Archive | 2020

Cameradar – Hack RTSP Video Surveillance CCTV Cameras

Last updated: January 29, 2020 | 105 views 0

Cameradar is a Go-based tool to hack RTSP Video Surveillance CCTV Cameras, it can detect open RTSP hosts, detect device models and launch automated attacks.

Cameradar - Hack RTSP Video Surveillance CCTV Cameras

The main features of Cameradar are:

Detect open RTSP hosts on any accessible target host
Detect which device model is streaming
Launch automated dictionary attacks to get their stream route (e.g.: /live.sdp)
Launch automated dictionary attacks to get the username and password of the cameras
Retrieve a complete and user-friendly report of the results

Using Cameradar to Hack RTSP Video Cameras

"-t, --targets": Set target. Required. Target can be a file (see instructions on how to format the file), an IP, an IP range, a subnetwork, or a combination of those. Example: --targets="192.168.1.72,192.168.1.74"
"-p, --ports": (Default: 554,5554,8554) Set custom ports.
"-s, --scan-speed": (Default: 4) Set custom nmap discovery presets to improve speed or accuracy. It's recommended to lower it if you are attempting to scan an unstable and slow network, or to increase it if on a very performant and reliable network. You might also want to keep it low to keep your discovery stealthy. See this for more info on the nmap timing templates.
"-I, --attack-interval": (Default: 0ms) Set custom interval after which an attack attempt without an answer should give up. It's recommended to increase it when attempting to scan unstable and slow networks or to decrease it on fast and reliable networks.
"-T, --timeout": (Default: 2000ms) Set custom timeout value after which an attack attempt without an answer should give up. It's recommended to increase it when attempting to scan unstable and slow networks or to decrease it on fast and reliable networks.
"-r, --custom-routes": (Default: <CAMERADAR_GOPATH>/dictionaries/routes) Set custom dictionary path for routes
"-c, --custom-credentials": (Default: <CAMERADAR_GOPATH>/dictionaries/credentials.json) Set custom dictionary path for credentials
"-o, --nmap-output": (Default: /tmp/cameradar_scan.xml) Set custom nmap output path
"-d, --debug": Enable debug logs
"-v, --verbose": Enable verbose curl logs (not recommended for most use)
"-h": Display the usage information

"-t, --targets": Set target. Required. Target can be a file (see instructions on how to format the file), an IP, an IP range, a subnetwork, or a combination of those. Example: --targets="192.168.1.72,192.168.1.74"

"-p, --ports": (Default: 554,5554,8554) Set custom ports.

"-s, --scan-speed": (Default: 4) Set custom nmap discovery presets to improve speed or accuracy. It's recommended to lower it if you are attempting to scan an unstable and slow network, or to increase it if on a very performant and reliable network. You might also want to keep it low to keep your discovery stealthy. See this for more info on the nmap timing templates.

"-I, --attack-interval": (Default: 0ms) Set custom interval after which an attack attempt without an answer should give up. It's recommended to increase it when attempting to scan unstable and slow networks or to decrease it on fast and reliable networks.

"-T, --timeout": (Default: 2000ms) Set custom timeout value after which an attack attempt without an answer should give up. It's recommended to increase it when attempting to scan unstable and slow networks or to decrease it on fast and reliable networks.

"-r, --custom-routes": (Default: <CAMERADAR_GOPATH>/dictionaries/routes) Set custom dictionary path for routes

"-c, --custom-credentials": (Default: <CAMERADAR_GOPATH>/dictionaries/credentials.json) Set custom dictionary path for credentials

"-o, --nmap-output": (Default: /tmp/cameradar_scan.xml) Set custom nmap output path

"-d, --debug": Enable debug logs

"-v, --verbose": Enable verbose curl logs (not recommended for most use)

"-h": Display the usage information

Examples to Hack RTSP Camera

Running cameradar on your own machine to scan for default ports

docker run --net=host -t ullaakut/cameradar -t localhost

1	docker run --net=host -t ullaakut/cameradar -t localhost

Running cameradar with an input file, logs enabled on port 8554

docker run -v /tmp:/tmp --net=host -t ullaakut/cameradar -t /tmp/test.txt -p 8554

1	docker run -v /tmp:/tmp --net=host -t ullaakut/cameradar -t /tmp/test.txt -p 8554

Running cameradar on a subnetwork with custom dictionaries, on ports 554, 5554 and 8554

docker run -v /tmp:/tmp --net=host -t ullaakut/cameradar -t 192.168.0.0/24 --custom-credentials="/tmp/dictionaries/credentials.json" --custom-routes="/tmp/dictionaries/routes" -p 554,5554,8554

1	docker run -v /tmp:/tmp --net=host -t ullaakut/cameradar -t 192.168.0.0/24 --custom-credentials="/tmp/dictionaries/credentials.json" --custom-routes="/tmp/dictionaries/routes" -p 554,5554,8554

You can download Cameradar here:

cameradar-v4.1.3.zip

Or read more here.

Posted in: Hacking Tools

Topic: Hacking Tools

Latest Posts:

Cameradar – Hack RTSP Video Surveillance CCTV Cameras
Cameradar is a Go-based tool to hack RTSP Video Surveillance CCTV Cameras, it can detect open RTSP hosts, detect device models and launch automated attacks.

January 29, 2020 - 5 Shares

dSploit APK Download – Hacking & Security Toolkit For Android
dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities.

January 15, 2020 - 145 Shares

Scallion – GPU Based Onion Hash Generator
Scallion is a GPU-driven Onion Hash Generator written in C#, it lets you create vanity GPG keys and .onion addresses (for Tor's hidden services).

January 10, 2020 - 217 Shares

WiFi-Dumper – Dump WiFi Profiles and Cleartext Passwords
WiFi-Dumper is an open-source Python-based tool to dump WiFi profiles and cleartext passwords of the connected access points on a Windows machine.

December 19, 2019 - 307 Shares

truffleHog – Search Git for High Entropy Strings with Commit History
truffleHog is a Python-based tool to search Git for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.

December 2, 2019 - 173 Shares

AIEngine – AI-driven Network Intrusion Detection System
AIEngine is a next-generation interactive/programmable Python/Ruby/Java/Lua and Go AI-driven Network Intrusion Detection System engine with many capabilities.

November 25, 2019 - 145 Shares

dSploit APK Download – Hacking & Security Toolkit For Android

Last updated: January 15, 2020 | 5,202 views 1

dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities. It aims to offer to IT security experts the most complete and advanced professional toolkit to perform network security assessments on a mobile device.

Once dSploit is started, you will be able to easily map your network, fingerprint alive hosts operating systems and running services, search for known vulnerabilities, crack logon procedures of many TCP protocols, perform man in the middle (MiTM) attacks such as password sniffing (with common protocols dissection), real-time traffic manipulation and more.

Features from dSploit APK Download Hacking Toolkit for Android

Features available on dSploit to hack using an Android phone:

WiFi Cracking – The WiFi scanner will show in green access points with known default key generation algorithms, clicking on them allows you to easily crack the key
RouterPWN – Launch the http://routerpwn.com/ service to pwn your router.
Trace – Perform a traceroute on the target.
Port Scanner – A syn port scanner to find quickly open ports on a single target.
Inspector – Performs target operating system and services deep detection, slower than syn port scanner but more accurate.
Vulnerability Finder – Search for known vulnerabilities for target running services upon the National Vulnerability Database.
Login Cracker – A very fast network logon cracker which supports many different services.
Packet Forger – Craft and send a custom TCP or UDP packet to the target, such as Wake On LAN packets.
MITM – A set of Man-in-the-Middle (MitM) tools to command & conquer the whole network.
Simple Sniff – Redirect target’s traffic through this device and show some stats while dumping it to a pcap file.
Password Sniffer – Sniff passwords of many protocols such as HTTP, FTP, IMAP, IMAPS, IRC, MSN, etc from the target.
Session Hijacker – Listen for cookies on the network and hijack sessions.
Kill Connections – Kills connections preventing the target to reach any website or server.
Redirect – Redirect all the HTTP traffic to another address.
Replace Images – Replace all images on webpages with the specified one.
Replace Videos – Replace all youtube videos on webpages with the specified one.
Script Injection – Inject a javascript in every visited webpage.
Custom Filter – Replace custom text on webpages with the specified one.

