Hacking Security Cameras Using Google Dorks



 A Google Dork is a search that uses one or more of these advanced techniques to reveal something interesting. Something important to keep in mind, the web can be crawled by anyone. Google automatically indexes a website, and unless sensitive information is explicitly blocked from indexing (nofollow, robots.txt), all of the content can be searched via Dorks or advanced search operators.

 

A few security webcam searches using Dorks

1

intitle:liveapplet Mostly security cameras, car parks, colleges, clubs, bars etc.

 

1

intitle:”snc-rz30 home” Mostly security cameras, shops, car parks

 

1

inurl:LvAppl intitle:liveapplet Mostly security cameras, car parks, colleges etc.

 

1

2

inurl:lvappl A huge list of webcams around the world, mostly security cameras, car parks, colleges

etc.

 

1

inurl:axis-cgi/jpg Mostly security cameras

 

1

inurl:”webcam.html” Mostly European security cameras

 

1

intitle:”Live View / – AXIS” Mostly security cameras, car parks, colleges etc.

 

1

intitle:”LiveView / – AXIS” Mostly security cameras, car parks, colleges etc.

 

1

inurl:view/view.shtml Mostly security cameras, car parks, colleges etc.

 

1

control/userimage.html


inurl:LvAppl

Dork: inurl:axis-cgi/jpg

Dork: inurl:view/view.shtml

Hacking Security Cameras Using Shodan

Shodan is a search engine for Internet-connected devices. Google lets you search for websites, Shodan lets you search for every device connected to the internet. 

Find security cams on the Shodan website

Website: https://shodan.io/

Searching for Hikvision:

1

Hikvision

1

Hikvision 8080

💚Shodan Dorks❤


A small collection of search queries for Shodan

This was written for educational purpose and pentest only.The author will be not responsible for any damage..!The author of this tool is not responsible for any misuse of the information.You shall not misuse the information to gain unauthorized access.This information shall only be used to expand knowledge and not forcausing malicious or damaging attacks.Performing any hacks without written permission is illegal..!!!


Chromecasts / Smart TVs →"Chromecast:" port:8008


Traffic Light Controllers / Red Light Cameras →mikrotik streetlight


IP cams, some of which are unprotected →IP Cams


+ 21k surveillance cams, user: admin; NO PASSWORD →NETSurveillance uc-httpd


DICOM Medical X-Ray Machines →Secured by default, thankfully, but these 1,700 + machines still have no business being on the internet..!DICOM Server Response


Door / Lock Access Controllers →"HID VertX" port:4070


Electric Vehicle Chargers mag_right →"Server: gSOAP/2.8" "Content-Length: 583"


Remote Desktop →Unprotected..!"authentication disabled" "RFB 003.008"


Windows RDP →99.99% are secured by a secondary Windows login screen."\x03\x00\x00\x0b\x06\xd0\x00\x00\x124\x00"


Lantronix ethernet adapter's →admin interface open, NO PASSWORD required.Press Enter Setup Mode port:9999


Pi-hole Open DNS Servers →"dnsmasq-pi-hole" "Recursion: enabled"


Already Logged-In as root via Telnet →"root@" port:23 -login -password -name -Session


Android Root Bridges →A tangential result of Google’s dumb fractured update approach."Android Debug Bridge" "Device" port:5555


Xerox Copiers/Printers →With root acces..!ssl:"Xerox Generic Root"


Apple AirPlay Receivers →Apple TVs, HomePods, etc."\x08_airplay" port:5353


TCP Quote of the Day →Port 17 (RFC 865) has a bizarre history…port:17 product:"Windows qotd"


Find a Job Doing This..! →"X-Recruiting:"

The search begins. Copy the IP address and port, and put it in your browser. ipaddress:8080


For more info you can use nmap tool !!


What data can we find using google dorks?

Username and passwords

Sensitive documents

Govt/military data

Email lists

Bank account details

Google Dorks Lists

I have made a huge Google Dorks List on GitHub. A collection of around 10.000 Dorks.


More about dorks given here.


💚Hacking by Angry IP Scanner❤

In this article I will teach you how to use the Angry IP Scanner to scan the Internet and look for IP cameras and recorders (DVRs and NVRs).

https://angryip.org/


See below the Angry IP Scanner website. Make sure you have Java installed and download the correct version for your computer.


Install ANgry IP Scanner to hack CCTV camera


STEP 2 - Install the Angry IP Scanner


The installation is very simple, you just need to run the setup file and follow the instructions as shown in the images below: (click to enlarge)


Angry IP Scanner Installation 01

Click Next


Angry IP Scanner Installation 02

Click Install

Angry IP Scanner Installation 03
Click Finish
STEP 3 - Configure the Angry IP Scanner ports and fetcher 

To be able to find the information we are looking for to hack IP cameras is necessary to configure the Angry IP Scanner ports and fetchers so it can display the right information. See the picture below for the configuration.

