Difference between revisions of "Camera Lore"

From One-Eyed Man Wiki
Jump to navigation Jump to search
 
(17 intermediate revisions by the same user not shown)
Line 1: Line 1:
=== Interesting reading ===
https://cyberlinksecurity.ie/vulnerabilities-to-exploit-a-chinese-ip-camera/
=== Camera 1: Western Addition ===
=== Camera 1: Western Addition ===


'''Manufacturer:''' Reolink


'''Model:''' E1 Zoom
'''Model:''' E1 Zoom
Line 34: Line 40:
|open
|open
|ssl/http
|ssl/http
|<nowiki>nginx
| <pre>
 
| nginx
| http-methods:
|_  Supported Methods: GET HEAD
|_http-title: 400 The plain HTTP request was sent to HTTPS port
|_http-title: 400 The plain HTTP request was sent to HTTPS port
| ssl-cert: Subject: commonName=reo-link/organizationName=reo-link/stateOrProvinceName=GD/countryName=CN
| ssl-cert: Subject: commonName=reo-link/organizationName=reo-link/stateOrProvinceName=GD/countryName=CN
 
| Issuer: commonName=reo-link/organizationName=reo-link/stateOrProvinceName=GD/countryName=CN
| Public Key type: rsa
| Public Key bits: 1024
| Signature Algorithm: sha1WithRSAEncryption
| Not valid before: 2016-01-08T07:54:35
| Not valid before: 2016-01-08T07:54:35
 
| Not valid after: 2026-01-05T07:54:35
|_Not valid after:  2026-01-05T07:54:35
| MD5:  f5a4 d59f ae7c 8da1 96e7 e8e0 7d7f d9d7
 
|_SHA-1: 8b54 6fd5 ca3e e466 b5dd f03c ad93 37db 8b17 c6f0
|_ssl-date: TLS randomness does not represent time
|_ssl-date: TLS randomness does not represent time
| tls-alpn:  
| tls-alpn:  
 
|http/1.1
|http/1.1
 
| tls-nextprotoneg:  
| tls-nextprotoneg:  
 
|http/1.1</pre>
|  http/1.1</nowiki>
|-
|-
|554/tcp
|554/tcp
|open
|open
|rtsp  
|rtsp  
|<nowiki>D-Link DCS-2130 or Pelco IDE10DN webcam rtspd
|D-Link DCS-2130 or Pelco IDE10DN webcam rtspd
 
<nowiki>|</nowiki>_rtsp-methods: OPTIONS, DESCRIBE, SETUP, TEARDOWN, PLAY, PAUSE, GET_PARAMETER, SET_PARAMETER
|_rtsp-methods: ERROR: Script execution failed (use -d to debug)</nowiki>
|-
|-
|1935/tcp
|1935/tcp
Line 69: Line 74:
|open
|open
|rtsp
|rtsp
|<nowiki>D-Link DCS-2130 or Pelco IDE10DN webcam rtspd
|D-Link DCS-2130 or Pelco IDE10DN webcam rtspd
 
<nowiki>|</nowiki>_rtsp-methods: OPTIONS, DESCRIBE, SETUP, TEARDOWN, PLAY, PAUSE, GET_PARAMETER, SET_PARAMETER
|_rtsp-methods: ERROR: Script execution failed (use -d to debug)</nowiki>
|-
|-
|8000/tcp
|8000/tcp
|open
|open
|tcpwrapped
|http-alt tcpwrapped
|<nowiki>http-server-header: gSOAP/2.8
|<nowiki>http-server-header: gSOAP/2.8


Line 87: Line 91:
| colspan="4" |Service Info: Device: webcam; CPE: cpe:/h:pelco:ide10dn
| colspan="4" |Service Info: Device: webcam; CPE: cpe:/h:pelco:ide10dn
|}
|}
Port 8000 returns:
<pre>
<SOAP-ENV:Envelope>
    <SOAP-ENV:Body>
          <SOAP-ENV:Fault>
              <faultcode>SOAP-ENV:Client</faultcode>
              <faultstring>HTTP GET method not implemented</faultstring>
          </SOAP-ENV:Fault>
    </SOAP-ENV:Body>
</SOAP-ENV:Envelope>
</pre>


==== Shinobi config ====
&nbsp;
 
<div class="toccolours mw-collapsible mw-collapsed style="width:500px; overflow:auto;">
====Shinobi configuration====
<div class="mw-collapsible-content">
<pre>
<pre>
{
{
Line 313: Line 333:
}
}
</pre>
</pre>
</div></div>
&nbsp;


===  Camera 2: Schlacht-Kam ===
===  Camera 2: Schlacht-Kam ===


'''Manufacturer:''' Wansview
'''Model:''' W9
'''Camera ID:''' WVCB8HETHZEDS84S
'''Firmware Version:''' 07.26100.07.17
'''Wi-Fi Mac:''' 60:1D:9D:DC:B3:36
'''Ethernet MAC:''' 78:A5:DD:4C:C0:23
'''Advertised RSTP stream URLs:'''


* [FHD] rtsp://xxxxxx:xxxxxx@192.168.49.151:554/live/ch0
* [SD] rtsp://xxxxxx:xxxxxx@192.168.49.151:554/live/ch1


rtsp://MzIPsyQZ:UxXjiNz3nILG0Kw5@192.168.49.151:554/live/ch0
'''ONVIF port:''' 8899


==== Nmap scan report ====
==== Nmap scan report ====


{| class="wikitable"
|+
!PORT
!STATE
!SERVICE
!VERSION
|-
|80/tcp
|open
|http
|<nowiki>Boa HTTPd 0.94.13 |_http-server-header: Boa/0.94.13</nowiki>


<nowiki>|</nowiki>_http-title: 403 Forbidden
|-
|554/tcp
|open
|rtsp
| <pre>
| fingerprint-strings:
| FourOhFourRequest, GenericLines, GetRequest:
| RTSP/1.0 400 Bad Request
| Server: AJSS/1.0.4 (Build/001.0; Platform/Linux; Release/Ajy Rtsp Svr; State/Development; )
| Cseq:
| Connection: Close
| HTTPOptions, RTSPRequest:
| RTSP/1.0 400 Bad Request
| Server: AJSS/1.0.4 (Build/001.0; Platform/Linux; Release/Ajy Rtsp Svr; State/Development; )
| Cseq:
| SIPOptions:
| RTSP/1.0 200 OK
| Server: AJSS/1.0.4 (Build/001.0; Platform/Linux; Release/Ajy Rtsp Svr; State/Development; )
| Cseq: 42 OPTIONS
| Public: DESCRIBE, SETUP, TEARDOWN, PLAY, OPTIONS
| rtsp-methods: DESCRIBE, SETUP, TEARDOWN, PLAY, OPTIONS</pre>
|-
| 8899/tcp
| open
| tcpwrapped
| ospf-lite
|-
|colspan="4" | <pre>
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at <nowiki>https://nmap.org/cgi-bin/submit.cgi?new-service</nowiki> :
SF-Port554-TCP:V=7.92%I=7%D=5/14%Time=628070D2%P=x86_64-pc-linux-gnu%r(Get
SF:Request,94,"RTSP/1\.0\x20400\x20Bad\x20Request\r\nServer:\x20AJSS/1\.0\
SF:.4\x20\(Build/001\.0;\x20Platform/Linux;\x20Release/Ajy\x20Rtsp\x20Svr;
SF:\x20State/Development;\x20\)\r\nCseq:\x20\r\nConnection:\x20Close\r\n\r
SF:\n")%r(RTSPRequest,81,"RTSP/1\.0\x20400\x20Bad\x20Request\r\nServer:\x2
SF:0AJSS/1\.0\.4\x20\(Build/001\.0;\x20Platform/Linux;\x20Release/Ajy\x20R
SF:tsp\x20Svr;\x20State/Development;\x20\)\r\nCseq:\x20\r\n\r\n")%r(Generi
SF:cLines,94,"RTSP/1\.0\x20400\x20Bad\x20Request\r\nServer:\x20AJSS/1\.0\.
SF:4\x20\(Build/001\.0;\x20Platform/Linux;\x20Release/Ajy\x20Rtsp\x20Svr;\
SF:x20State/Development;\x20\)\r\nCseq:\x20\r\nConnection:\x20Close\r\n\r\
SF:n")%r(HTTPOptions,81,"RTSP/1\.0\x20400\x20Bad\x20Request\r\nServer:\x20
SF:AJSS/1\.0\.4\x20\(Build/001\.0;\x20Platform/Linux;\x20Release/Ajy\x20Rt
SF:sp\x20Svr;\x20State/Development;\x20\)\r\nCseq:\x20\r\n\r\n")%r(FourOhF
SF:ourRequest,94,"RTSP/1\.0\x20400\x20Bad\x20Request\r\nServer:\x20AJSS/1\
SF:.0\.4\x20\(Build/001\.0;\x20Platform/Linux;\x20Release/Ajy\x20Rtsp\x20S
SF:vr;\x20State/Development;\x20\)\r\nCseq:\x20\r\nConnection:\x20Close\r\
SF:n\r\n")%r(SIPOptions,B4,"RTSP/1\.0\x20200\x20OK\r\nServer:\x20AJSS/1\.0
SF:\.4\x20\(Build/001\.0;\x20Platform/Linux;\x20Release/Ajy\x20Rtsp\x20Svr
SF:;\x20State/Development;\x20\)\r\nCseq:\x2042\x20OPTIONS\r\nPublic:\x20D
SF:ESCRIBE,\x20SETUP,\x20TEARDOWN,\x20PLAY,\x20OPTIONS\r\n\r\n");</pre>
|-
| colspan="4" |Device type: general purpose
|-
| colspan="4" |<nowiki>Running: Linux 2.6.X|3.X</nowiki>
|-
| colspan="4" |OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3
|-
| colspan="4" |OS details: Linux 2.6.32 - 3.13
|}
&nbsp;