Requirements for dSploit APK Download To Work

For dSploit to work correctly you need:

– An ARM CPU
– Gingerbread Android (at least Android 2.3)
– Root
– A full install of BusyBox (every utility, not a partial install)

You can download dSploit here:

Source: dsploit-master.zip
APK: dsploit_1.0.31b.zip

Password for the APK .zip file is darknet123.

Or read more here.

Posted in: Hacking Tools

Topic: Hacking Tools

Latest Posts:

January 29, 2020 - 5 Shares

dSploit APK Download – Hacking & Security Toolkit For Android
dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities.

January 15, 2020 - 145 Shares

Scallion – GPU Based Onion Hash Generator
Scallion is a GPU-driven Onion Hash Generator written in C#, it lets you create vanity GPG keys and .onion addresses (for Tor's hidden services).

January 10, 2020 - 217 Shares

December 19, 2019 - 307 Shares

December 2, 2019 - 173 Shares

November 25, 2019 - 145 Shares

Scallion – GPU Based Onion Hash Generator

Last updated: January 10, 2020 | 1,326 views 0

Scallion is a GPU-driven Onion Hash Generator written in C#, it lets you create vanity GPG keys and .onion addresses (for Tor’s hidden services) using OpenCL.

Scallion runs on Mono (tested in Arch Linux) and .NET 3.5+ (tested on Windows 7 and Server 2008)

Scallion was used to find collisions for every 32bit key id in the Web of Trust’s strong set demonstrating how insecure 32bit key ids are.

At a high level Scallion works as follows:

Generate RSA key using OpenSSL on the CPU
Send the key to the GPU
Increase the key’s public exponent
Hash the key
If the hashed key is not a partial collision go to step 3
If the key does not pass the sanity checks recommended by PKCS #1 v2.1 (checked on the CPU) go to step 3
Brand new key with partial collision!

The basic algorithm is described above. Speed/performance is the result of massive parallelization, both on the GPU and the CPU.

Dependencies for Onion Hash Generator

To run Scallion successfully you need:

OpenCL and relevant drivers installed and configured. Refer to your distribution’s documentation.
OpenSSL. For Windows, the prebuilt x86 DLLs are included
On windows only, VC++ Redistributable 2008

Scallion runs on Mono (tested in Arch Linux) and .NET 3.5+ (tested on Windows 7 and Server 2008).

