How to Hack CCTV | Full Tutorial
INFORMATION GATHERING
Introduction
This post not only discusses hacking techniques but also emphasizes the importance of protecting oneself from such attacks by hackers. If you have any doubts or questions, feel free to comment below.
Disclaimer
This content is strictly for educational purposes. Please be aware that the actions described herein may be considered illegal if executed on assets not owned by you.
Proceed with extreme caution and full awareness of the potential legal consequences. Any personal risks arising from these actions are solely your responsibility, and you should manage them accordingly.
Mapping the Internet
As you may know, cameras are embedded systems categorized under the Internet of Things (IoT), operating with microprocessors.
To pinpoint potential targets, we can leverage the Shodan search engine, which proves to be a powerful ally in our quest.
Shodan indexes a vast range of devices, including routers, IP cameras, servers, and virtually any IoT-connected device. It serves as an invaluable tool for mapping the internet and identifying our targets.
To Learn How to Use Shodan [Click Here]
Shodan
With a quick Google search, you can easily find the Shodan dork for Hikvision cameras. If you already have it handy, you can immediately open a terminal and execute Shodan with the API Key and query term.
This will allow you to download the results in JSON format and scrape the potential vulnerable targets. The syntax for the command is as follows:
shodan download <OutputFileName> <query>
Replace <OutputFileName> with the desired name for the output file and <query> with the Shodan dork for Hikvision cameras.
The “Total number of results” stands at 860 after filtering by a specific country, significantly reducing the search results.
Now, we’ll utilize the “parse” parameter to extract information from compressed JSON files, focusing on the IP address, and redirect the output to a new file. The syntax for this command is as follows:
shodan parse --fields ip_str <JSON-File.json.gz> > OutputFile.txt
As evident, we now have 835 results available for further examination. Initially, there were 860 results, but some of them were running different software, resulting in false positives.
Identifying Vulnerable Targets
Now, we need a tool capable of automatically scanning all 835 targets and executing specific script instructions to assess vulnerability to CVE-2017–7921. To accomplish this task, we'll employ the widely recognized scanner, "Nmap".
Nmap
Note: Nmap is widely recognized and has even been featured in various Hollywood movies, including:
- The Matrix Reloaded (2003)
- Live Free or Die Hard (2007)
- The Bourne Ultimatum (2007)
- Die Hard 4.0 (2007)
- The Girl with the Dragon Tattoo (2011)
- Elysium (2013)
- Ghost in the Shell (2017)
Advertisement
For pinpointing vulnerable cameras, I'll utilize a Lua script developed by Tomas Savenas with Nmap, helping me compile my whitelist. Below is the syntax:
nmap -Pn -n -p80 --script <"YourLuaScript('NSE')"> -iL <HikvisionIPList>
Replace <YourLuaScript('NSE')> with the name of your Lua script, and <HikvisionIPList> with the file containing the list of Hikvision IP addresses.
I’ve discovered numerous devices affected by this significant flaw. Regrettably, many individuals are unaware of the potential consequences for their devices.
There’s a Metasploit module available to exploit this vulnerability, named “gather/hikvision_info_disclosure_cve_2017_7921”.
Real Time Streaming Protocol (RTSP)
To access the live streaming, I’ll utilize ffmpeg, a suite of libraries and programs designed to handle video, audio, and other media files. Here’s the syntax:
ffplay -i <rtsp://user:password@IP>
Replace <rtsp://user:password@IP> with the RTSP URL of the camera, including the username, password, and IP address.
Conclusion
As you can see, in the digital realm, nothing is entirely secure. With the proliferation of IoT devices, new technologies, and interconnected devices, there’s a growing concern about security vulnerabilities.
Thank you very much for reaching out, and I hope you have a wonderful day too! If you ever need assistance again, feel free to ask.