-
August 10th, 2005, 06:51 PM
#1
Brute Force Telnet of Wireless Camera
Hey Guys,
I own a Linksys WVC54G wireless internet camera. I noticed while portscanning it one day that the telnet port was open, and much to my suprise (or maybe not sice the portscan said the port was open), I was greeted with a telnet banner and the kernel version of the camera.
From what I can tell Linksys does not give out the password to these things, and it is not the same as the web interface for the camera, and I have tried the root:root type deals. Is there any good way to bruteforce this lil SOB?
I am curious as to what the os will let you do on the camera, and I would liek to find a way to stream its video without using active x. but thats another story....thanks!
kr5kernel
(kr5kernel at hotmail dot com)
Linux: Making Penguins Cool Since 1994.
-
August 10th, 2005, 06:57 PM
#2
Try the default cisco telnet password
Username cisco
default password is not enabled
09:F9:11:02:9D:74:E3:5B 8:41:56:C5:63:56:88:C0
-
August 10th, 2005, 07:01 PM
#3
Linux 2.4.19-uc1 (libcam) (ttyp0)
libcam login: cisco
Password:
Login incorrect
Thats a negative...im on supprt with linksys now, maybe they can tell me.
kr5kernel
(kr5kernel at hotmail dot com)
Linux: Making Penguins Cool Since 1994.
-
August 10th, 2005, 07:08 PM
#4
Junior Member
That could take a while, you could also download the source could and see if you could find anything interesting.
http://www.linksys.com/servlet/Satel...VisitorWrapper
Try a linux pen-testing live cd for telnet brute forcing tools, ones that come to mind are (WHAX, Auditor, and Knoppix STD)
See here for full list: http://www.frozentech.com/content/li...ity&sort=&sm=1
Edit: Oops, I though you gave the user and pass already. I should read before editing.
-
August 10th, 2005, 07:17 PM
#5
ya this is taking a while:
Jerome C(12430): It will be the password you assigned the camera. You wanted to access it remotely right?
You: its not the same as the web interface password though
You: im talking about telneting to the camera
Jerome C(12430): Where did you see that option?
You: its not an option, if you do telnet you get this:
You: Linux 2.4.19-uc1 (libcam)
You: libcam login:
Jerome C(12430): It is basically Linux operating system that you are using?
You: no, i am telneting to the webcam
<sigh>
I have hydra, but I couldnt seem to get it to brute force it, it said it found one good set: root:root, but when i try that it wont let me log in.
kr5kernel
(kr5kernel at hotmail dot com)
Linux: Making Penguins Cool Since 1994.
-
August 10th, 2005, 07:28 PM
#6
funny...if some new guy popped on and asked how to brute force a telnet connection he would be negged to death. then again...no one really gave this guy any incredibly useful information.
-
August 10th, 2005, 07:29 PM
#7
Wednesdays with Jerome
Jerome C(12430): Actually that service has not been tried. You may get that prompt but it is not possible that it will work. And we'll not know how will the device behave. Because we are not told yet that you can use the telnet service with the camera.
You: ok...
You: so your saying that you put a telnet server on it, but you won't let me use it
Jerome C(12430): Is it on the documentation the there is an option for that service?
You: not that i have seen...but i will double check
You: there is no option for telnet in the web interface, but it still exists
Jerome C(12430): Ok. Because we're not told that there is a feature on the camera about that.
You: feature or not, its there
You: i guess i will download the source code and pick through that to see if there is anything about it in there.
Jerome C(12430): Ok. Because we cant support you on that because we are not been told yet that the feature or the service that you saw is a part or a feature on the camera that can be used.
You: but its there, obviously it can be used, or else it would have been disabled
Jerome C(12430): I agree but we havent tested it yet. So we dont have any idea why that feature or option is there.
You: If it wasnt tested it shouldn't been enabled in a development product....
You: but anyways, thanks for your help, I will keep a lookout for firmware upgrades for the camera
kr5kernel
(kr5kernel at hotmail dot com)
Linux: Making Penguins Cool Since 1994.
-
August 10th, 2005, 07:30 PM
#8
I think no one negged me because maybe they could see the curiosity aspect of checking out the os of a camera....maybe the thread was just overlooked....
what other option do I have if Linksys won't give it up? Forget about it? I can't, its an open telnet port on my network, I wanna check it out...
kr5kernel
(kr5kernel at hotmail dot com)
Linux: Making Penguins Cool Since 1994.
-
August 10th, 2005, 07:44 PM
#9
I didnt say you shouldnt be looking into it, I was just point out how harshly we (yes my self included) react to questions reguarding breaking into things, but only when they are from new members. For all we know this is just an attempt to learn to brute force a telnet connection, just becasue you say its for a camera means nothing. I think so far your best option is to look at the firmware for it, if you dont want the telnet connection available, modify the firmware so its not. Or look at how the firmware is updated, maybe that will give you a clue, there must be another open port on that thing if data is comming to and from it.
what other option do I have if Linksys won't give it up? Forget about it? I can't, its an open telnet port on my network, I wanna check it out...
well you could put up a physical firewall at the entry point to your network, you could block telnet ports on your router/switch you could contact linksys about it (althought it probably wont help), you could get a different camera without the open port, etc...
-
August 10th, 2005, 07:57 PM
#10
well here's the server your camera is running
.\" @(#)telnetd.8 8.4 (Berkeley) 6/1/94
Strange you can't use anonymous
09:F9:11:02:9D:74:E3:5B 8:41:56:C5:63:56:88:C0
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|