Cameradar – Hack RTSP Video Surveillance CCTV Cameras
Cameradar is a Go-based tool to hack RTSP Video Surveillance CCTV Cameras, it can detect open RTSP hosts, detect device models and launch automated attacks.
The main features of Cameradar are:
- Detect open RTSP hosts on any accessible target host
- Detect which device model is streaming
- Launch automated dictionary attacks to get their stream route (e.g.: /live.sdp)
- Launch automated dictionary attacks to get the username and password of the cameras
- Retrieve a complete and user-friendly report of the results
Using Cameradar to Hack RTSP Video Cameras
|
1 2 3 4 5 6 7 8 9 10 11 |
"-t, --targets": Set target. Required. Target can be a file (see instructions on how to format the file), an IP, an IP range, a subnetwork, or a combination of those. Example: --targets="192.168.1.72,192.168.1.74" "-p, --ports": (Default: 554,5554,8554) Set custom ports. "-s, --scan-speed": (Default: 4) Set custom nmap discovery presets to improve speed or accuracy. It's recommended to lower it if you are attempting to scan an unstable and slow network, or to increase it if on a very performant and reliable network. You might also want to keep it low to keep your discovery stealthy. See this for more info on the nmap timing templates. "-I, --attack-interval": (Default: 0ms) Set custom interval after which an attack attempt without an answer should give up. It's recommended to increase it when attempting to scan unstable and slow networks or to decrease it on fast and reliable networks. "-T, --timeout": (Default: 2000ms) Set custom timeout value after which an attack attempt without an answer should give up. It's recommended to increase it when attempting to scan unstable and slow networks or to decrease it on fast and reliable networks. "-r, --custom-routes": (Default: <CAMERADAR_GOPATH>/dictionaries/routes) Set custom dictionary path for routes "-c, --custom-credentials": (Default: <CAMERADAR_GOPATH>/dictionaries/credentials.json) Set custom dictionary path for credentials "-o, --nmap-output": (Default: /tmp/cameradar_scan.xml) Set custom nmap output path "-d, --debug": Enable debug logs "-v, --verbose": Enable verbose curl logs (not recommended for most use) "-h": Display the usage information |
Examples to Hack RTSP Camera
Running cameradar on your own machine to scan for default ports
|
1 |
docker run --net=host -t ullaakut/cameradar -t localhost |
Running cameradar with an input file, logs enabled on port 8554
|
1 |
docker run -v /tmp:/tmp --net=host -t ullaakut/cameradar -t /tmp/test.txt -p 8554 |
Running cameradar on a subnetwork with custom dictionaries, on ports 554, 5554 and 8554
|
1 |
docker run -v /tmp:/tmp --net=host -t ullaakut/cameradar -t 192.168.0.0/24 --custom-credentials="/tmp/dictionaries/credentials.json" --custom-routes="/tmp/dictionaries/routes" -p 554,5554,8554 |
You can download Cameradar here:
Or read more here.
Topic: Hacking Tools
dSploit APK Download – Hacking & Security Toolkit For Android
dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities. It aims to offer to IT security experts the most complete and advanced professional toolkit to perform network security assessments on a mobile device.
Once dSploit is started, you will be able to easily map your network, fingerprint alive hosts operating systems and running services, search for known vulnerabilities, crack logon procedures of many TCP protocols, perform man in the middle (MiTM) attacks such as password sniffing (with common protocols dissection), real-time traffic manipulation and more.
Features from dSploit APK Download Hacking Toolkit for Android
Features available on dSploit to hack using an Android phone:
- WiFi Cracking – The WiFi scanner will show in green access points with known default key generation algorithms, clicking on them allows you to easily crack the key
- RouterPWN – Launch the http://routerpwn.com/ service to pwn your router.
- Trace – Perform a traceroute on the target.
- Port Scanner – A syn port scanner to find quickly open ports on a single target.
- Inspector – Performs target operating system and services deep detection, slower than syn port scanner but more accurate.
- Vulnerability Finder – Search for known vulnerabilities for target running services upon the National Vulnerability Database.
- Login Cracker – A very fast network logon cracker which supports many different services.
- Packet Forger – Craft and send a custom TCP or UDP packet to the target, such as Wake On LAN packets.
- MITM – A set of Man-in-the-Middle (MitM) tools to command & conquer the whole network.
- Simple Sniff – Redirect target’s traffic through this device and show some stats while dumping it to a pcap file.
- Password Sniffer – Sniff passwords of many protocols such as HTTP, FTP, IMAP, IMAPS, IRC, MSN, etc from the target.
- Session Hijacker – Listen for cookies on the network and hijack sessions.
- Kill Connections – Kills connections preventing the target to reach any website or server.
- Redirect – Redirect all the HTTP traffic to another address.
- Replace Images – Replace all images on webpages with the specified one.
- Replace Videos – Replace all youtube videos on webpages with the specified one.
- Script Injection – Inject a javascript in every visited webpage.
- Custom Filter – Replace custom text on webpages with the specified one.
Requirements for dSploit APK Download To Work
For dSploit to work correctly you need:
– An ARM CPU
– Gingerbread Android (at least Android 2.3)
– Root
– A full install of BusyBox (every utility, not a partial install)
You can download dSploit here:
Source: dsploit-master.zip
APK: dsploit_1.0.31b.zip
Password for the APK .zip file is darknet123.
Or read more here.
Topic: Hacking Tools
Scallion – GPU Based Onion Hash Generator
Scallion is a GPU-driven Onion Hash Generator written in C#, it lets you create vanity GPG keys and .onion addresses (for Tor’s hidden services) using OpenCL.
Scallion runs on Mono (tested in Arch Linux) and .NET 3.5+ (tested on Windows 7 and Server 2008)
Scallion was used to find collisions for every 32bit key id in the Web of Trust’s strong set demonstrating how insecure 32bit key ids are.
At a high level Scallion works as follows:
- Generate RSA key using OpenSSL on the CPU
- Send the key to the GPU
- Increase the key’s public exponent
- Hash the key
- If the hashed key is not a partial collision go to step 3
- If the key does not pass the sanity checks recommended by PKCS #1 v2.1 (checked on the CPU) go to step 3
- Brand new key with partial collision!
The basic algorithm is described above. Speed/performance is the result of massive parallelization, both on the GPU and the CPU.
Dependencies for Onion Hash Generator
To run Scallion successfully you need:
- OpenCL and relevant drivers installed and configured. Refer to your distribution’s documentation.
- OpenSSL. For Windows, the prebuilt x86 DLLs are included
- On windows only, VC++ Redistributable 2008
Scallion runs on Mono (tested in Arch Linux) and .NET 3.5+ (tested on Windows 7 and Server 2008).
Scallion Usage Onion Hash Generator
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 |
$ mono scallion/bin/Debug/scallion.exe -d 0 prefix Cooking up some delicious scallions... Using kernel optimized from file kernel.cl (Optimized4) Using work group size 128 Compiling kernel... done. Testing SHA1 hash... CPU SHA-1: d3486ae9136e7856bc42212385ea797094475802 GPU SHA-1: d3486ae9136e7856bc42212385ea797094475802 Looks good! LoopIteration:40 HashCount:671.09MH Speed:9.5MH/s Runtime:00:01:10 Predicted:00:00:56 Found new key! Found 1 unique keys. <XmlMatchOutput> <GeneratedDate>2014-08-05T07:14:50.329955Z</GeneratedDate> <Hash>prefix64kxpwmzdz.onion</Hash> <PrivateKey>-----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQCmYmTnwGOCpsPOqvs5mZQbIM1TTqOHK1r6zGvpk61ZaT7z2BCE FPvdTdkZ4tQ3/95ufjhPx7EVDjeJ/JUbT0QAW/YflzUfFJuBli0J2eUJzhhiHpC/ 1d3rb6Uhnwvv3xSnfG8m7LeI/Ao3FLtyZFgGZPwsw3BZYyJn3sD1mJIJrQIEB/ZP ZwKBgCTUQTR4zcz65zSOfo95l3YetVhfmApYcQQd8HTxgTqEsjr00XzW799ioIWt vaKMCtJlkWLz4N1EqflOH3WnXsEkNA5AVFe1FTirijuaH7e46fuaPJWhaSq1qERT eQT1jY2jytnsJT0VR7e2F83FKINjLeccnkkiVknsjrOPrzkXAkEA0Ky+vQdEj64e iP4Rxc1NreB7oKor40+w7XSA0hyLA3JQjaHcseg/bqYxPZ5J4JkCNmjavGdM1v6E OsVVaMWQ7QJBAMweWSWtLp6rVOvTcjZg+l5+D2NH+KbhHbNLBcSDIvHNmD9RzGM1 Xvt+rR0FA0wUDelcdJt0R29v2t19k2IBA8ECQFMDRoOQ+GBSoDUs7PUWdcXtM7Nt QW350QEJ1hBJkG2SqyNJuepH4PIktjfytgcwQi9w7iFafyxcAAEYgj4HZw8CQAUI 3xXEA2yZf9/wYax6/Gm67cpKc3sgKVczFxsHhzEml6hi5u0FG7aNs7jQTRMW0aVF P8Ecx3l7iZ6TeakqGhcCQGdhCaEb7bybAmwQ520omqfHWSte2Wyh+sWZXNy49EBg d1mBig/w54sOBCUHjfkO9gyiANP/uBbR6k/bnmF4dMc= -----END RSA PRIVATE KEY----- </PrivateKey> <PublicModulusBytes>pmJk58BjgqbDzqr7OZmUGyDNU06jhyta+sxr6ZOtWWk+89gQhBT73U3ZGeLUN//ebn44T8exFQ43ifyVG09EAFv2H5c1HxSbgZYtCdnlCc4YYh6Qv9Xd62+lIZ8L798Up3xvJuy3iPwKNxS7cmRYBmT8LMNwWWMiZ97A9ZiSCa0=</PublicModulusBytes> <PublicExponentBytes>B/ZPZw==</PublicExponentBytes> </XmlMatchOutput> init: 491ms / 1 (491ms, 2.04/s) generate key: 1193ms / 6 (198.83ms, 5.03/s) cpu precompute: 10ms / 6 (1.67ms, 600/s) total without init: 70640ms / 1 (70640ms, 0.01/s) set buffers: 0ms / 40 (0ms, 0/s) write buffers: 3ms / 40 (0.08ms, 13333.33/s) read results: 67442ms / 40 (1686.05ms, 0.59/s) check results: 185ms / 40 (4.63ms, 216.22/s) 9.50 million hashes per second Stopping the GPU and shutting down... |
You can download Scallion here:
Or read more here.
Topic: Cryptography
WiFi-Dumper – Dump WiFi Profiles and Cleartext Passwords
WiFi-Dumper is an open-source Python-based tool to dump WiFi profiles and cleartext passwords of the connected access points on a Windows machine. This tool will help you in a Wifi penetration testing and could also be useful when performing red team assessments or internal infrastructure engagements.
Each option in the tool generates the “.txt” file as an output, if you run the tool multiple times, the output gets appended to the previous results.
Features of WiFi-Dumper – Dump WiFi Profiles and Cleartext Passwords
Option 1:Shows the wireless networks available to the system. If the interface name is given, only the networks on the given interface will be listed. Otherwise, all networks visible to the system will be listed.
Option 2: Shows a list of wireless profiles configured on the system.
Option 3: Shows the allowed and blocked the wireless network list.
Option 4: Shows a list of all the wireless LAN interfaces on the system.
Option 5: Generates a detailed report about each wireless access point profile on the system. Group Policy Profiles are read-only. User Profiles are readable and writeable, and the preference order can be changed.
Option 6: Dumps the cleartext passwords of every wireless profile on the system. Make sure to generate the profile file (by selecting option 2) before running this option. Always run this as an administrator user to see the cleartext password. User needs to provide the individual wireless name by reading the profile names (option 7).
Option 7: It opens the list of wireless profiles on the system using notepad.
Option 8: It saves WLAN profiles to XML files.
Option 9: Exit gracefully.
You can download WiFi-Dumper here:
Or read more here.
Topic: Hacking Tools
truffleHog – Search Git for High Entropy Strings with Commit History
truffleHog is a Python-based tool to search Git for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed. truffleHog previously functioned by running entropy checks on git diffs. This functionality still exists, but high signal regex checks have been added, and the ability to surpress entropy […]
Topic: Hacking Tools
AIEngine – AI-driven Network Intrusion Detection System
AIEngine is a next-generation interactive/programmable Python/Ruby/Java/Lua and Go AI-driven Network Intrusion Detection System engine with capabilities of learning without any human intervention, DNS domain classification, Spam detection, network collector, network forensics and many others. AIEngine also helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so […]
Topic: Security Software