==== Shinobi config ====
<div class="toccolours mw-collapsible mw-collapsed style="width:500px; overflow:auto;">
====Shinobi configuration====
<div class="mw-collapsible-content">
<pre>
<pre>
{
{
Line 549: Line 660:
}
}
</pre>
</pre>
</div></div>
=== Camera 3: OOSSXX ===
'''Manufacturer:''' OOSSXX
'''Model:''' OSX-BB188
'''MAC:''' 9C:A3:A9:34:93:36 (Guangzhou Juan Optical and Electronical Tech Joint Stock)
<pre>
root@tolt:~# nmap -A 10.111.222.139
Starting Nmap 7.80 ( https://nmap.org ) at 2022-05-15 17:49 PDT
Nmap scan report for 10.111.222.139
Host is up (0.0061s latency).
Not shown: 998 closed ports
PORT      STATE SERVICE          VERSION
80/tcp    open  http              nginx
|_http-title: 404 Not Found
10000/tcp open  snet-sensor-mgmt?
| fingerprint-strings:
|  DNSStatusRequestTCP, DNSVersionBindReqTCP, Help, Kerberos, LDAPBindReq, LDAPSearchReq, LPDString, RPCCheck, SIPOptions, SMBProgNeg, SSLSessionReq, TLSSessionReq, TerminalServerCookie, X11Probe:
|    HTTP/1.0 403 Forbidden
|    content-type: text/html
|    content-length: 38
|_    <html><body><h1>403</h1></body></html>
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port10000-TCP:V=7.80%I=7%D=5/15%Time=62819FC3%P=x86_64-pc-linux-gnu%r(R
SF:PCCheck,6D,"HTTP/1\.0\x20403\x20Forbidden\r\ncontent-type:\x20text/html
SF:\r\ncontent-length:\x2038\r\n\r\n<html><body><h1>403</h1></body></html>
SF:")%r(DNSVersionBindReqTCP,6D,"HTTP/1\.0\x20403\x20Forbidden\r\ncontent-
SF:type:\x20text/html\r\ncontent-length:\x2038\r\n\r\n<html><body><h1>403<
SF:/h1></body></html>")%r(DNSStatusRequestTCP,6D,"HTTP/1\.0\x20403\x20Forb
SF:idden\r\ncontent-type:\x20text/html\r\ncontent-length:\x2038\r\n\r\n<ht
SF:ml><body><h1>403</h1></body></html>")%r(Help,6D,"HTTP/1\.0\x20403\x20Fo
SF:rbidden\r\ncontent-type:\x20text/html\r\ncontent-length:\x2038\r\n\r\n<
SF:html><body><h1>403</h1></body></html>")%r(SSLSessionReq,6D,"HTTP/1\.0\x
SF:20403\x20Forbidden\r\ncontent-type:\x20text/html\r\ncontent-length:\x20
SF:38\r\n\r\n<html><body><h1>403</h1></body></html>")%r(TerminalServerCook
SF:ie,6D,"HTTP/1\.0\x20403\x20Forbidden\r\ncontent-type:\x20text/html\r\nc
SF:ontent-length:\x2038\r\n\r\n<html><body><h1>403</h1></body></html>")%r(
SF:TLSSessionReq,6D,"HTTP/1\.0\x20403\x20Forbidden\r\ncontent-type:\x20tex
SF:t/html\r\ncontent-length:\x2038\r\n\r\n<html><body><h1>403</h1></body><
SF:/html>")%r(Kerberos,6D,"HTTP/1\.0\x20403\x20Forbidden\r\ncontent-type:\
SF:x20text/html\r\ncontent-length:\x2038\r\n\r\n<html><body><h1>403</h1></
SF:body></html>")%r(SMBProgNeg,6D,"HTTP/1\.0\x20403\x20Forbidden\r\nconten
SF:t-type:\x20text/html\r\ncontent-length:\x2038\r\n\r\n<html><body><h1>40
SF:3</h1></body></html>")%r(X11Probe,6D,"HTTP/1\.0\x20403\x20Forbidden\r\n
SF:content-type:\x20text/html\r\ncontent-length:\x2038\r\n\r\n<html><body>
SF:<h1>403</h1></body></html>")%r(LPDString,6D,"HTTP/1\.0\x20403\x20Forbid
SF:den\r\ncontent-type:\x20text/html\r\ncontent-length:\x2038\r\n\r\n<html
SF:><body><h1>403</h1></body></html>")%r(LDAPSearchReq,6D,"HTTP/1\.0\x2040
SF:3\x20Forbidden\r\ncontent-type:\x20text/html\r\ncontent-length:\x2038\r
SF:\n\r\n<html><body><h1>403</h1></body></html>")%r(LDAPBindReq,6D,"HTTP/1
SF:\.0\x20403\x20Forbidden\r\ncontent-type:\x20text/html\r\ncontent-length
SF::\x2038\r\n\r\n<html><body><h1>403</h1></body></html>")%r(SIPOptions,6D
SF:,"HTTP/1\.0\x20403\x20Forbidden\r\ncontent-type:\x20text/html\r\nconten
SF:t-length:\x2038\r\n\r\n<html><body><h1>403</h1></body></html>");</pre>

Latest revision as of 19:31, 15 May 2022


Interesting reading

https://cyberlinksecurity.ie/vulnerabilities-to-exploit-a-chinese-ip-camera/

Camera 1: Western Addition

Manufacturer: Reolink

Model: E1 Zoom

UID: 95270003RSI61WOG

Build No: 21112408

Hardware Ver: IPC_515BSD6

Config Ver: v3.0.0.0

Firmware Ver: v3.0.0.716_21112408

Detail: IPC_515BSD6S10E0W7110000 0001

MAC: 38:C8:04:E0:AD:B4

Nmap scan report

PORT STATE SERVICE VERSION
80/tcp open http nginx | http-title: Reolink
443/tcp open ssl/http
| nginx
| http-methods: 
|_  Supported Methods: GET HEAD
|_http-title: 400 The plain HTTP request was sent to HTTPS port
| ssl-cert: Subject: commonName=reo-link/organizationName=reo-link/stateOrProvinceName=GD/countryName=CN
| Issuer: commonName=reo-link/organizationName=reo-link/stateOrProvinceName=GD/countryName=CN
| Public Key type: rsa
| Public Key bits: 1024
| Signature Algorithm: sha1WithRSAEncryption
| Not valid before: 2016-01-08T07:54:35
| Not valid after:  2026-01-05T07:54:35
| MD5:   f5a4 d59f ae7c 8da1 96e7 e8e0 7d7f d9d7
|_SHA-1: 8b54 6fd5 ca3e e466 b5dd f03c ad93 37db 8b17 c6f0
|_ssl-date: TLS randomness does not represent time
| tls-alpn: 
|_  http/1.1
| tls-nextprotoneg: 
|_  http/1.1
554/tcp open rtsp D-Link DCS-2130 or Pelco IDE10DN webcam rtspd

|_rtsp-methods: OPTIONS, DESCRIBE, SETUP, TEARDOWN, PLAY, PAUSE, GET_PARAMETER, SET_PARAMETER

1935/tcp open rtmp?
6001/tcp open rtsp D-Link DCS-2130 or Pelco IDE10DN webcam rtspd

|_rtsp-methods: OPTIONS, DESCRIBE, SETUP, TEARDOWN, PLAY, PAUSE, GET_PARAMETER, SET_PARAMETER

8000/tcp open http-alt tcpwrapped http-server-header: gSOAP/2.8 |_http-title: Site doesn't have a title (text/xml; charset=utf-8).
9000/tcp open cslistener?
Service Info: Device: webcam; CPE: cpe:/h:pelco:ide10dn

Port 8000 returns:

<SOAP-ENV:Envelope>
     <SOAP-ENV:Body>
          <SOAP-ENV:Fault>
               <faultcode>SOAP-ENV:Client</faultcode>
               <faultstring>HTTP GET method not implemented</faultstring>
          </SOAP-ENV:Fault>
     </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

 

Shinobi configuration

{
  "mode":"start",
  "mid":"QoSm5ACILv8000",
  "name":"Western Addition",
  "type":"h264",
  "protocol":"rtsp",
  "host":"192.168.25.100",
  "port":"554",
  "path":"/h264Preview_01_main",
  "height":"480",
  "width":"640",
  "ext":"mp4",
  "fps":"1",
  "details":{
     "max_keep_days":"",
     "notes":"",
     "dir":"",
     "rtmp_key":"",
     "auto_host_enable":"1",
     "auto_host":"rtsp://xxxxxx:xxxxxx@192.168.25.100:554/h264Preview_01_main",
     "rtsp_transport":"tcp",
     "muser":"xxxxxx",
     "mpass":"xxxxxx",
     "port_force":"0",
     "fatal_max":"0",
     "skip_ping":null,
     "is_onvif":"1",
     "onvif_non_standard":null,
     "onvif_port":"8000",
     "primary_input":"0:0",
     "aduration":"1000000000",
     "probesize":"1000000000",
     "stream_loop":"0",
     "sfps":"",
     "wall_clock_timestamp_ignore":null,
     "accelerator":"0",
     "hwaccel":"auto",
     "hwaccel_vcodec":"",
     "hwaccel_device":"",
     "stream_type":"hls",
     "stream_flv_type":"ws",
     "stream_flv_maxLatency":"",
     "stream_mjpeg_clients":"",
     "stream_vcodec":"copy",
     "stream_acodec":"no",
     "hls_time":"2",
     "hls_list_size":"3",
     "preset_stream":"ultrafast",
     "stream_quality":"15",
     "stream_fps":"2",
     "stream_scale_x":"",
     "stream_scale_y":"",
     "stream_rotate":null,
     "signal_check":"10",
     "signal_check_log":"0",
     "stream_vf":"",
     "tv_channel":"0",
     "tv_channel_id":"",
     "tv_channel_group_title":"",
     "stream_timestamp":"0",
     "stream_timestamp_font":"",
     "stream_timestamp_font_size":"",
     "stream_timestamp_color":"",
     "stream_timestamp_box_color":"",
     "stream_timestamp_x":"",
     "stream_timestamp_y":"",
     "stream_watermark":"0",
     "stream_watermark_location":"",
     "stream_watermark_position":"tr",
     "snap":"0",
     "snap_fps":"",
     "snap_scale_x":"",
     "snap_scale_y":"",
     "snap_vf":"",
     "vcodec":"copy",
     "crf":"1",
     "preset_record":"",
     "acodec":"no",
     "record_scale_y":"",
     "record_scale_x":"",
     "cutoff":"15",
     "rotate":null,
     "vf":"",
     "timestamp":"0",
     "timestamp_font":"",
     "timestamp_font_size":"10",
     "timestamp_color":"white",
     "timestamp_box_color":"0x00000000@1",
     "timestamp_x":"(w-tw)/2",
     "timestamp_y":"0",
     "watermark":"0",
     "watermark_location":"",
     "watermark_position":"tr",
     "record_timelapse":null,
     "record_timelapse_mp4":null,
     "record_timelapse_fps":null,
     "record_timelapse_scale_x":"",
     "record_timelapse_scale_y":"",
     "record_timelapse_vf":"",
     "record_timelapse_watermark":null,
     "record_timelapse_watermark_location":"",
     "record_timelapse_watermark_position":null,
     "cust_input":"",
     "cust_stream":"",
     "cust_snap":"",
     "cust_record":"",
     "cust_detect":"",
     "cust_detect_object":"",
     "cust_sip_record":"",
     "custom_output":"",
     "detector":"0",
     "detector_http_api":null,
     "detector_send_frames":"1",
     "detector_fps":"",
     "detector_scale_x":"640",
     "detector_scale_y":"480",
     "detector_lock_timeout":"",
     "detector_save":"0",
     "detector_record_method":"sip",
     "detector_trigger":"1",
     "detector_trigger_record_fps":"",
     "detector_timeout":"10",
     "detector_send_video_length":"",
     "watchdog_reset":"0",
     "detector_delete_motionless_videos":"0",
     "det_multi_trig":null,
     "group_detector_multi":"",
     "detector_webhook":"0",
     "detector_webhook_timeout":"",
     "detector_webhook_url":"",
     "detector_webhook_method":null,
     "detector_command_enable":"0",
     "detector_command":"",
     "detector_command_timeout":"",
     "snap_seconds_inward":"",
     "detector_mail":"0",
     "detector_mail_timeout":"",
     "use_detector_filters":null,
     "use_detector_filters_object":null,
     "cords":"[]",
     "detector_filters":"",
     "detector_pam":"1",
     "detector_sensitivity":"",
     "detector_max_sensitivity":"",
     "detector_threshold":"1",
     "detector_color_threshold":"",
     "inverse_trigger":null,
     "detector_frame":"0",
     "detector_noise_filter":null,
     "detector_noise_filter_range":"",
     "detector_notrigger":"0",
     "detector_notrigger_mail":"0",
     "detector_notrigger_discord":null,
     "detector_notrigger_timeout":"",
     "detector_notrigger_webhook":null,
     "detector_notrigger_webhook_url":"",
     "detector_notrigger_webhook_method":null,
     "detector_notrigger_command_enable":null,
     "detector_notrigger_command":"",
     "detector_notrigger_command_timeout":"",
     "detector_audio":null,
     "detector_audio_min_db":"",
     "detector_audio_max_db":"",
     "detector_use_detect_object":"0",
     "detector_send_frames_object":null,
     "detector_obj_count_in_region":null,
     "detector_obj_region":null,
     "detector_use_motion":"1",
     "detector_fps_object":"",
     "detector_scale_x_object":"",
     "detector_scale_y_object":"",
     "detector_lisence_plate":"0",
     "detector_lisence_plate_country":"us",
     "detector_buffer_vcodec":"auto",
     "detector_buffer_acodec":null,
     "detector_buffer_fps":"",
     "event_record_scale_x":"",
     "event_record_scale_y":"",
     "detector_buffer_hls_time":"",
     "detector_buffer_hls_list_size":"",
     "detector_buffer_start_number":"",
     "detector_buffer_live_start_index":"",
     "control":"1",
     "control_base_url":"",
     "control_url_method":"ONVIF",
     "control_digest_auth":null,
     "control_stop":"1",
     "control_url_stop_timeout":"",
     "control_turn_speed":"",
     "detector_ptz_follow":null,
     "detector_ptz_follow_target":"",
     "detector_obj_count":null,
     "control_url_center":"",
     "control_url_left":"",
     "control_url_left_stop":"",
     "control_url_right":"",
     "control_url_right_stop":"",
     "control_url_up":"",
     "control_url_up_stop":"",
     "control_url_down":"",
     "control_url_down_stop":"",
     "control_url_enable_nv":"",
     "control_url_disable_nv":"",
     "control_url_zoom_out":"",
     "control_url_zoom_out_stop":"",
     "control_url_zoom_in":"",
     "control_url_zoom_in_stop":"",
     "control_invert_y":null,
     "groups":"[]",
     "notify_email":null,
     "notify_onUnexpectedExit":null,
     "notify_useRawSnapshot":null,
     "loglevel":"warning",
     "sqllog":"0",
     "detector_cascades":"",
     "stream_channels":"",
     "input_maps":"",
     "input_map_choices":""
  },
  "shto":"[]",
  "shfr":"[]"
}

 

Camera 2: Schlacht-Kam

Manufacturer: Wansview

Model: W9

Camera ID: WVCB8HETHZEDS84S

Firmware Version: 07.26100.07.17

Wi-Fi Mac: 60:1D:9D:DC:B3:36

Ethernet MAC: 78:A5:DD:4C:C0:23

Advertised RSTP stream URLs:

  • [FHD] rtsp://xxxxxx:xxxxxx@192.168.49.151:554/live/ch0
  • [SD] rtsp://xxxxxx:xxxxxx@192.168.49.151:554/live/ch1

ONVIF port: 8899

Nmap scan report

PORT STATE SERVICE VERSION
80/tcp open http Boa HTTPd 0.94.13 |_http-server-header: Boa/0.94.13

|_http-title: 403 Forbidden

554/tcp open rtsp
| fingerprint-strings:
| FourOhFourRequest, GenericLines, GetRequest: 
| RTSP/1.0 400 Bad Request
| Server: AJSS/1.0.4 (Build/001.0; Platform/Linux; Release/Ajy Rtsp Svr; State/Development; )
| Cseq: 
| Connection: Close
| HTTPOptions, RTSPRequest: 
| RTSP/1.0 400 Bad Request
| Server: AJSS/1.0.4 (Build/001.0; Platform/Linux; Release/Ajy Rtsp Svr; State/Development; )
| Cseq:
| SIPOptions: 
| RTSP/1.0 200 OK
| Server: AJSS/1.0.4 (Build/001.0; Platform/Linux; Release/Ajy Rtsp Svr; State/Development; )
| Cseq: 42 OPTIONS
| Public: DESCRIBE, SETUP, TEARDOWN, PLAY, OPTIONS
| rtsp-methods: DESCRIBE, SETUP, TEARDOWN, PLAY, OPTIONS
8899/tcp open tcpwrapped ospf-lite
 
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port554-TCP:V=7.92%I=7%D=5/14%Time=628070D2%P=x86_64-pc-linux-gnu%r(Get
SF:Request,94,"RTSP/1\.0\x20400\x20Bad\x20Request\r\nServer:\x20AJSS/1\.0\
SF:.4\x20\(Build/001\.0;\x20Platform/Linux;\x20Release/Ajy\x20Rtsp\x20Svr;
SF:\x20State/Development;\x20\)\r\nCseq:\x20\r\nConnection:\x20Close\r\n\r
SF:\n")%r(RTSPRequest,81,"RTSP/1\.0\x20400\x20Bad\x20Request\r\nServer:\x2
SF:0AJSS/1\.0\.4\x20\(Build/001\.0;\x20Platform/Linux;\x20Release/Ajy\x20R
SF:tsp\x20Svr;\x20State/Development;\x20\)\r\nCseq:\x20\r\n\r\n")%r(Generi
SF:cLines,94,"RTSP/1\.0\x20400\x20Bad\x20Request\r\nServer:\x20AJSS/1\.0\.
SF:4\x20\(Build/001\.0;\x20Platform/Linux;\x20Release/Ajy\x20Rtsp\x20Svr;\
SF:x20State/Development;\x20\)\r\nCseq:\x20\r\nConnection:\x20Close\r\n\r\
SF:n")%r(HTTPOptions,81,"RTSP/1\.0\x20400\x20Bad\x20Request\r\nServer:\x20
SF:AJSS/1\.0\.4\x20\(Build/001\.0;\x20Platform/Linux;\x20Release/Ajy\x20Rt
SF:sp\x20Svr;\x20State/Development;\x20\)\r\nCseq:\x20\r\n\r\n")%r(FourOhF
SF:ourRequest,94,"RTSP/1\.0\x20400\x20Bad\x20Request\r\nServer:\x20AJSS/1\
SF:.0\.4\x20\(Build/001\.0;\x20Platform/Linux;\x20Release/Ajy\x20Rtsp\x20S
SF:vr;\x20State/Development;\x20\)\r\nCseq:\x20\r\nConnection:\x20Close\r\
SF:n\r\n")%r(SIPOptions,B4,"RTSP/1\.0\x20200\x20OK\r\nServer:\x20AJSS/1\.0
SF:\.4\x20\(Build/001\.0;\x20Platform/Linux;\x20Release/Ajy\x20Rtsp\x20Svr
SF:;\x20State/Development;\x20\)\r\nCseq:\x2042\x20OPTIONS\r\nPublic:\x20D
SF:ESCRIBE,\x20SETUP,\x20TEARDOWN,\x20PLAY,\x20OPTIONS\r\n\r\n");
Device type: general purpose
Running: Linux 2.6.X|3.X
OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3
OS details: Linux 2.6.32 - 3.13

 

Shinobi configuration

{
  "mode":"start",
  "mid":"hOESb6D7088899",
  "name":"Schlacht-Kam",
  "type":"h264",
  "protocol":"rtsp",
  "host":"192.168.49.151",
  "port":"554",
  "path":"/live/ch0?token=2d22944c5842873f078e76b942fe9da2",
  "height":"480",
  "width":"640",
  "ext":"mp4",
  "fps":"1",
  "details":{
     "max_keep_days":"",
     "notes":"",
     "dir":"",
     "rtmp_key":"",
     "auto_host_enable":"1",
     "auto_host":"rtsp://xxxxxx:xxxxxx@192.168.49.151:554/live/ch0?token=2d22944c5842873f078e76b942fe9da2",
     "rtsp_transport":"tcp",
     "muser":"xxxxxx",
     "mpass":"xxxxxx",
     "port_force":"0",
     "fatal_max":"0",
     "skip_ping":null,
     "is_onvif":"1",
     "onvif_non_standard":"1",
     "onvif_port":"8899",
     "primary_input":"0:0",
     "aduration":"1000000",
     "probesize":"1000000",
     "stream_loop":"0",
     "sfps":"",
     "wall_clock_timestamp_ignore":null,
     "accelerator":"1",
     "hwaccel":"auto",
     "hwaccel_vcodec":"",
     "hwaccel_device":"",
     "stream_type":"hls",
     "stream_flv_type":"ws",
     "stream_flv_maxLatency":"",
     "stream_mjpeg_clients":"",
     "stream_vcodec":"copy",
     "stream_acodec":"no",
     "hls_time":"2",
     "hls_list_size":"3",
     "preset_stream":"ultrafast",
     "stream_quality":"15",
     "stream_fps":"2",
     "stream_scale_x":"",
     "stream_scale_y":"",
     "stream_rotate":null,
     "signal_check":"10",
     "signal_check_log":"0",
     "stream_vf":"",
     "tv_channel":"0",
     "tv_channel_id":"",
     "tv_channel_group_title":"",
     "stream_timestamp":"0",
     "stream_timestamp_font":"",
     "stream_timestamp_font_size":"",
     "stream_timestamp_color":"",
     "stream_timestamp_box_color":"",
     "stream_timestamp_x":"",
     "stream_timestamp_y":"",
     "stream_watermark":"0",
     "stream_watermark_location":"",
     "stream_watermark_position":"tr",
     "snap":"0",
     "snap_fps":"",
     "snap_scale_x":"",
     "snap_scale_y":"",
     "snap_vf":"",
     "vcodec":"copy",
     "crf":"1",
     "preset_record":"",
     "acodec":"no",
     "record_scale_y":"",
     "record_scale_x":"",
     "cutoff":"15",
     "rotate":null,
     "vf":"",
     "timestamp":"0",
     "timestamp_font":"",
     "timestamp_font_size":"10",
     "timestamp_color":"white",
     "timestamp_box_color":"0x00000000@1",
     "timestamp_x":"(w-tw)/2",
     "timestamp_y":"0",
     "watermark":"0",
     "watermark_location":"",
     "watermark_position":"tr",
     "record_timelapse":null,
     "record_timelapse_mp4":null,
     "record_timelapse_fps":null,
     "record_timelapse_scale_x":"",
     "record_timelapse_scale_y":"",
     "record_timelapse_vf":"",
     "record_timelapse_watermark":null,
     "record_timelapse_watermark_location":"",
     "record_timelapse_watermark_position":null,
     "cust_input":"",
     "cust_stream":"",
     "cust_snap":"",
     "cust_record":"",
     "cust_detect":"",
     "cust_detect_object":"",
     "cust_sip_record":"",
     "custom_output":"",
     "detector":"0",
     "detector_http_api":null,
     "detector_send_frames":"1",
     "detector_fps":"",
     "detector_scale_x":"640",
     "detector_scale_y":"480",
     "detector_lock_timeout":"",
     "detector_save":"0",
     "detector_record_method":"sip",
     "detector_trigger":"1",
     "detector_trigger_record_fps":"",
     "detector_timeout":"10",
     "detector_send_video_length":"",
     "watchdog_reset":"0",
     "detector_delete_motionless_videos":"0",
     "det_multi_trig":null,
     "group_detector_multi":"",
     "detector_webhook":"0",
     "detector_webhook_timeout":"",
     "detector_webhook_url":"",
     "detector_webhook_method":null,
     "detector_command_enable":"0",
     "detector_command":"",
     "detector_command_timeout":"",
     "snap_seconds_inward":"",
     "detector_mail":"0",
     "detector_mail_timeout":"",
     "use_detector_filters":null,
     "use_detector_filters_object":null,
     "cords":"[]",
     "detector_filters":"",
     "detector_pam":"1",
     "detector_sensitivity":"",
     "detector_max_sensitivity":"",
     "detector_threshold":"1",
     "detector_color_threshold":"",
     "inverse_trigger":null,
     "detector_frame":"0",
     "detector_noise_filter":null,
     "detector_noise_filter_range":"",
     "detector_notrigger":"0",
     "detector_notrigger_mail":"0",
     "detector_notrigger_discord":null,
     "detector_notrigger_timeout":"",
     "detector_notrigger_webhook":null,
     "detector_notrigger_webhook_url":"",
     "detector_notrigger_webhook_method":null,
     "detector_notrigger_command_enable":null,
     "detector_notrigger_command":"",
     "detector_notrigger_command_timeout":"",
     "detector_audio":null,
     "detector_audio_min_db":"",
     "detector_audio_max_db":"",
     "detector_use_detect_object":"0",
     "detector_send_frames_object":null,
     "detector_obj_count_in_region":null,
     "detector_obj_region":null,
     "detector_use_motion":"1",
     "detector_fps_object":"",
     "detector_scale_x_object":"",
     "detector_scale_y_object":"",
     "detector_lisence_plate":"0",
     "detector_lisence_plate_country":"us",
     "detector_buffer_vcodec":"auto",
     "detector_buffer_acodec":null,
     "detector_buffer_fps":"",
     "event_record_scale_x":"",
     "event_record_scale_y":"",
     "detector_buffer_hls_time":"",
     "detector_buffer_hls_list_size":"",
     "detector_buffer_start_number":"",
     "detector_buffer_live_start_index":"",
     "control":"1",
     "control_base_url":"",
     "control_url_method":"ONVIF",
     "control_digest_auth":null,
     "control_stop":"0",
     "control_url_stop_timeout":"",
     "control_turn_speed":"",
     "detector_ptz_follow":null,
     "detector_ptz_follow_target":"",
     "detector_obj_count":null,
     "control_url_center":"",
     "control_url_left":"",
     "control_url_left_stop":"",
     "control_url_right":"",
     "control_url_right_stop":"",
     "control_url_up":"",
     "control_url_up_stop":"",
     "control_url_down":"",
     "control_url_down_stop":"",
     "control_url_enable_nv":"",
     "control_url_disable_nv":"",
     "control_url_zoom_out":"",
     "control_url_zoom_out_stop":"",
     "control_url_zoom_in":"",
     "control_url_zoom_in_stop":"",
     "control_invert_y":null,
     "groups":"[]",
     "notify_email":null,
     "notify_onUnexpectedExit":null,
     "notify_useRawSnapshot":null,
     "loglevel":"warning",
     "sqllog":"0",
     "detector_cascades":"",
     "stream_channels":"",
     "input_maps":"",
     "input_map_choices":""
  },
  "shto":"[]",
  "shfr":"[]"
}

Camera 3: OOSSXX

Manufacturer: OOSSXX

Model: OSX-BB188

MAC: 9C:A3:A9:34:93:36 (Guangzhou Juan Optical and Electronical Tech Joint Stock)

root@tolt:~# nmap -A 10.111.222.139
Starting Nmap 7.80 ( https://nmap.org ) at 2022-05-15 17:49 PDT
Nmap scan report for 10.111.222.139
Host is up (0.0061s latency).
Not shown: 998 closed ports
PORT      STATE SERVICE           VERSION
80/tcp    open  http              nginx
|_http-title: 404 Not Found
10000/tcp open  snet-sensor-mgmt?
| fingerprint-strings: 
|   DNSStatusRequestTCP, DNSVersionBindReqTCP, Help, Kerberos, LDAPBindReq, LDAPSearchReq, LPDString, RPCCheck, SIPOptions, SMBProgNeg, SSLSessionReq, TLSSessionReq, TerminalServerCookie, X11Probe: 
|     HTTP/1.0 403 Forbidden
|     content-type: text/html
|     content-length: 38
|_    <html><body><h1>403</h1></body></html>
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port10000-TCP:V=7.80%I=7%D=5/15%Time=62819FC3%P=x86_64-pc-linux-gnu%r(R
SF:PCCheck,6D,"HTTP/1\.0\x20403\x20Forbidden\r\ncontent-type:\x20text/html
SF:\r\ncontent-length:\x2038\r\n\r\n<html><body><h1>403</h1></body></html>
SF:")%r(DNSVersionBindReqTCP,6D,"HTTP/1\.0\x20403\x20Forbidden\r\ncontent-
SF:type:\x20text/html\r\ncontent-length:\x2038\r\n\r\n<html><body><h1>403<
SF:/h1></body></html>")%r(DNSStatusRequestTCP,6D,"HTTP/1\.0\x20403\x20Forb
SF:idden\r\ncontent-type:\x20text/html\r\ncontent-length:\x2038\r\n\r\n<ht
SF:ml><body><h1>403</h1></body></html>")%r(Help,6D,"HTTP/1\.0\x20403\x20Fo
SF:rbidden\r\ncontent-type:\x20text/html\r\ncontent-length:\x2038\r\n\r\n<
SF:html><body><h1>403</h1></body></html>")%r(SSLSessionReq,6D,"HTTP/1\.0\x
SF:20403\x20Forbidden\r\ncontent-type:\x20text/html\r\ncontent-length:\x20
SF:38\r\n\r\n<html><body><h1>403</h1></body></html>")%r(TerminalServerCook
SF:ie,6D,"HTTP/1\.0\x20403\x20Forbidden\r\ncontent-type:\x20text/html\r\nc
SF:ontent-length:\x2038\r\n\r\n<html><body><h1>403</h1></body></html>")%r(
SF:TLSSessionReq,6D,"HTTP/1\.0\x20403\x20Forbidden\r\ncontent-type:\x20tex
SF:t/html\r\ncontent-length:\x2038\r\n\r\n<html><body><h1>403</h1></body><
SF:/html>")%r(Kerberos,6D,"HTTP/1\.0\x20403\x20Forbidden\r\ncontent-type:\
SF:x20text/html\r\ncontent-length:\x2038\r\n\r\n<html><body><h1>403</h1></
SF:body></html>")%r(SMBProgNeg,6D,"HTTP/1\.0\x20403\x20Forbidden\r\nconten
SF:t-type:\x20text/html\r\ncontent-length:\x2038\r\n\r\n<html><body><h1>40
SF:3</h1></body></html>")%r(X11Probe,6D,"HTTP/1\.0\x20403\x20Forbidden\r\n
SF:content-type:\x20text/html\r\ncontent-length:\x2038\r\n\r\n<html><body>
SF:<h1>403</h1></body></html>")%r(LPDString,6D,"HTTP/1\.0\x20403\x20Forbid
SF:den\r\ncontent-type:\x20text/html\r\ncontent-length:\x2038\r\n\r\n<html
SF:><body><h1>403</h1></body></html>")%r(LDAPSearchReq,6D,"HTTP/1\.0\x2040
SF:3\x20Forbidden\r\ncontent-type:\x20text/html\r\ncontent-length:\x2038\r
SF:\n\r\n<html><body><h1>403</h1></body></html>")%r(LDAPBindReq,6D,"HTTP/1
SF:\.0\x20403\x20Forbidden\r\ncontent-type:\x20text/html\r\ncontent-length
SF::\x2038\r\n\r\n<html><body><h1>403</h1></body></html>")%r(SIPOptions,6D
SF:,"HTTP/1\.0\x20403\x20Forbidden\r\ncontent-type:\x20text/html\r\nconten
SF:t-length:\x2038\r\n\r\n<html><body><h1>403</h1></body></html>");