Angry IP Scanner Preference

Configure the ports 80, 23, 8080, 8081 and 8082 that are the most one used by people that install the IP cameras and let them available on the Internet.


Angry IP Scanner Port Configuration to hack CCTV camera


Configure the fetchers to display the Web Detect information that will show some device information that is useful to find out who is the manufacturer.


To hack a CCTV camera is really necessary to have such basic information


Go to tools and click on fetchers to open the configuration window

Angry IP Scanner fetchers

Select the Web detect fetcher on the right side and click the arrow to move it to the left side so it can be displayed in the software main page.

Angry IP Scanner Fetchers to hack CCTV camera

STEP 4 - Choose the IP port range to scan

To hack a CCTV camera first is necessary to find one that is available on the Internet, so you need to choose an IP Address range to scan with the Angry IP scanner. See the picture below where a range of IP address was scanned. 

IP Angry Scanner Results for Hikvision DVRs


You can use the IP range from your country or service provider, in the example above I used the range from xx.242.10.0 to xx.242.10.255. Note that you can fill the first part of the IP range and choose /24 or /16 for example to let the software find the range for you with 254 or 65.534 hosts respectively.


For privacy reasons the first part of the IP is not shown, after only few scans it's possible to find two Hikvision DVRs that are online on the Internet. I know that because of the Web detect information that shows DNVRS-Webs.


The scan can be done for thousand of IP addresses, so it's quite common to find a lot of IP cameras, DVRs and NVRs that are connected to the Internet.


After find an IP camera or DVR online you just need to right click and choose to open it on a Web Browser. Just like shown in the picture below.

Angry IP Scanner Open in a Web Browser

In this case the device is a Hikvision DVR and you can just try to use the default user and password: "admin/12345" found on Hikvision manual.


Hikvision DVR Login Screen


Note the manufacturer name (Hikvision) underneath the login screen. Sometimes you see a big logo and sometimes a small text just like this one.


Did you get the idea? To hack CCTV camera you just need to use a tool to scan the Internet, find an online device and try the default password you can get from the manufacturer manual or from a IP camera default password list.


Below the image from the DVR after login with the admin/12345 credentials.

Hikvision Hacked DVR
Hikvision hacked DVR
It's easier to show an example with this manufacturer (Hikvison) because there a lot of their devices around the world, but the process also works with other brands as long as you can see the Web Detect information and try to use the default admin/password credentials to hack the CCTV camera.

Camera hacking guide!!!! Only for educational purpose!

USERNAME:
Admin / admin

PASSWORD:  
12345 / 123456

IP ADRESS:
192.168.0.100

USERNAME:
admin

PASSWORD:
admin

IP ADRESS:
192.168.1.108


USERNAME:

admin


PASSWORD:

admin


IP ADRESS:

192.168.1.108


USERNAME:

admin


PASSWORD:

12345 / 123456


IP ADRESS:

