Timeouts during attack on IP Webcam android phone app #197
Comments
|
You need to specify the port if it's different than Also, seems to me like your phone is most likely streaming over HTTP and not RTSP, right? Let me know if specifying the port works for you. |
Hi thanks. i changed the port to 8554 and it could detect the cam. |
|
It taking a long time is most likely due to your network or the phone's server software not being able to answer to requests fast enough. What do you call a long time? |
|
Once again, are you sure that the camera is streaming over RTSP and not HTTP or another protocol? I've been using cameradar on remote cameras thousands of kilometers away from me more than once and it never took the scan more than 1 or 2 minutes 🤔 Could you show me the logs of running cameradar on your camera with the |
took 20 minutes for the attack to finish without any results. the user credentials are set to one of the default user/pass in the credentials.json. but still no results .. "I've been using cameradar on remote cameras thousands of kilometers away from me more than once and it never took the scan more than 1 or 2 minutes thinking" ok, maybe because it's a phone setup to be a camera. maybe because of this i think. will try again on a proper surveillance camera again. thanks.
|
|
Not sure. If you want I'll try the |
|
Hey! I think your issue might be related to #199 , so you might want to try again with the It also improves performance so in your case that might be a double-win 😎 Basically my thoughts here are that the |
hi just udated cameradar and use :digest-auth option but still the same. scanned for 15minutes. sudo docker run -t ullaakut/cameradar:digest-auth -t 192.168.1.0/24 ✖ Streams were found but none were accessed. They are most likely configured with secure credentials and routes. You can try adding entries to the dictionary or generating your own in order to attempt a bruteforce attack on the cameras. |
|
Interesting, so it did have digest authentication, as it's what's shown in the summary at the end. Could you run it again with the This will show more accurate logs of what is not working. |
< RTSP/1.0 401 Unauthorized
|
|
Could you please paste the whole log? This bit isn't really helpful. |
^A* Operation timed out after 2000 milliseconds with 0 bytes received
|
|
So as you can see, the reason why it's long and doesn't work is that all requests are timing out. It could be that:
You can try to change the timeout value for dictionary attacks by specifying the option If it doesn't work with |
|
Hey thanks for the update. I think its like what you said the camera phone
is not fast enough and lags.
Will also try out with timeout options. Thanks again for your help.
…On Wed, May 22, 2019, 2:20 PM Brendan Le Glaunec ***@***.***> wrote:
So as you can see, the reason why it's long and doesn't work is that all
requests are timing out.
It could be that:
- The camera is not fast enough to respond to requests due to a high
CPU load (embedded computer vision/motion detection?)
- The network conditions are bad
- The camera's RTSP framework is blocking the requests because it
detects a potential attack (seems unlikely)
You can try to change the timeout value for dictionary attacks by
specifying the option -T or --timeout and a value in miliseconds.
If it doesn't work with 5000ms (5s) increasing the timeout further
probably won't help, unless you are trying to access a remote camera 15 000
kilometers away 😅
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#197?email_source=notifications&email_token=ALGGRL5X2N3LQFKA3MU4WILPWTQ4BA5CNFSM4HMKB322YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODV6AUIQ#issuecomment-494668322>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ALGGRL2P37KZ27X5NMWL3RTPWTQ4BANCNFSM4HMKB32Q>
.
|
Ullaakut
changed the title
|
hi @Ullaakut , timeout option did not work for me. I guess ipwebcam on android phone is just too slow. I think it's like what you said ..."The camera is not fast enough to respond". thanks. |
|
No problem, I'm sad it didn't work :( I'll definitely ping you if I find a solution for this 👍 |
hi i have setup my android phone as my camera using the app called "IP Webcam", just to make sure that the camera is running i did a nmap scan to make sure the port is open as well like below:
PORT STATE SERVICE
5554/tcp open sgi-esphttp
MAC Address: 4C:77:41:43:A6:CD (Lenovo)
than i ran the command:
sudo docker run -t ullaakut/cameradar -t 192.168.1.0/24 -l
and also this
sudo docker run --net=host -t ullaakut/cameradar -t 0.0.0.0
both commands outputs the same:
✖ No streams were found. Please make sure that your target is on an accessible network.
my android phone is on the same network, i can access the camera through the browser, but cameradar cannot seem to find it.
any suggestions?
The text was updated successfully, but these errors were encountered: