Cameradar v2.1.0 – Hacks Its Way Into RTSP Videosurveillance Cameras

0
54
Cameradar v2.1.0 - Hacks Its Way Into RTSP Videosurveillance Cameras

  

An RTSP stream entry software that comes with its library

Cameradar means that you can

  • Detect open RTSP hosts on any accessible goal host
  • Detect which system mannequin is streaming
  • Launch automated dictionary attacks to get their stream route (e.g.: /dwell.sdp)
  • Launch automated dictionary assaults to get the username and password of the cameras
  • Retrieve a whole and person-pleasant report of the outcomes


Docker Image for Cameradar
Install
docker in your machine, and run the next command:

docker run -t ullaakut/cameradar -t <goal> <different command-line choices>

See command-line options.
e.g.: docker run -t ullaakut/cameradar -t 192.168.100.0/24 -l will scan the ports 554 and 8554 of hosts on the 192.168.100.0/24 subnetwork and assault the found RTSP streams and can output debug logs.

  • YOUR_TARGET is usually a subnet (e.g.: 172.16.100.0/24), an IP (e.g.: 172.16.100.10), or a variety of IPs (e.g.: 172.16.100.10-20).
  • If you need to get the exact outcomes of the nmap scan within the type of an XML file, you possibly can add -v /your/path:/tmp/cameradar_scan.xml to the docker run command, earlier than ullaakut/cameradar.
  • If you employ the -r and -c choices to specify your customized dictionaries, be certain to additionally use a quantity so as to add them to the docker container. Example: docker run -t -v /path/to/dictionaries/:/tmp/ ullaakut/cameradar -r /tmp/myroutes -c /tmp/mycredentials.json -t mytarget

Installing the binary in your machine
Only use this answer if for some purpose utilizing docker will not be an choice for you or if you wish to regionally construct Cameradar in your machine.

Dependencies

Installing dep

  • OSX: brew set up dep and brew improve dep
  • Others: Download the discharge bundle in your OS here

Steps to put in
Make certain you put in the dependencies mentionned above.

  1. go get github.com/Ullaakut/cameradar
  2. cd $GOPATH/src/github.com/Ullaakut/cameradar
  3. dep guarantee
  4. cd cameradar
  5. go set up

The cameradar binary is now in your $GOPATH/bin prepared for use. See command line choices here.

Library

Dependencies of the library

  • curl-dev / libcurl (relying in your OS)
  • nmap
  • github.com/pkg/errors
  • gopkg.in/go-playground/validator.v9
  • github.com/andelf/go-curl

Installing the library
go get github.com/Ullaakut/cameradar
After this command, the cameradar library is able to use. Its supply can be in:

$GOPATH/src/pkg/github.com/Ullaakut/cameradar

You can use go get -u to replace the bundle.
Here is an outline of the uncovered features of this library:

Discovery
You can use the cameradar library for easy discovery functions if you happen to need not entry the cameras however simply to pay attention to their existence.

This describes the nmap time presets. You can cross a worth between 1 and 5 as described on this desk, to the NmapRun perform.
Attack
If you already know which hosts and ports you need to assault, you may as well skip the invention half and use instantly the assault features. The assault features additionally take a timeout worth as a parameter.

Data fashions
Here are the completely different information fashions helpful to make use of the uncovered features of the cameradar library.

Dictionary loaders
The cameradar library additionally offers two features that take file paths as inputs and return the suitable information fashions crammed.

Configuration
The RTSP port used for many cameras is 554, so it’s best to in all probability specify 554 as one of many ports you scan. Not specifying any ports to the cameradar utility will scan the 554 and 8554 ports.
docker run -t --net=host ullaakut/cameradar -p "18554,19000-19010" -t localhost will scan the ports 18554, and the vary of ports between 19000 and 19010 on localhost.
You can use your individual recordsdata for the ids and routes dictionaries used to assault the cameras, however the Cameradar repository already offers you an excellent base that works with most cameras, within the /dictionaries folder.

docker run -t -v /my/folder/with/dictionaries:/tmp/dictionaries 
           ullaakut/cameradar 
           -r "/tmp/dictionaries/my_routes" 
           -c "/tmp/dictionaries/my_credentials.json" 
           -t 172.19.124.0/24

This will put the contents of your folder containing dictionaries within the docker picture and can use it for the dictionary assault as an alternative of the default dictionaries supplied within the cameradar repo.

Check digital camera entry
If you might have VLC Media Player, it’s best to have the ability to use the GUI or the command-line to hook up with the RTSP stream utilizing this format : rtsp://username:[email protected]:port/route
With the above outcome, the RTSP URL could be rtsp://admin:[email protected]:554/dwell.sdp

Command line choices

  • “-t, –target”: Set goal. Required. Target is usually a file (see instructions on how to format the file), an IP, an IP vary, a subnetwork, or a mix of these.
  • “-p, –ports”: (Default: 554,8554) Set customized ports.
  • “-s, –speed”: (Default: 4) Set customized nmap discovery presets to enhance velocity or accuracy. It’s advisable to decrease it in case you are trying to scan an unstable and gradual community, or to extend it if on a really performant and dependable community. See this for more info on the nmap timing templates.
  • “-T, –timeout”: (Default: 2000) Set customized timeout worth in miliseconds after which an assault try with out a solution ought to surrender. It’s advisable to extend it when trying to scan unstable and gradual networks or to lower it on very performant and dependable networks.
  • “-r, –custom-routes”: (Default: <CAMERADAR_GOPATH>/dictionaries/routes) Set customized dictionary path for routes
  • “-c, –custom-credentials”: (Default: <CAMERADAR_GOPATH>/dictionaries/credentials.json) Set customized dictionary path for credentials
  • “-o, –nmap-output”: (Default: /tmp/cameradar_scan.xml) Set customized nmap output path
  • “-l, –log”: Enable debug logs (nmap requests, curl describe requests, and so on.)
  • “-h” : Display the utilization info

Format enter file
The file can include IPs, hostnames, IP ranges and subnetwork, separated by newlines. Example:

0.0.0.0
localhost
192.17.0.0/16
192.168.1.140-255
192.168.2-3.0-255

Environment Variables

CAMERADAR_TARGET
This variable is necessary and specifies the goal that cameradar ought to scan and try to entry RTSP streams on.
Examples:

  • 172.16.100.0/24
  • 192.168.1.1
  • localhost
  • 192.168.1.140-255
  • 192.168.2-3.0-255

CAMERADAR_PORTS
This variable is elective and means that you can specify the ports on which to run the scans.
Default worth: 554,8554
It is advisable to not change these besides in case you are sure that cameras have been configured to stream RTSP over a unique port. 99.9% of cameras are streaming on these ports.

CAMERADAR_NMAP_OUTPUT_FILE
This variable is elective and means that you can specify on which file nmap will write its output.
Default worth: /tmp/cameradar_scan.xml
This will be helpful solely if you wish to learn the recordsdata your self, if you do not need it to write down in your /tmp folder, or if you wish to use solely the RunNmap perform in cameradar, and do its parsing manually.

CAMERADAR_CUSTOM_ROUTES, CAMERADAR_CUSTOM_CREDENTIALS
These variables are elective, permitting to exchange the default dictionaries with customized ones, for the dictionary assault.
Default values: <CAMERADAR_GOPATH>/dictionaries/routes and <CAMERADAR_GOPATH>/dictionaries/credentials.json

CAMERADAR_SPEED
This elective variable means that you can set customized nmap discovery presets to enhance velocity or accuracy. It’s advisable to decrease it in case you are trying to scan an unstable and gradual community, or to extend it if on a really performant and dependable community. See this for more info on the nmap timing templates.
Default worth: 4

CAMERADAR_TIMEOUT
This elective variable means that you can set customized timeout worth in miliseconds after which an assault try with out a solution ought to surrender. It’s advisable to extend it when trying to scan unstable and gradual networks or to lower it on very performant and dependable networks.
Default worth: 2000

CAMERADAR_LOGS
This elective variable means that you can allow a extra verbose output to have extra details about what’s going on.
It will output nmap outcomes, cURL requests, and so on.
Default: false

Contribution

Build

Docker construct
To construct the docker picture, merely run docker construct -t . cameradar within the root of the undertaking.
Your picture can be known as cameradar and NOT ullaakut/cameradar.

Go construct
To construct the undertaking with out docker:

  1. Install dep
    • OSX: brew set up dep and brew improve dep
    • Others: Download the discharge bundle in your OS here
  2. dep guarantee
  3. go construct to construct the library
  4. cd cameradar && go construct to construct the binary

The cameradar binary is now within the root of the listing.
See the contribution document to get began.

Frequently Asked Questions

Cameradar doesn’t detect any digital camera!

That signifies that both your cameras aren’t streaming in RTSP or that they aren’t on the goal you might be scanning. In most circumstances, CCTV cameras can be on a non-public subnetwork, remoted from the web. Use the -t choice to specify your goal.

Cameradar detects my cameras, however doesn’t handle to entry them in any respect!

Maybe your cameras have been configured and the credentials / URL have been modified. Cameradar solely guesses utilizing default constructor values if a customized dictionary will not be supplied. You can use your individual dictionaries wherein you simply have so as to add your credentials and RTSP routes. To try this, see how the configuration works. Also, perhaps your digital camera’s credentials aren’t but recognized, wherein case if you happen to discover them it could be very good so as to add them to the Cameradar dictionaries to assist different folks sooner or later.

What occurred to the C++ model?

You can nonetheless discover it below the 1.1.Four tag on this repo, nevertheless it was much less performant and steady than the present model written in Golang.

How to make use of the Cameradar library for my very own undertaking?

See the instance in /cameradar. You simply have to run go get github.com/Ullaakut/cameradar and to make use of the cmrdr bundle in your code. You can discover the documentation on godoc.

I need to scan my very own localhost for some purpose and it doesn’t work! What’s happening?

Use the --net=host flag when launching the cameradar picture, or use the binary by operating go run cameradar/cameradar.go or installing it

I do not see a coloured output 🙁

You forgot the -t flag earlier than ullaakut/cameradar in your command-line. This tells docker to allocate a pseudo-tty for cameradar, which makes it in a position to make use of colours.

I haven’t got a digital camera however I’d prefer to attempt Cameradar!

Simply run docker run -p 8554:8554 -e RTSP_USERNAME=admin -e RTSP_PASSWORD=12345 -e RTSP_PORT=8554 ullaakut/rtspatt after which run cameradar and it ought to guess that the username is admin and the password is 12345. You can do this with any default constructor credentials (they are often discovered here)

Examples

Running cameradar by yourself machine to scan for default ports

docker run --net=host -t ullaakut/cameradar -t localhost

Running cameradar with an enter file, logs enabled on port 8554

docker run -v /tmp:/tmp --net=host -t ullaakut/cameradar -t /tmp/take a look at.txt -p 8554 -l

MoreTip.com

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.