192.0.0.64


Other Products

BrandUser NamePasswordIP 

🍏Addressr13xLogic

admin

12345

192.0.0.64

🍏Acti

admin

admin

192.168.0.100

🍏American Dynmics

admin

admin

192.168.1.168

🍏Arecont Vision

admin

No Set Password

No Default / DHCP

🍏Avigilon

admin

admin

No Default / DHCP

🍏Axis

root

no set password

No Default / DHCP

🍏Basler

admin

admin

192.168.100.x

🍏Bosch

service

service

192.168.0.1

🍏Bosch Dinion

admin

No set password

192.168.0.1

🍏Brickcom

admin

admin

192.168.1.1

🍏CBC Ganz

admin

admin

192.168.100.x

🍏Cisco

no default

no set password

192.168.0.100

🍏CNB

root

admin

192.168.123.100

🍏Costar

root

root

unknown

🍏Dahua

admin

admin

192.168.1.108

🍏Drs

admin

1234

192.168.0.200

🍏DVTel

Admin

1234

192.168.0.250

🍏DynaColor

admin

1234

192.168.0.250

🍏Flir

admin

fliradmin

192.168.250.116

🍏Foscam

admin

leave blank

unknown

🍏GeoVision

admin

admin

192.168.0.10

🍏Grandstream

admin

admin

192.168.1.168

🍏GVI

Admin

1234

192.168.0.250

🍏HIKVision

admin

12345

192.0.0.64

🍏Honeywell

administrator

1234

no default/DHCP

🍏IOImage

admin

admin

192.168.123.10

🍏IPX-DDK

root

Admin or admin

192.168.1.168

🍏IQInvision

root

system

no default/DHCP

🍏JVC

admin

Model# of camera

no default/DHCP

🍏VideoIQ

supervisor

supervisor

no default/DHCP

BrandUser NamePasswordIP Addressr1LTS Security

admin

12345

192.0.0.64

🍏March Networks

admin

leave blank

unknown

🍏Merit Lilin

Camera

admin pass

No Default / DHCP

🍏Merit Lilin

Recorder

admin / 1111

No Default / DHCP

🍏Messoa

admin

Model# of camera

192.168.1.30

🍏Mobotix

admin

meinsm

No Default / DHCP

Northern

admin

12345

192.168.1.64

🍏Panasonic

admin

12345

192.168.0.253

Panasonic

admin1

password

192.168.0.253

🍏Pelco

admin

admin

no default/DHCP

🍏PiXORD

admin

admin

192.168.0.200

PiXORD

root

pass

192.168.0.200

🍏QVIS

admin

1234

192.168.0.250

🍏Samsung

root

4321 / admin

192.168.0.200

Samsung

admin

4321 / 1111111

192.168.1.200

🍏Sanyo

admin

admin

192.168.0.2

🍏Sentry360

Admin

1234

192.168.0.250

🍏Sony

admin

admin

192.168.0.100

🍏Speco

root

root

192.168.1.7

Speco

admin

admin

192.168.1.7

🍏StarDot

admin

admin

no default/DHCP

🍏Starvedia

admin

no set password

no default/DHCP

🍏Toshiba

root

ikwb

192.168.0.30

🍏Trendnet

admin

admin

192.168.10.1

🍏UDP

root

unknown

unknown

🍏Ubiquiti

ubnt

ubnt

192.168.1.20

🍏W-Box

admin

wbox / 123

192.0.0.64

Wodsee

root

leave blank

unknown

🍏Verint

admin

admin

no default/DHCP

🍏Vivotek

root

no set password

no default/DHCP

ACTi: admin/123456 or Admin/123456

Amcrest: admin/admin

American Dynamics: admin/admin or admin/9999 

Arecont Vision: none

AvertX: admin/1234

Avigilon: Previously admin/admin, changed to Administrator/<blank> in later firmware versions

Axis: Traditionally root/pass, new Axis cameras require password creation during first login (note that root/pass may be used for ONVIF access, but logging into the camera requires root password creation)

Basler: admin/admin

Bosch: None required, but new firmwares (6.0+) prompt users to create passwords on first login

Brickcom: admin/admin

Canon: root/camera

Cisco: No default password, requires creation during first login

Dahua: Requires password creation on first login. Previously this process was recommended but could be canceled; older models default to admin/admin

Digital Watchdog: admin/admin

DRS: admin/1234

DVTel: Admin/1234

DynaColor: Admin/1234

FLIR: admin/fliradmin

FLIR (Dahua OEM): admin/admin

FLIR (Quasar/Ariel): admin/admin

Foscam: admin/<blank>

GeoVision: admin/admin

Grandstream: admin/admin

Hanwha: admin/no default password, must be created during initial setup

Hikvision: Firmware 5.3.0 and up requires unique password creation; previously admin/12345

Honeywell: admin/1234

IndigoVision (Ultra): none

IndigoVision (BX/GX): Admin/1234

Intellio: admin/admin

Interlogix admin/1234

IQinVision: root/system

IPX-DDK: root/admin or root/Admin

JVC: admin/jvc

Longse: admin/12345

Lorex: admin/admin

LTS: Requires unique password creation; previously admin/12345

March Networks: admin/<blank>

Mobotix: admin/meinsm

Northern: Firmware 5.3.0 and up requires unique password creation; previously admin/12345

Oncam: admin/admin

Panasonic: Firmware 2.40 and up requires username/password creation; previously admin/12345

Pelco: New firmwares require unique password creation; previously admin/admin

Q-See: admin/admin or admin/123456

Samsung Electronics: root/root or admin/4321

Samsung Techwin (old): admin/1111111

Samsung (new): Previously admin/4321, but new firmwares require unique password creation

Sanyo: admin/admin

Scallop: admin/password

Sentry360 (pro): none 

Sony: admin/admin

Speco: admin/1234

Stardot: admin/admin

Starvedia: admin/<blank>

Sunell: admin/admin

SV3C: admin/123456

Swann: admin/12345 

Trendnet: admin/admin

Toshiba: root/ikwd

VideoIQ: supervisor/supervisor

Vivotek: root/<blank>

Ubiquiti: ubnt/ubnt

Uniview: admin/123456

W-Box (Hikvision OEM, old): admin/wbox123

W-Box (Sunell OEM, new): admin/admin

Wodsee: admin/<blank>

Dlink and defeway having default user name is = admin

and pass is blank. 

Site that provides some live cam access!

1. camstreamer.com 

2 ipcamlive.com 

3 learncctv.com 

4 ip-24.net ip-24.net

5 camvista.com 

6 cameraftp.com 

7 pngline.com 

8 webcamlocator.com 

9 webcams.ru

10 no-ip.info 

11 insecam.org


Subscribe to YouTube Channel


https://youtube.com/channel/UCUhO6qymOnHOUGZM9AyQb6w

https://youtube.com/channel/UC9H8sUv8y-T6H7BMwE3bUhA

Admin

No comments: