Hacking an IP security camera in a Bus for live streaming the video!

In this writeup let’s learn how to hack the security camera in a bus or anywhere around you using RTSP Protocol

Okay, Long story short There is a security camera that is installed in my college bus which caught my eyes and started thinking that what’s the actual purpose of that camera like can we stream it?…

Actual representation of camera

then I discovered a Password Protected wifi Access Point named as “camera_72ee” and I confirmed that this AP belongs to that camera, since I don’t have any wifi adapter for wifi hacking or even my laptop with me, I started manually googling for the default password for this type of cameras but nothing works, after seeing the back side of the camera, found the manufacturer’s name since it is an local manufacturer in India who don’t even have a website so there’s is no use in search in the internet for the default password…

so I started manually entering some common passwords, and one specific password works! that is “1234567890”. very strong password xD.

password

Well, Gained access to the camera network and the gateway IP is the 192.168.10.1 is the IP of the camera. without wasting time Istarted Nmap scan in termux and discovered some interesting open ports like

  1. HTTP(80)
  2. RTSP(554)
  3. ospf-lite(8899)

I tried accessing the HTTP in 192.168.10.1 and there is a login page with Title “NetSurvillanceWeb”, as always the default user is admin but the question is what’s the password❓

Hmm…trying to figure out the password days passed. but one day I asked myself why password is compulsary? what if there is no password? so i entered the user admin and no password…Boom! logged in.

In the excitement I tried accessing the video, but unfortunately some error shows up like “Plugin support for video is missing”. sadly the web method didn’t work :( wait there’s another way, you remember the Port scan right? there’s a specific port named RTSP with Port number 554 let’s enumerate that…

upto this point I don’t know just a single thing about RTSP With just one google search away get to know that RTSP is a steraming service, i.e.Real Time Streaming Protocol(RTSP) is a Streaming Protocol service which streams multimedia data over network. It pretty much work like HTTP Protocol. More about RTSP Here.

Another interesting thing is that we can actually stream via RTSP protocol using VLC media player so tried streaming with the IP in my smartphone’s VLC player but nothing works.

After sometimes I get to know about the Nmap’s script for RTSP the rtsp-methods and rtps-url-brute so i used that in my scan, the scan syntax goes like this:

nmap -sV — script=”rtsp-*” -A 192.168.10.1

And guess what?… the scan spits all the accessible URLs in RTSP, but there’s hell lot of this like nearly 30–50 URLs I barely have any patients to go through each of this URLs manually, I tried first few URLs but nothing streams the video With the frustration I jumped to the last URL which is pretty intresting:

rtsp:192.168.10.1/user=admin_password=tlJwpbo6_channel=1_steram=0.sdp?real_stream

See the URL contains user name and password…so I tried this in VLC and voilà! the URL works.

Now I can Successfully Live Stream the video from the camera to my smartphone.

After starring at the stream for an hour I get bored and started doing my daily routine XD.

But it was not funny at all after an hour :(

few days after I noticed a sim card and amemory card inside the camera! hmm…interesting I’m still trying to understand whether it’s for streaming the video to the internet like can we access it remotely so that it will be more fun to do that XD. If any thing happened like that I’ll post another story for that so follow me for more dumb stories.

This is the end of the story after all everything is just for fun and curiosity. see you in next story bye…

cheems meme

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store