A detailed guide to hacking surveillance cameras. How to hack the security camera?

A detailed guide to hacking surveillance cameras. How to hack the security camera?

To date, more than a million IP cameras and IP NVRs from different manufacturers allow users to remotely access their settings without any authorization.

Remote access web cameras and surveillance cameras — the best practice of hacking. She sometimes does not require special. software, allowing you to get by with just a browser and some simple manipulations. Thousands of digital eyes around the world will be available, if you know how to find their IP addresses and vulnerabilities.

Video surveillance is used primarily for protection, and therefore do not expect the fun pictures from the first hacked camera. Maybe you will be lucky enough to quickly find an HD stream of the elite brothel, but more often you will come across the boring types on a deserted warehouses and Parking at VGA resolution.

It should be noted that it is illegal and the article is written for informational purposes to the owners of video surveillance systems knew about the danger.

A bit of theory, then practice….

Almost all modern digital IP surveillance camera built on the linux operating system, which greatly curtailed and has only the most necessary for work. By itself, linux is free, very reliable and resistant to external influences and hacks, so the manufacturer and is building on its base DVRs, video servers, surveillance cameras, NAS and other smart gadgets. By “hacking cameras” will understand gain access with administrator privileges.

IP camera and web camera are often confused, although it is a fundamentally different device. Network camera, or IP camera, is a self — contained monitoring tool. It is managed through a web interface and independently transmits a video stream over the network. In fact, it is a microcomputer with its OS on Linux. Ethernet network interface (RJ-45) or Wi-Fi allows you to connect directly to the IP camera. Earlier it was used by a proprietary client application, but most modern cameras are controlled via a browser from any device — even a computer, though smartphone. Generally, IP cameras are on constantly and available remotely. This is what hackers use.

And now for the breaking of cameras

Before we start, we need to prepare your database software, with which we will deal.

The list of required SOFTWARE, the download link:

1. KPortScan (the password for the archive: lamerland ) {Antivirus can swear}

2. The client iVMS-4200

3. Yoba parser

Let’s start:

So, first we need the ip ranges we need in the city. Go to the site https://4it.me/getlistip you enter the name of the city.

Then, get a large list of IP ranges

Copy it(for speed, you can fragment), run KPortScan and put our bands in the left column. You also need to expose port 8000, and then press the “Start”:

Wait until a decent number of “hoods”:

After the scan completes, open the folder with the program lyricist “results.txt”.

And copied all IP addresses.

Open the folder with the program Yoba Parser.

From the folder with the program open lyricist ip.txt and insert here all our IP.

Run the program — It is not a interface, so just need to wait until it closes:

After completing the program open text document “out.txt” and see our results!

The IP address of the camera (1)

Login from the camera (2)

The password from the camera (3)

Run the program iVMS-4200:

• Click Device Management

• Click “Add”

• In the field “Nickname” enter any name

• In the field “Adress” -enter the IP address of the camera

• In the field “Login” — enter Username of the camera (admin)

• In the field “Password” — enter Papal camera (12345)

• And click “Add”:

Method using of Dorcas in Shodan

By the way, there is another way to check the web cameras. Through all our favorite Shodan.

We will do a search on the query:

realm="GoAhead", domain=":81"

(port you can select 81,8080).

Copy the IP address specifying the port, insert it in a new tab.And attributed to the following:


Get something like this:

After that you had to kachatsya the file system.ini it should open. Among the unnecessary characters here contains the username and password from the camera.

If suddenly the file isn’t downloaded, go to another IP. Then, go on same IP with port, it should come out a window of authorization
Put in the username/password from the file system.ini, trying the options.

You can enter as through a browser or through client iVMS 4200.

Often the manufacturer leaves out the IOS camera service entrance to service centers. It remains open even after the owner of the camera changed the default password. In the manual it will not read it, but to find the thematic forums.

A huge problem is that many cameras use the same web server GoAhead. It has a few known vulnerabilitiesthat camera makers are in no hurry to patch.

GoAhead, in particular, is vulnerable to a stack overflow that can be invoked by a simple HTTP GET request. The situation is complicated by the fact that Chinese manufacturers modify the GoAhead in their firmware, adding new holes.

Cameras of medium and high class equipped with swivel mounts. Cracking such you can change the view and a look around. Especially it is entertaining to play tug of camera when, in addition, it simultaneously tries to control someone else. In the General case, the attacker gains full control of camera directly from your browser, just turning to the right address.

Hack the security camera through brute attack

Imagine that video camera uses a password based on a word found in the dictionary, such as “God, home, secret,” etc.

Can someone hack the security camera, just trying different passwords until you find the right one. This is what works.

Okay, now you think that this method is slow and difficult, since it is difficult to type any word available in the dictionary, just to try to find something that will work for logging in to the surveillance camera, right?

Well, if you give this task to software that can check hundreds or thousands of passwords a minute, you will have more chances of success.

Look at the diagram below to understand how this technique works.

You can use Hydra for Linux or Windows, and you just need to have a password file with the words that you want to use, and execute the command

hydra-s 88 -l admin -P /root/desktop/pass.txt -e ns <IP-адрес камеры>

See below for the syntax

-s 88 — the port number on the IP camera

-l admin — login default to be used (admin)

-P /root/desktop/pass.txt file list of passwords

-e — blank password

ns — try the username and blank password

The software starts up and begins to try different words that it receives from a. txt file, and keep doing this up to coincidence. If the CCTV camera allows for such a quick attempt, it’s only a matter of time before software will find the correct password.

Modern IP surveillance cameras do not allow this kind of brute-force attacks, because they are blocked for some time after too many login attempts the system.

Final words

There are various ways of hacking the cameras, and they all include at least some basic skills of the attacker, which should be able at least a little to understand the Internet and how to use a computer and software.

Remember that any IP device connected to the Internet, is under threat, and there is no guarantee that it is 100% and can not be hacked by anyone. The idea of this article is to help people understand how to hack a CCTV camera and how to minimize the chances of the attacker.


0 0 vote
Article Rating
Notify of
Inline Feedbacks
View all comments

Do NOT follow this link or you will be banned from the site!
Would love your thoughts, please comment.x

Spelling error report

The following text will be sent to our editors: