" "Device" port:5555
Xerox Copiers/Printers →With root acces..!ssl:"Xerox Generic Root"
Apple AirPlay Receivers →Apple TVs, HomePods, etc."\x08_airplay" port:5353
TCP Quote of the Day →Port 17 (RFC 865) has a bizarre history…port:17 product:"Windows qotd"
Find a Job Doing This..! →"X-Recruiting:"
The search begins. Copy the IP address and port, and put it in your browser. ipaddress:8080
For more info you can use nmap tool !!
What data can we find using google dorks?
Username and passwords
Sensitive documents
Govt/military data
Email lists
Bank account details
Google Dorks Lists
I have made a huge Google Dorks List on GitHub. A collection of around 10.000 Dorks.
More about dorks given here.
💚Hacking by Angry IP Scanner❤
In this article I will teach you how to use the Angry IP Scanner to scan the Internet and look for IP cameras and recorders (DVRs and NVRs).
https://angryip.org/
See below the Angry IP Scanner website. Make sure you have Java installed and download the correct version for your computer.
Install ANgry IP Scanner to hack CCTV camera
STEP 2 - Install the Angry IP Scanner
The installation is very simple, you just need to run the setup file and follow the instructions as shown in the images below: (click to enlarge)
Angry IP Scanner Installation 01
Click Next
Angry IP Scanner Installation 02
Click Install
Angry IP Scanner Installation 03
Click Finish
STEP 3 - Configure the Angry IP Scanner ports and fetcher
To be able to find the information we are looking for to hack IP cameras is necessary to configure the Angry IP Scanner ports and fetchers so it can display the right information. See the picture below for the configuration.
Angry IP Scanner Preference
Configure the ports 80, 23, 8080, 8081 and 8082 that are the most one used by people that install the IP cameras and let them available on the Internet.
Angry IP Scanner Port Configuration to hack CCTV camera
Configure the fetchers to display the Web Detect information that will show some device information that is useful to find out who is the manufacturer.
To hack a CCTV camera is really necessary to have such basic information
Go to tools and click on fetchers to open the configuration window
Angry IP Scanner fetchers
Select the Web detect fetcher on the right side and click the arrow to move it to the left side so it can be displayed in the software main page.
Angry IP Scanner Fetchers to hack CCTV camera
STEP 4 - Choose the IP port range to scan
To hack a CCTV camera first is necessary to find one that is available on the Internet, so you need to choose an IP Address range to scan with the Angry IP scanner. See the picture below where a range of IP address was scanned.
IP Angry Scanner Results for Hikvision DVRs
You can use the IP range from your country or service provider, in the example above I used the range from xx.242.10.0 to xx.242.10.255. Note that you can fill the first part of the IP range and choose /24 or /16 for example to let the software find the range for you with 254 or 65.534 hosts respectively.
For privacy reasons the first part of the IP is not shown, after only few scans it's possible to find two Hikvision DVRs that are online on the Internet. I know that because of the Web detect information that shows DNVRS-Webs.
The scan can be done for thousand of IP addresses, so it's quite common to find a lot of IP cameras, DVRs and NVRs that are connected to the Internet.
After find an IP camera or DVR online you just need to right click and choose to open it on a Web Browser. Just like shown in the picture below.
Angry IP Scanner Open in a Web Browser
In this case the device is a Hikvision DVR and you can just try to use the default user and password: "admin/12345" found on Hikvision manual.
Hikvision DVR Login Screen
Note the manufacturer name (Hikvision) underneath the login screen. Sometimes you see a big logo and sometimes a small text just like this one.
Did you get the idea? To hack CCTV camera you just need to use a tool to scan the Internet, find an online device and try the default password you can get from the manufacturer manual or from a IP camera default password list.
Below the image from the DVR after login with the admin/12345 credentials.
Hikvision Hacked DVR
Hikvision hacked DVR
It's easier to show an example with this manufacturer (Hikvison) because there a lot of their devices around the world, but the process also works with other brands as long as you can see the Web Detect information and try to use the default admin/password credentials to hack the CCTV camera.
Camera hacking guide!!!! Only for educational purpose!
USERNAME:
Admin / admin
PASSWORD:
12345 / 123456
IP ADRESS:
192.168.0.100
USERNAME:
admin
PASSWORD:
admin
IP ADRESS:
192.168.1.108

USERNAME:
admin
PASSWORD:
admin
IP ADRESS:
192.168.1.108
USERNAME:
admin
PASSWORD:
12345 / 123456
IP ADRESS:
192.0.0.64
Other Products
BrandUser NamePasswordIP
🍏Addressr13xLogic
admin
12345
192.0.0.64
🍏Acti
admin
admin
192.168.0.100
🍏American Dynmics
admin
admin
192.168.1.168
🍏Arecont Vision
admin
No Set Password
No Default / DHCP
🍏Avigilon
admin
admin
No Default / DHCP
🍏Axis
root
no set password
No Default / DHCP
🍏Basler
admin
admin
192.168.100.x
🍏Bosch
service
service
192.168.0.1
🍏Bosch Dinion
admin
No set password
192.168.0.1
🍏Brickcom
admin
admin
192.168.1.1
🍏CBC Ganz
admin
admin
192.168.100.x
🍏Cisco
no default
no set password
192.168.0.100
🍏CNB
root
admin
192.168.123.100
🍏Costar
root
root
unknown
🍏Dahua
admin
admin
192.168.1.108
🍏Drs
admin
1234
192.168.0.200
🍏DVTel
Admin
1234
192.168.0.250
🍏DynaColor
admin
1234
192.168.0.250
🍏Flir
admin
fliradmin
192.168.250.116
🍏Foscam
admin
leave blank
unknown
🍏GeoVision
admin
admin
192.168.0.10
🍏Grandstream
admin
admin
192.168.1.168
🍏GVI
Admin
1234
192.168.0.250
🍏HIKVision
admin
12345
192.0.0.64
🍏Honeywell
administrator
1234
no default/DHCP
🍏IOImage
admin
admin
192.168.123.10
🍏IPX-DDK
root
Admin or admin
192.168.1.168
🍏IQInvision
root
system
no default/DHCP
🍏JVC
admin
Model# of camera
no default/DHCP
🍏VideoIQ
supervisor
supervisor
no default/DHCP
BrandUser NamePasswordIP Addressr1LTS Security
admin
12345
192.0.0.64
🍏March Networks
admin
leave blank
unknown
🍏Merit Lilin
Camera
admin pass
No Default / DHCP
🍏Merit Lilin
Recorder
admin / 1111
No Default / DHCP
🍏Messoa
admin
Model# of camera
192.168.1.30
🍏Mobotix
admin
meinsm
No Default / DHCP
Northern
admin
12345
192.168.1.64
🍏Panasonic
admin
12345
192.168.0.253
Panasonic
admin1
password
192.168.0.253
🍏Pelco
admin
admin
no default/DHCP
🍏PiXORD
admin
admin
192.168.0.200
PiXORD
root
pass
192.168.0.200
🍏QVIS
admin
1234
192.168.0.250
🍏Samsung
root
4321 / admin
192.168.0.200
Samsung
admin
4321 / 1111111
192.168.1.200
🍏Sanyo
admin
admin
192.168.0.2
🍏Sentry360
Admin
1234
192.168.0.250
🍏Sony
admin
admin
192.168.0.100
🍏Speco
root
root
192.168.1.7
Speco
admin
admin
192.168.1.7
🍏StarDot
admin
admin
no default/DHCP
🍏Starvedia
admin
no set password
no default/DHCP
🍏Toshiba
root
ikwb
192.168.0.30
🍏Trendnet
admin
admin
192.168.10.1
🍏UDP
root
unknown
unknown
🍏Ubiquiti
ubnt
ubnt
192.168.1.20
🍏W-Box
admin
wbox / 123
192.0.0.64
Wodsee
root
leave blank
unknown
🍏Verint
admin
admin
no default/DHCP
🍏Vivotek
root
no set password
no default/DHCP
ACTi: admin/123456 or Admin/123456
Amcrest: admin/admin
American Dynamics: admin/admin or admin/9999
Arecont Vision: none
AvertX: admin/1234
Avigilon: Previously admin/admin, changed to Administrator/<blank> in later firmware versions
Axis: Traditionally root/pass, new Axis cameras require password creation during first login (note that root/pass may be used for ONVIF access, but logging into the camera requires root password creation)
Basler: admin/admin
Bosch: None required, but new firmwares (6.0+) prompt users to create passwords on first login
Brickcom: admin/admin
Canon: root/camera
Cisco: No default password, requires creation during first login
Dahua: Requires password creation on first login. Previously this process was recommended but could be canceled; older models default to admin/admin
Digital Watchdog: admin/admin
DRS: admin/1234
DVTel: Admin/1234
DynaColor: Admin/1234
FLIR: admin/fliradmin
FLIR (Dahua OEM): admin/admin
FLIR (Quasar/Ariel): admin/admin
Foscam: admin/<blank>
GeoVision: admin/admin
Grandstream: admin/admin
Hanwha: admin/no default password, must be created during initial setup
Hikvision: Firmware 5.3.0 and up requires unique password creation; previously admin/12345
Honeywell: admin/1234
IndigoVision (Ultra): none
IndigoVision (BX/GX): Admin/1234
Intellio: admin/admin
Interlogix admin/1234
IQinVision: root/system
IPX-DDK: root/admin or root/Admin
JVC: admin/jvc
Longse: admin/12345
Lorex: admin/admin
LTS: Requires unique password creation; previously admin/12345
March Networks: admin/<blank>
Mobotix: admin/meinsm
Northern: Firmware 5.3.0 and up requires unique password creation; previously admin/12345
Oncam: admin/admin
Panasonic: Firmware 2.40 and up requires username/password creation; previously admin/12345
Pelco: New firmwares require unique password creation; previously admin/admin
Q-See: admin/admin or admin/123456
Samsung Electronics: root/root or admin/4321
Samsung Techwin (old): admin/1111111
Samsung (new): Previously admin/4321, but new firmwares require unique password creation
Sanyo: admin/admin
Scallop: admin/password
Sentry360 (pro): none
Sony: admin/admin
Speco: admin/1234
Stardot: admin/admin
Starvedia: admin/<blank>
Sunell: admin/admin
SV3C: admin/123456
Swann: admin/12345
Trendnet: admin/admin
Toshiba: root/ikwd
VideoIQ: supervisor/supervisor
Vivotek: root/<blank>
Ubiquiti: ubnt/ubnt
Uniview: admin/123456
W-Box (Hikvision OEM, old): admin/wbox123
W-Box (Sunell OEM, new): admin/admin
Wodsee: admin/<blank>
Dlink and defeway having default user name is = admin
and pass is blank.
Site that provides some live cam access!
1. camstreamer.com
2 ipcamlive.com
3 learncctv.com
4 ip-24.net ip-24.net
5 camvista.com
6 cameraftp.com
7 pngline.com
8 webcamlocator.com
9 webcams.ru
10 no-ip.info
11 insecam.org
Subscribe to YouTube Channel
https://youtube.com/channel/UCUhO6qymOnHOUGZM9AyQb6w
https://youtube.com/channel/UC9H8sUv8y-T6H7BMwE3bUhA