Scallion Usage Onion Hash Generator

$ mono scallion/bin/Debug/scallion.exe -d 0 prefix
Cooking up some delicious scallions...
Using kernel optimized from file kernel.cl (Optimized4)
Using work group size 128
Compiling kernel... done.
Testing SHA1 hash...
CPU SHA-1: d3486ae9136e7856bc42212385ea797094475802
GPU SHA-1: d3486ae9136e7856bc42212385ea797094475802
Looks good!
LoopIteration:40  HashCount:671.09MH  Speed:9.5MH/s  Runtime:00:01:10  Predicted:00:00:56  Found new key! Found 1 unique keys.
<XmlMatchOutput>
  <GeneratedDate>2014-08-05T07:14:50.329955Z</GeneratedDate>
  <Hash>prefix64kxpwmzdz.onion</Hash>
  <PrivateKey>-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCmYmTnwGOCpsPOqvs5mZQbIM1TTqOHK1r6zGvpk61ZaT7z2BCE
FPvdTdkZ4tQ3/95ufjhPx7EVDjeJ/JUbT0QAW/YflzUfFJuBli0J2eUJzhhiHpC/
1d3rb6Uhnwvv3xSnfG8m7LeI/Ao3FLtyZFgGZPwsw3BZYyJn3sD1mJIJrQIEB/ZP
ZwKBgCTUQTR4zcz65zSOfo95l3YetVhfmApYcQQd8HTxgTqEsjr00XzW799ioIWt
vaKMCtJlkWLz4N1EqflOH3WnXsEkNA5AVFe1FTirijuaH7e46fuaPJWhaSq1qERT
eQT1jY2jytnsJT0VR7e2F83FKINjLeccnkkiVknsjrOPrzkXAkEA0Ky+vQdEj64e
iP4Rxc1NreB7oKor40+w7XSA0hyLA3JQjaHcseg/bqYxPZ5J4JkCNmjavGdM1v6E
OsVVaMWQ7QJBAMweWSWtLp6rVOvTcjZg+l5+D2NH+KbhHbNLBcSDIvHNmD9RzGM1
Xvt+rR0FA0wUDelcdJt0R29v2t19k2IBA8ECQFMDRoOQ+GBSoDUs7PUWdcXtM7Nt
QW350QEJ1hBJkG2SqyNJuepH4PIktjfytgcwQi9w7iFafyxcAAEYgj4HZw8CQAUI
3xXEA2yZf9/wYax6/Gm67cpKc3sgKVczFxsHhzEml6hi5u0FG7aNs7jQTRMW0aVF
P8Ecx3l7iZ6TeakqGhcCQGdhCaEb7bybAmwQ520omqfHWSte2Wyh+sWZXNy49EBg
d1mBig/w54sOBCUHjfkO9gyiANP/uBbR6k/bnmF4dMc=
-----END RSA PRIVATE KEY-----
</PrivateKey>
  <PublicModulusBytes>pmJk58BjgqbDzqr7OZmUGyDNU06jhyta+sxr6ZOtWWk+89gQhBT73U3ZGeLUN//ebn44T8exFQ43ifyVG09EAFv2H5c1HxSbgZYtCdnlCc4YYh6Qv9Xd62+lIZ8L798Up3xvJuy3iPwKNxS7cmRYBmT8LMNwWWMiZ97A9ZiSCa0=</PublicModulusBytes>
  <PublicExponentBytes>B/ZPZw==</PublicExponentBytes>
</XmlMatchOutput>
init: 491ms / 1 (491ms, 2.04/s)
generate key: 1193ms / 6 (198.83ms, 5.03/s)
cpu precompute: 10ms / 6 (1.67ms, 600/s)
total without init: 70640ms / 1 (70640ms, 0.01/s)
set buffers: 0ms / 40 (0ms, 0/s)
write buffers: 3ms / 40 (0.08ms, 13333.33/s)
read results: 67442ms / 40 (1686.05ms, 0.59/s)
check results: 185ms / 40 (4.63ms, 216.22/s)

9.50 million hashes per second

Stopping the GPU and shutting down...

$ mono scallion/bin/Debug/scallion.exe -d 0 prefix

Cooking up some delicious scallions...

Using kernel optimized from file kernel.cl (Optimized4)

Using work group size 128

Compiling kernel... done.

Testing SHA1 hash...

CPU SHA-1: d3486ae9136e7856bc42212385ea797094475802

GPU SHA-1: d3486ae9136e7856bc42212385ea797094475802

Looks good!

LoopIteration:40 HashCount:671.09MH Speed:9.5MH/s Runtime:00:01:10 Predicted:00:00:56 Found new key! Found 1 unique keys.

<Hash>prefix64kxpwmzdz.onion</Hash>

<PrivateKey>-----BEGIN RSA PRIVATE KEY-----

MIICXAIBAAKBgQCmYmTnwGOCpsPOqvs5mZQbIM1TTqOHK1r6zGvpk61ZaT7z2BCE

FPvdTdkZ4tQ3/95ufjhPx7EVDjeJ/JUbT0QAW/YflzUfFJuBli0J2eUJzhhiHpC/

1d3rb6Uhnwvv3xSnfG8m7LeI/Ao3FLtyZFgGZPwsw3BZYyJn3sD1mJIJrQIEB/ZP

ZwKBgCTUQTR4zcz65zSOfo95l3YetVhfmApYcQQd8HTxgTqEsjr00XzW799ioIWt

vaKMCtJlkWLz4N1EqflOH3WnXsEkNA5AVFe1FTirijuaH7e46fuaPJWhaSq1qERT

eQT1jY2jytnsJT0VR7e2F83FKINjLeccnkkiVknsjrOPrzkXAkEA0Ky+vQdEj64e

iP4Rxc1NreB7oKor40+w7XSA0hyLA3JQjaHcseg/bqYxPZ5J4JkCNmjavGdM1v6E

OsVVaMWQ7QJBAMweWSWtLp6rVOvTcjZg+l5+D2NH+KbhHbNLBcSDIvHNmD9RzGM1

Xvt+rR0FA0wUDelcdJt0R29v2t19k2IBA8ECQFMDRoOQ+GBSoDUs7PUWdcXtM7Nt

QW350QEJ1hBJkG2SqyNJuepH4PIktjfytgcwQi9w7iFafyxcAAEYgj4HZw8CQAUI

3xXEA2yZf9/wYax6/Gm67cpKc3sgKVczFxsHhzEml6hi5u0FG7aNs7jQTRMW0aVF

P8Ecx3l7iZ6TeakqGhcCQGdhCaEb7bybAmwQ520omqfHWSte2Wyh+sWZXNy49EBg

d1mBig/w54sOBCUHjfkO9gyiANP/uBbR6k/bnmF4dMc=

-----END RSA PRIVATE KEY-----

</PrivateKey>

<PublicModulusBytes>pmJk58BjgqbDzqr7OZmUGyDNU06jhyta+sxr6ZOtWWk+89gQhBT73U3ZGeLUN//ebn44T8exFQ43ifyVG09EAFv2H5c1HxSbgZYtCdnlCc4YYh6Qv9Xd62+lIZ8L798Up3xvJuy3iPwKNxS7cmRYBmT8LMNwWWMiZ97A9ZiSCa0=</PublicModulusBytes>

</XmlMatchOutput>

init: 491ms / 1 (491ms, 2.04/s)

generate key: 1193ms / 6 (198.83ms, 5.03/s)

cpu precompute: 10ms / 6 (1.67ms, 600/s)

total without init: 70640ms / 1 (70640ms, 0.01/s)

set buffers: 0ms / 40 (0ms, 0/s)

write buffers: 3ms / 40 (0.08ms, 13333.33/s)

read results: 67442ms / 40 (1686.05ms, 0.59/s)

check results: 185ms / 40 (4.63ms, 216.22/s)

9.50 million hashes per second

Stopping the GPU and shutting down...

You can download Scallion here:

scallion-gpg.zip

Or read more here.

Posted in: Cryptography

Topic: Cryptography

Latest Posts:

January 29, 2020 - 5 Shares

dSploit APK Download – Hacking & Security Toolkit For Android
dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities.

January 15, 2020 - 145 Shares

Scallion – GPU Based Onion Hash Generator
Scallion is a GPU-driven Onion Hash Generator written in C#, it lets you create vanity GPG keys and .onion addresses (for Tor's hidden services).

January 10, 2020 - 217 Shares

December 19, 2019 - 307 Shares

December 2, 2019 - 173 Shares

November 25, 2019 - 145 Shares

Navigation

Archive | 2020

Using Cameradar to Hack RTSP Video Cameras

Examples to Hack RTSP Camera

Latest Posts:

Features from dSploit APK Download Hacking Toolkit for Android

Requirements for dSploit APK Download To Work

Latest Posts:

Dependencies for Onion Hash Generator

Scallion Usage Onion Hash Generator

Latest Posts: