"Hack" eBay camera to get access to videostream?

munkiepus
Posts: 3
Joined: Tuesday 13 June 2017 13:16
Target OS: OS X
Domoticz version:
Contact:

Re: "Hack" eBay camera to get access to videostream?

Post by munkiepus » Wednesday 28 June 2017 18:36

good work, i actually have ipcam viewer pro for Android on my phone will give it a shot, cheers

munkiepus
Posts: 3
Joined: Tuesday 13 June 2017 13:16
Target OS: OS X
Domoticz version:
Contact:

Re: "Hack" eBay camera to get access to videostream?

Post by munkiepus » Wednesday 05 July 2017 20:05

using IPcam viewer and ARC welder, a deskop emulator for android/chrome, i managed to get it running on desktop too. :D

https://developer.chrome.com/apps/getstarted_arc

SA007
Posts: 1
Joined: Sunday 10 December 2017 13:32
Target OS: -
Domoticz version:
Contact:

Re: "Hack" eBay camera to get access to videostream?

Post by SA007 » Sunday 10 December 2017 13:38

I found this topic via google while searching for the password, found that nobody has it so i started hacking it.

Found the telnet password:
Username: root
Password: noty

Found it by hacking into the camera via a path traversal exploit in the web server and running the password hash trough john the ripper.

Some more info so more people find this when searching for it:
passwd:

Code: Select all

root:$6$msTRRedr$e7Fw3JVflNlRZrIbR1f0qlKLpDnbvd4OuyEJEKBIYs04vylb9IrSKUO4Ldg56tdR1Qk5YPUeV/8PjFLiUFRVM1:0:0::/root:/bin/sh
telnet prompt + login:

Code: Select all

# telnet 192.168.x.x
Trying 192.168.x.x...
Connected to 192.168.x.x.
Escape character is '^]'.
IPC365 login: root
Password: 
login: can't chdir to home directory '/root'
Welcome to

    _____    __      ___       __     ___       _     _    _
   |  ___|  /  \    / __ \    /  \   |  _ \    /  \   \ \ / /
   | |___  / /\ \  | /__\ \  / /\ \  | | \ |  / /\ \   \ V /
   |  ___|| |__| | |  _   / | |__| | | | | | | |__| |   \ /
   | |    |  __  | | |  \ \ |  __  | | |_/ / |  __  |   | |
   |_|    |_|  |_| |_|   \_\|_|  |_| |___ /  |_|  |_|   |_|

For further information check:
http://www.faraday.com/



BusyBox v1.19.4 (2014-12-19 12:49:44 CST) built-in shell (ash)
Enter 'help' for a list of built-in commands.

[root@GM]#

burton666
Posts: 106
Joined: Monday 17 August 2015 21:25
Target OS: Raspberry Pi
Domoticz version:
Contact:

Re: "Hack" eBay camera to get access to videostream?

Post by burton666 » Monday 11 December 2017 0:08

Great, maybe this cameramodel could be useful anyway. I am just hoping that someone is able to enable rtsp or similar. And I guess it would be good to be able to disable all default Chinese "Spyware" that always seams to be present on this kind of devices.

Slowfoxtrot
Posts: 2
Joined: Tuesday 20 March 2018 18:49
Target OS: OS X
Domoticz version:
Contact:

Re: "Hack" eBay camera to get access to videostream?

Post by Slowfoxtrot » Tuesday 20 March 2018 18:51

What I really need is to change the default username and/or password. There is no way I'm going to expose port 34567 to my WAN with the default admin:123456 still set. How can I change it? I've tried using the CMS and I cannot delete or modify either the admin or guest accounts. I'm guessing I could probably do something via the telnet login but I don't really know where to go.

Thanks!

Slowfoxtrot
Posts: 2
Joined: Tuesday 20 March 2018 18:49
Target OS: OS X
Domoticz version:
Contact:

Re: "Hack" eBay camera to get access to videostream?

Post by Slowfoxtrot » Tuesday 20 March 2018 18:55

Also, I'm trying to figure out what kind of video stream is coming down on port 34567. I can't imagine it would be of a type that VLC couldn't handle. If we could figure out what the endpoints are and the stream type I imagine we could get VLC handling it. What are these iOS apps doing under the hood to show the stream?

Post Reply

Who is online

Users browsing this forum: No registered users and 5 guests