Brute Force Telnet of Wireless Camera
Page 1 of 5 123 ... LastLast
Results 1 to 10 of 46

Thread: Brute Force Telnet of Wireless Camera

  1. #1
    Senior Member kr5kernel's Avatar
    Join Date
    Mar 2004
    Posts
    347

    Brute Force Telnet of Wireless Camera

    Hey Guys,

    I own a Linksys WVC54G wireless internet camera. I noticed while portscanning it one day that the telnet port was open, and much to my suprise (or maybe not sice the portscan said the port was open), I was greeted with a telnet banner and the kernel version of the camera.

    From what I can tell Linksys does not give out the password to these things, and it is not the same as the web interface for the camera, and I have tried the root:root type deals. Is there any good way to bruteforce this lil SOB?

    I am curious as to what the os will let you do on the camera, and I would liek to find a way to stream its video without using active x. but thats another story....thanks!
    kr5kernel
    (kr5kernel at hotmail dot com)
    Linux: Making Penguins Cool Since 1994.

  2. #2
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,252
    Try the default cisco telnet password

    Username cisco
    default password is not enabled
    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0

  3. #3
    Senior Member kr5kernel's Avatar
    Join Date
    Mar 2004
    Posts
    347
    Linux 2.4.19-uc1 (libcam) (ttyp0)

    libcam login: cisco
    Password:
    Login incorrect


    Thats a negative...im on supprt with linksys now, maybe they can tell me.
    kr5kernel
    (kr5kernel at hotmail dot com)
    Linux: Making Penguins Cool Since 1994.

  4. #4
    Junior Member
    Join Date
    Aug 2003
    Posts
    28
    That could take a while, you could also download the source could and see if you could find anything interesting.

    http://www.linksys.com/servlet/Satel...VisitorWrapper

    Try a linux pen-testing live cd for telnet brute forcing tools, ones that come to mind are (WHAX, Auditor, and Knoppix STD)

    See here for full list: http://www.frozentech.com/content/li...ity&sort=&sm=1

    Edit: Oops, I though you gave the user and pass already. I should read before editing.

  5. #5
    Senior Member kr5kernel's Avatar
    Join Date
    Mar 2004
    Posts
    347
    ya this is taking a while:

    Jerome C(12430): It will be the password you assigned the camera. You wanted to access it remotely right?

    You: its not the same as the web interface password though

    You: im talking about telneting to the camera

    Jerome C(12430): Where did you see that option?

    You: its not an option, if you do telnet you get this:
    You: Linux 2.4.19-uc1 (libcam)
    You: libcam login:

    Jerome C(12430): It is basically Linux operating system that you are using?

    You: no, i am telneting to the webcam


    <sigh>

    I have hydra, but I couldnt seem to get it to brute force it, it said it found one good set: root:root, but when i try that it wont let me log in.
    kr5kernel
    (kr5kernel at hotmail dot com)
    Linux: Making Penguins Cool Since 1994.

  6. #6
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    funny...if some new guy popped on and asked how to brute force a telnet connection he would be negged to death. then again...no one really gave this guy any incredibly useful information.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  7. #7
    Senior Member kr5kernel's Avatar
    Join Date
    Mar 2004
    Posts
    347

    Wednesdays with Jerome

    Jerome C(12430): Actually that service has not been tried. You may get that prompt but it is not possible that it will work. And we'll not know how will the device behave. Because we are not told yet that you can use the telnet service with the camera.

    You: ok...
    You: so your saying that you put a telnet server on it, but you won't let me use it

    Jerome C(12430): Is it on the documentation the there is an option for that service?

    You: not that i have seen...but i will double check
    You: there is no option for telnet in the web interface, but it still exists

    Jerome C(12430): Ok. Because we're not told that there is a feature on the camera about that.
    You: feature or not, its there
    You: i guess i will download the source code and pick through that to see if there is anything about it in there.

    Jerome C(12430): Ok. Because we cant support you on that because we are not been told yet that the feature or the service that you saw is a part or a feature on the camera that can be used.

    You: but its there, obviously it can be used, or else it would have been disabled

    Jerome C(12430): I agree but we havent tested it yet. So we dont have any idea why that feature or option is there.

    You: If it wasnt tested it shouldn't been enabled in a development product....
    You: but anyways, thanks for your help, I will keep a lookout for firmware upgrades for the camera
    kr5kernel
    (kr5kernel at hotmail dot com)
    Linux: Making Penguins Cool Since 1994.

  8. #8
    Senior Member kr5kernel's Avatar
    Join Date
    Mar 2004
    Posts
    347
    I think no one negged me because maybe they could see the curiosity aspect of checking out the os of a camera....maybe the thread was just overlooked....

    what other option do I have if Linksys won't give it up? Forget about it? I can't, its an open telnet port on my network, I wanna check it out...
    kr5kernel
    (kr5kernel at hotmail dot com)
    Linux: Making Penguins Cool Since 1994.

  9. #9
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    I didnt say you shouldnt be looking into it, I was just point out how harshly we (yes my self included) react to questions reguarding breaking into things, but only when they are from new members. For all we know this is just an attempt to learn to brute force a telnet connection, just becasue you say its for a camera means nothing. I think so far your best option is to look at the firmware for it, if you dont want the telnet connection available, modify the firmware so its not. Or look at how the firmware is updated, maybe that will give you a clue, there must be another open port on that thing if data is comming to and from it.

    what other option do I have if Linksys won't give it up? Forget about it? I can't, its an open telnet port on my network, I wanna check it out...
    well you could put up a physical firewall at the entry point to your network, you could block telnet ports on your router/switch you could contact linksys about it (althought it probably wont help), you could get a different camera without the open port, etc...
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  10. #10
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,252
    well here's the server your camera is running

    .\" @(#)telnetd.8 8.4 (Berkeley) 6/1/94

    Strange you can't use anonymous
    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •