Difference between revisions of "Camera Lore"
(10 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
=== Interesting reading === | |||
https://cyberlinksecurity.ie/vulnerabilities-to-exploit-a-chinese-ip-camera/ | |||
=== Camera 1: Western Addition === | === Camera 1: Western Addition === | ||
Line 35: | Line 40: | ||
|open | |open | ||
|ssl/http | |ssl/http | ||
|< | | <pre> | ||
| nginx | |||
| http-methods: | |||
|_ Supported Methods: GET HEAD | |||
|_http-title: 400 The plain HTTP request was sent to HTTPS port | |_http-title: 400 The plain HTTP request was sent to HTTPS port | ||
| ssl-cert: Subject: commonName=reo-link/organizationName=reo-link/stateOrProvinceName=GD/countryName=CN | | ssl-cert: Subject: commonName=reo-link/organizationName=reo-link/stateOrProvinceName=GD/countryName=CN | ||
| Issuer: commonName=reo-link/organizationName=reo-link/stateOrProvinceName=GD/countryName=CN | |||
| Public Key type: rsa | |||
| Public Key bits: 1024 | |||
| Signature Algorithm: sha1WithRSAEncryption | |||
| Not valid before: 2016-01-08T07:54:35 | | Not valid before: 2016-01-08T07:54:35 | ||
| Not valid after: 2026-01-05T07:54:35 | |||
| | | MD5: f5a4 d59f ae7c 8da1 96e7 e8e0 7d7f d9d7 | ||
|_SHA-1: 8b54 6fd5 ca3e e466 b5dd f03c ad93 37db 8b17 c6f0 | |||
|_ssl-date: TLS randomness does not represent time | |_ssl-date: TLS randomness does not represent time | ||
| tls-alpn: | | tls-alpn: | ||
|_ http/1.1 | |||
| | |||
| tls-nextprotoneg: | | tls-nextprotoneg: | ||
|_ http/1.1</pre> | |||
| | |||
|- | |- | ||
|554/tcp | |554/tcp | ||
Line 74: | Line 79: | ||
|8000/tcp | |8000/tcp | ||
|open | |open | ||
|tcpwrapped | |http-alt tcpwrapped | ||
|<nowiki>http-server-header: gSOAP/2.8 | |<nowiki>http-server-header: gSOAP/2.8 | ||
Line 99: | Line 104: | ||
</pre> | </pre> | ||
==== Shinobi | | ||
<div class="toccolours mw-collapsible mw-collapsed style="width:500px; overflow:auto;"> | |||
====Shinobi configuration==== | |||
<div class="mw-collapsible-content"> | |||
<pre> | <pre> | ||
{ | { | ||
Line 324: | Line 333: | ||
} | } | ||
</pre> | </pre> | ||
</div></div> | |||
| |||
=== Camera 2: Schlacht-Kam === | === Camera 2: Schlacht-Kam === | ||
Line 365: | Line 377: | ||
|open | |open | ||
|rtsp | |rtsp | ||
|< | | <pre> | ||
| fingerprint-strings: | |||
| FourOhFourRequest, GenericLines, GetRequest: | |||
| RTSP/1.0 400 Bad Request | |||
| Server: AJSS/1.0.4 (Build/001.0; Platform/Linux; Release/Ajy Rtsp Svr; State/Development; ) | |||
| Cseq: | |||
| Connection: Close | |||
| HTTPOptions, RTSPRequest: | |||
| RTSP/1.0 400 Bad Request | |||
| Server: AJSS/1.0.4 (Build/001.0; Platform/Linux; Release/Ajy Rtsp Svr; State/Development; ) | |||
| Cseq: | |||
| SIPOptions: | |||
| RTSP/1.0 200 OK | |||
| Server: AJSS/1.0.4 (Build/001.0; Platform/Linux; Release/Ajy Rtsp Svr; State/Development; ) | |||
| Cseq: 42 OPTIONS | |||
| Public: DESCRIBE, SETUP, TEARDOWN, PLAY, OPTIONS | |||
| rtsp-methods: DESCRIBE, SETUP, TEARDOWN, PLAY, OPTIONS</pre> | |||
|- | |- | ||
|8899/tcp | | 8899/tcp | ||
|open | | open | ||
|tcpwrapped | | tcpwrapped | ||
| | | ospf-lite | ||
|- | |- | ||
| colspan="4" |1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at <nowiki>https://nmap.org/cgi-bin/submit.cgi?new-service</nowiki> : | |colspan="4" | <pre> | ||
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at <nowiki>https://nmap.org/cgi-bin/submit.cgi?new-service</nowiki> : | |||
SF-Port554-TCP:V=7.92%I=7%D=5/14%Time=628070D2%P=x86_64-pc-linux-gnu%r(Get | SF-Port554-TCP:V=7.92%I=7%D=5/14%Time=628070D2%P=x86_64-pc-linux-gnu%r(Get | ||
SF:Request,94,"RTSP/1\.0\x20400\x20Bad\x20Request\r\nServer:\x20AJSS/1\.0\ | SF:Request,94,"RTSP/1\.0\x20400\x20Bad\x20Request\r\nServer:\x20AJSS/1\.0\ | ||
SF:.4\x20\(Build/001\.0;\x20Platform/Linux;\x20Release/Ajy\x20Rtsp\x20Svr; | SF:.4\x20\(Build/001\.0;\x20Platform/Linux;\x20Release/Ajy\x20Rtsp\x20Svr; | ||
SF:\x20State/Development;\x20\)\r\nCseq:\x20\r\nConnection:\x20Close\r\n\r | SF:\x20State/Development;\x20\)\r\nCseq:\x20\r\nConnection:\x20Close\r\n\r | ||
SF:\n")%r(RTSPRequest,81,"RTSP/1\.0\x20400\x20Bad\x20Request\r\nServer:\x2 | SF:\n")%r(RTSPRequest,81,"RTSP/1\.0\x20400\x20Bad\x20Request\r\nServer:\x2 | ||
SF:0AJSS/1\.0\.4\x20\(Build/001\.0;\x20Platform/Linux;\x20Release/Ajy\x20R | SF:0AJSS/1\.0\.4\x20\(Build/001\.0;\x20Platform/Linux;\x20Release/Ajy\x20R | ||
SF:tsp\x20Svr;\x20State/Development;\x20\)\r\nCseq:\x20\r\n\r\n")%r(Generi | SF:tsp\x20Svr;\x20State/Development;\x20\)\r\nCseq:\x20\r\n\r\n")%r(Generi | ||
SF:cLines,94,"RTSP/1\.0\x20400\x20Bad\x20Request\r\nServer:\x20AJSS/1\.0\. | SF:cLines,94,"RTSP/1\.0\x20400\x20Bad\x20Request\r\nServer:\x20AJSS/1\.0\. | ||
SF:4\x20\(Build/001\.0;\x20Platform/Linux;\x20Release/Ajy\x20Rtsp\x20Svr;\ | SF:4\x20\(Build/001\.0;\x20Platform/Linux;\x20Release/Ajy\x20Rtsp\x20Svr;\ | ||
SF:x20State/Development;\x20\)\r\nCseq:\x20\r\nConnection:\x20Close\r\n\r\ | SF:x20State/Development;\x20\)\r\nCseq:\x20\r\nConnection:\x20Close\r\n\r\ | ||
SF:n")%r(HTTPOptions,81,"RTSP/1\.0\x20400\x20Bad\x20Request\r\nServer:\x20 | SF:n")%r(HTTPOptions,81,"RTSP/1\.0\x20400\x20Bad\x20Request\r\nServer:\x20 | ||
SF:AJSS/1\.0\.4\x20\(Build/001\.0;\x20Platform/Linux;\x20Release/Ajy\x20Rt | SF:AJSS/1\.0\.4\x20\(Build/001\.0;\x20Platform/Linux;\x20Release/Ajy\x20Rt | ||
SF:sp\x20Svr;\x20State/Development;\x20\)\r\nCseq:\x20\r\n\r\n")%r(FourOhF | SF:sp\x20Svr;\x20State/Development;\x20\)\r\nCseq:\x20\r\n\r\n")%r(FourOhF | ||
SF:ourRequest,94,"RTSP/1\.0\x20400\x20Bad\x20Request\r\nServer:\x20AJSS/1\ | SF:ourRequest,94,"RTSP/1\.0\x20400\x20Bad\x20Request\r\nServer:\x20AJSS/1\ | ||
SF:.0\.4\x20\(Build/001\.0;\x20Platform/Linux;\x20Release/Ajy\x20Rtsp\x20S | SF:.0\.4\x20\(Build/001\.0;\x20Platform/Linux;\x20Release/Ajy\x20Rtsp\x20S | ||
SF:vr;\x20State/Development;\x20\)\r\nCseq:\x20\r\nConnection:\x20Close\r\ | SF:vr;\x20State/Development;\x20\)\r\nCseq:\x20\r\nConnection:\x20Close\r\ | ||
SF:n\r\n")%r(SIPOptions,B4,"RTSP/1\.0\x20200\x20OK\r\nServer:\x20AJSS/1\.0 | SF:n\r\n")%r(SIPOptions,B4,"RTSP/1\.0\x20200\x20OK\r\nServer:\x20AJSS/1\.0 | ||
SF:\.4\x20\(Build/001\.0;\x20Platform/Linux;\x20Release/Ajy\x20Rtsp\x20Svr | SF:\.4\x20\(Build/001\.0;\x20Platform/Linux;\x20Release/Ajy\x20Rtsp\x20Svr | ||
SF:;\x20State/Development;\x20\)\r\nCseq:\x2042\x20OPTIONS\r\nPublic:\x20D | SF:;\x20State/Development;\x20\)\r\nCseq:\x2042\x20OPTIONS\r\nPublic:\x20D | ||
SF:ESCRIBE,\x20SETUP,\x20TEARDOWN,\x20PLAY,\x20OPTIONS\r\n\r\n");</pre> | |||
SF:ESCRIBE,\x20SETUP,\x20TEARDOWN,\x20PLAY,\x20OPTIONS\r\n\r\n"); | |||
|- | |- | ||
| colspan="4" |Device type: general purpose | | colspan="4" |Device type: general purpose | ||
Line 452: | Line 431: | ||
| colspan="4" |OS details: Linux 2.6.32 - 3.13 | | colspan="4" |OS details: Linux 2.6.32 - 3.13 | ||
|} | |} | ||
| |||
==== Shinobi | <div class="toccolours mw-collapsible mw-collapsed style="width:500px; overflow:auto;"> | ||
====Shinobi configuration==== | |||
<div class="mw-collapsible-content"> | |||
<pre> | <pre> | ||
{ | { | ||
Line 678: | Line 660: | ||
} | } | ||
</pre> | </pre> | ||
</div></div> | |||
=== Camera 3: OOSSXX === | |||
'''Manufacturer:''' OOSSXX | |||
'''Model:''' OSX-BB188 | |||
'''MAC:''' 9C:A3:A9:34:93:36 (Guangzhou Juan Optical and Electronical Tech Joint Stock) | |||
<pre> | |||
root@tolt:~# nmap -A 10.111.222.139 | |||
Starting Nmap 7.80 ( https://nmap.org ) at 2022-05-15 17:49 PDT | |||
Nmap scan report for 10.111.222.139 | |||
Host is up (0.0061s latency). | |||
Not shown: 998 closed ports | |||
PORT STATE SERVICE VERSION | |||
80/tcp open http nginx | |||
|_http-title: 404 Not Found | |||
10000/tcp open snet-sensor-mgmt? | |||
| fingerprint-strings: | |||
| DNSStatusRequestTCP, DNSVersionBindReqTCP, Help, Kerberos, LDAPBindReq, LDAPSearchReq, LPDString, RPCCheck, SIPOptions, SMBProgNeg, SSLSessionReq, TLSSessionReq, TerminalServerCookie, X11Probe: | |||
| HTTP/1.0 403 Forbidden | |||
| content-type: text/html | |||
| content-length: 38 | |||
|_ <html><body><h1>403</h1></body></html> | |||
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service : | |||
SF-Port10000-TCP:V=7.80%I=7%D=5/15%Time=62819FC3%P=x86_64-pc-linux-gnu%r(R | |||
SF:PCCheck,6D,"HTTP/1\.0\x20403\x20Forbidden\r\ncontent-type:\x20text/html | |||
SF:\r\ncontent-length:\x2038\r\n\r\n<html><body><h1>403</h1></body></html> | |||
SF:")%r(DNSVersionBindReqTCP,6D,"HTTP/1\.0\x20403\x20Forbidden\r\ncontent- | |||
SF:type:\x20text/html\r\ncontent-length:\x2038\r\n\r\n<html><body><h1>403< | |||
SF:/h1></body></html>")%r(DNSStatusRequestTCP,6D,"HTTP/1\.0\x20403\x20Forb | |||
SF:idden\r\ncontent-type:\x20text/html\r\ncontent-length:\x2038\r\n\r\n<ht | |||
SF:ml><body><h1>403</h1></body></html>")%r(Help,6D,"HTTP/1\.0\x20403\x20Fo | |||
SF:rbidden\r\ncontent-type:\x20text/html\r\ncontent-length:\x2038\r\n\r\n< | |||
SF:html><body><h1>403</h1></body></html>")%r(SSLSessionReq,6D,"HTTP/1\.0\x | |||
SF:20403\x20Forbidden\r\ncontent-type:\x20text/html\r\ncontent-length:\x20 | |||
SF:38\r\n\r\n<html><body><h1>403</h1></body></html>")%r(TerminalServerCook | |||
SF:ie,6D,"HTTP/1\.0\x20403\x20Forbidden\r\ncontent-type:\x20text/html\r\nc | |||
SF:ontent-length:\x2038\r\n\r\n<html><body><h1>403</h1></body></html>")%r( | |||
SF:TLSSessionReq,6D,"HTTP/1\.0\x20403\x20Forbidden\r\ncontent-type:\x20tex | |||
SF:t/html\r\ncontent-length:\x2038\r\n\r\n<html><body><h1>403</h1></body>< | |||
SF:/html>")%r(Kerberos,6D,"HTTP/1\.0\x20403\x20Forbidden\r\ncontent-type:\ | |||
SF:x20text/html\r\ncontent-length:\x2038\r\n\r\n<html><body><h1>403</h1></ | |||
SF:body></html>")%r(SMBProgNeg,6D,"HTTP/1\.0\x20403\x20Forbidden\r\nconten | |||
SF:t-type:\x20text/html\r\ncontent-length:\x2038\r\n\r\n<html><body><h1>40 | |||
SF:3</h1></body></html>")%r(X11Probe,6D,"HTTP/1\.0\x20403\x20Forbidden\r\n | |||
SF:content-type:\x20text/html\r\ncontent-length:\x2038\r\n\r\n<html><body> | |||
SF:<h1>403</h1></body></html>")%r(LPDString,6D,"HTTP/1\.0\x20403\x20Forbid | |||
SF:den\r\ncontent-type:\x20text/html\r\ncontent-length:\x2038\r\n\r\n<html | |||
SF:><body><h1>403</h1></body></html>")%r(LDAPSearchReq,6D,"HTTP/1\.0\x2040 | |||
SF:3\x20Forbidden\r\ncontent-type:\x20text/html\r\ncontent-length:\x2038\r | |||
SF:\n\r\n<html><body><h1>403</h1></body></html>")%r(LDAPBindReq,6D,"HTTP/1 | |||
SF:\.0\x20403\x20Forbidden\r\ncontent-type:\x20text/html\r\ncontent-length | |||
SF::\x2038\r\n\r\n<html><body><h1>403</h1></body></html>")%r(SIPOptions,6D | |||
SF:,"HTTP/1\.0\x20403\x20Forbidden\r\ncontent-type:\x20text/html\r\nconten | |||
SF:t-length:\x2038\r\n\r\n<html><body><h1>403</h1></body></html>");</pre> |
Latest revision as of 19:31, 15 May 2022
Interesting reading
https://cyberlinksecurity.ie/vulnerabilities-to-exploit-a-chinese-ip-camera/
Camera 1: Western Addition
Manufacturer: Reolink
Model: E1 Zoom
UID: 95270003RSI61WOG
Build No: 21112408
Hardware Ver: IPC_515BSD6
Config Ver: v3.0.0.0
Firmware Ver: v3.0.0.716_21112408
Detail: IPC_515BSD6S10E0W7110000 0001
MAC: 38:C8:04:E0:AD:B4
Nmap scan report
PORT | STATE | SERVICE | VERSION |
---|---|---|---|
80/tcp | open | http | nginx | http-title: Reolink |
443/tcp | open | ssl/http | | nginx | http-methods: |_ Supported Methods: GET HEAD |_http-title: 400 The plain HTTP request was sent to HTTPS port | ssl-cert: Subject: commonName=reo-link/organizationName=reo-link/stateOrProvinceName=GD/countryName=CN | Issuer: commonName=reo-link/organizationName=reo-link/stateOrProvinceName=GD/countryName=CN | Public Key type: rsa | Public Key bits: 1024 | Signature Algorithm: sha1WithRSAEncryption | Not valid before: 2016-01-08T07:54:35 | Not valid after: 2026-01-05T07:54:35 | MD5: f5a4 d59f ae7c 8da1 96e7 e8e0 7d7f d9d7 |_SHA-1: 8b54 6fd5 ca3e e466 b5dd f03c ad93 37db 8b17 c6f0 |_ssl-date: TLS randomness does not represent time | tls-alpn: |_ http/1.1 | tls-nextprotoneg: |_ http/1.1 |
554/tcp | open | rtsp | D-Link DCS-2130 or Pelco IDE10DN webcam rtspd
|_rtsp-methods: OPTIONS, DESCRIBE, SETUP, TEARDOWN, PLAY, PAUSE, GET_PARAMETER, SET_PARAMETER |
1935/tcp | open | rtmp? | |
6001/tcp | open | rtsp | D-Link DCS-2130 or Pelco IDE10DN webcam rtspd
|_rtsp-methods: OPTIONS, DESCRIBE, SETUP, TEARDOWN, PLAY, PAUSE, GET_PARAMETER, SET_PARAMETER |
8000/tcp | open | http-alt tcpwrapped | http-server-header: gSOAP/2.8 |_http-title: Site doesn't have a title (text/xml; charset=utf-8). |
9000/tcp | open | cslistener? | |
Service Info: Device: webcam; CPE: cpe:/h:pelco:ide10dn |
Port 8000 returns:
<SOAP-ENV:Envelope> <SOAP-ENV:Body> <SOAP-ENV:Fault> <faultcode>SOAP-ENV:Client</faultcode> <faultstring>HTTP GET method not implemented</faultstring> </SOAP-ENV:Fault> </SOAP-ENV:Body> </SOAP-ENV:Envelope>
Shinobi configuration
{ "mode":"start", "mid":"QoSm5ACILv8000", "name":"Western Addition", "type":"h264", "protocol":"rtsp", "host":"192.168.25.100", "port":"554", "path":"/h264Preview_01_main", "height":"480", "width":"640", "ext":"mp4", "fps":"1", "details":{ "max_keep_days":"", "notes":"", "dir":"", "rtmp_key":"", "auto_host_enable":"1", "auto_host":"rtsp://xxxxxx:xxxxxx@192.168.25.100:554/h264Preview_01_main", "rtsp_transport":"tcp", "muser":"xxxxxx", "mpass":"xxxxxx", "port_force":"0", "fatal_max":"0", "skip_ping":null, "is_onvif":"1", "onvif_non_standard":null, "onvif_port":"8000", "primary_input":"0:0", "aduration":"1000000000", "probesize":"1000000000", "stream_loop":"0", "sfps":"", "wall_clock_timestamp_ignore":null, "accelerator":"0", "hwaccel":"auto", "hwaccel_vcodec":"", "hwaccel_device":"", "stream_type":"hls", "stream_flv_type":"ws", "stream_flv_maxLatency":"", "stream_mjpeg_clients":"", "stream_vcodec":"copy", "stream_acodec":"no", "hls_time":"2", "hls_list_size":"3", "preset_stream":"ultrafast", "stream_quality":"15", "stream_fps":"2", "stream_scale_x":"", "stream_scale_y":"", "stream_rotate":null, "signal_check":"10", "signal_check_log":"0", "stream_vf":"", "tv_channel":"0", "tv_channel_id":"", "tv_channel_group_title":"", "stream_timestamp":"0", "stream_timestamp_font":"", "stream_timestamp_font_size":"", "stream_timestamp_color":"", "stream_timestamp_box_color":"", "stream_timestamp_x":"", "stream_timestamp_y":"", "stream_watermark":"0", "stream_watermark_location":"", "stream_watermark_position":"tr", "snap":"0", "snap_fps":"", "snap_scale_x":"", "snap_scale_y":"", "snap_vf":"", "vcodec":"copy", "crf":"1", "preset_record":"", "acodec":"no", "record_scale_y":"", "record_scale_x":"", "cutoff":"15", "rotate":null, "vf":"", "timestamp":"0", "timestamp_font":"", "timestamp_font_size":"10", "timestamp_color":"white", "timestamp_box_color":"0x00000000@1", "timestamp_x":"(w-tw)/2", "timestamp_y":"0", "watermark":"0", "watermark_location":"", "watermark_position":"tr", "record_timelapse":null, "record_timelapse_mp4":null, "record_timelapse_fps":null, "record_timelapse_scale_x":"", "record_timelapse_scale_y":"", "record_timelapse_vf":"", "record_timelapse_watermark":null, "record_timelapse_watermark_location":"", "record_timelapse_watermark_position":null, "cust_input":"", "cust_stream":"", "cust_snap":"", "cust_record":"", "cust_detect":"", "cust_detect_object":"", "cust_sip_record":"", "custom_output":"", "detector":"0", "detector_http_api":null, "detector_send_frames":"1", "detector_fps":"", "detector_scale_x":"640", "detector_scale_y":"480", "detector_lock_timeout":"", "detector_save":"0", "detector_record_method":"sip", "detector_trigger":"1", "detector_trigger_record_fps":"", "detector_timeout":"10", "detector_send_video_length":"", "watchdog_reset":"0", "detector_delete_motionless_videos":"0", "det_multi_trig":null, "group_detector_multi":"", "detector_webhook":"0", "detector_webhook_timeout":"", "detector_webhook_url":"", "detector_webhook_method":null, "detector_command_enable":"0", "detector_command":"", "detector_command_timeout":"", "snap_seconds_inward":"", "detector_mail":"0", "detector_mail_timeout":"", "use_detector_filters":null, "use_detector_filters_object":null, "cords":"[]", "detector_filters":"", "detector_pam":"1", "detector_sensitivity":"", "detector_max_sensitivity":"", "detector_threshold":"1", "detector_color_threshold":"", "inverse_trigger":null, "detector_frame":"0", "detector_noise_filter":null, "detector_noise_filter_range":"", "detector_notrigger":"0", "detector_notrigger_mail":"0", "detector_notrigger_discord":null, "detector_notrigger_timeout":"", "detector_notrigger_webhook":null, "detector_notrigger_webhook_url":"", "detector_notrigger_webhook_method":null, "detector_notrigger_command_enable":null, "detector_notrigger_command":"", "detector_notrigger_command_timeout":"", "detector_audio":null, "detector_audio_min_db":"", "detector_audio_max_db":"", "detector_use_detect_object":"0", "detector_send_frames_object":null, "detector_obj_count_in_region":null, "detector_obj_region":null, "detector_use_motion":"1", "detector_fps_object":"", "detector_scale_x_object":"", "detector_scale_y_object":"", "detector_lisence_plate":"0", "detector_lisence_plate_country":"us", "detector_buffer_vcodec":"auto", "detector_buffer_acodec":null, "detector_buffer_fps":"", "event_record_scale_x":"", "event_record_scale_y":"", "detector_buffer_hls_time":"", "detector_buffer_hls_list_size":"", "detector_buffer_start_number":"", "detector_buffer_live_start_index":"", "control":"1", "control_base_url":"", "control_url_method":"ONVIF", "control_digest_auth":null, "control_stop":"1", "control_url_stop_timeout":"", "control_turn_speed":"", "detector_ptz_follow":null, "detector_ptz_follow_target":"", "detector_obj_count":null, "control_url_center":"", "control_url_left":"", "control_url_left_stop":"", "control_url_right":"", "control_url_right_stop":"", "control_url_up":"", "control_url_up_stop":"", "control_url_down":"", "control_url_down_stop":"", "control_url_enable_nv":"", "control_url_disable_nv":"", "control_url_zoom_out":"", "control_url_zoom_out_stop":"", "control_url_zoom_in":"", "control_url_zoom_in_stop":"", "control_invert_y":null, "groups":"[]", "notify_email":null, "notify_onUnexpectedExit":null, "notify_useRawSnapshot":null, "loglevel":"warning", "sqllog":"0", "detector_cascades":"", "stream_channels":"", "input_maps":"", "input_map_choices":"" }, "shto":"[]", "shfr":"[]" }
Camera 2: Schlacht-Kam
Manufacturer: Wansview
Model: W9
Camera ID: WVCB8HETHZEDS84S
Firmware Version: 07.26100.07.17
Wi-Fi Mac: 60:1D:9D:DC:B3:36
Ethernet MAC: 78:A5:DD:4C:C0:23
Advertised RSTP stream URLs:
- [FHD] rtsp://xxxxxx:xxxxxx@192.168.49.151:554/live/ch0
- [SD] rtsp://xxxxxx:xxxxxx@192.168.49.151:554/live/ch1
ONVIF port: 8899
Nmap scan report
PORT | STATE | SERVICE | VERSION |
---|---|---|---|
80/tcp | open | http | Boa HTTPd 0.94.13 |_http-server-header: Boa/0.94.13
|_http-title: 403 Forbidden |
554/tcp | open | rtsp | | fingerprint-strings: | FourOhFourRequest, GenericLines, GetRequest: | RTSP/1.0 400 Bad Request | Server: AJSS/1.0.4 (Build/001.0; Platform/Linux; Release/Ajy Rtsp Svr; State/Development; ) | Cseq: | Connection: Close | HTTPOptions, RTSPRequest: | RTSP/1.0 400 Bad Request | Server: AJSS/1.0.4 (Build/001.0; Platform/Linux; Release/Ajy Rtsp Svr; State/Development; ) | Cseq: | SIPOptions: | RTSP/1.0 200 OK | Server: AJSS/1.0.4 (Build/001.0; Platform/Linux; Release/Ajy Rtsp Svr; State/Development; ) | Cseq: 42 OPTIONS | Public: DESCRIBE, SETUP, TEARDOWN, PLAY, OPTIONS | rtsp-methods: DESCRIBE, SETUP, TEARDOWN, PLAY, OPTIONS |
8899/tcp | open | tcpwrapped | ospf-lite |
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service : SF-Port554-TCP:V=7.92%I=7%D=5/14%Time=628070D2%P=x86_64-pc-linux-gnu%r(Get SF:Request,94,"RTSP/1\.0\x20400\x20Bad\x20Request\r\nServer:\x20AJSS/1\.0\ SF:.4\x20\(Build/001\.0;\x20Platform/Linux;\x20Release/Ajy\x20Rtsp\x20Svr; SF:\x20State/Development;\x20\)\r\nCseq:\x20\r\nConnection:\x20Close\r\n\r SF:\n")%r(RTSPRequest,81,"RTSP/1\.0\x20400\x20Bad\x20Request\r\nServer:\x2 SF:0AJSS/1\.0\.4\x20\(Build/001\.0;\x20Platform/Linux;\x20Release/Ajy\x20R SF:tsp\x20Svr;\x20State/Development;\x20\)\r\nCseq:\x20\r\n\r\n")%r(Generi SF:cLines,94,"RTSP/1\.0\x20400\x20Bad\x20Request\r\nServer:\x20AJSS/1\.0\. SF:4\x20\(Build/001\.0;\x20Platform/Linux;\x20Release/Ajy\x20Rtsp\x20Svr;\ SF:x20State/Development;\x20\)\r\nCseq:\x20\r\nConnection:\x20Close\r\n\r\ SF:n")%r(HTTPOptions,81,"RTSP/1\.0\x20400\x20Bad\x20Request\r\nServer:\x20 SF:AJSS/1\.0\.4\x20\(Build/001\.0;\x20Platform/Linux;\x20Release/Ajy\x20Rt SF:sp\x20Svr;\x20State/Development;\x20\)\r\nCseq:\x20\r\n\r\n")%r(FourOhF SF:ourRequest,94,"RTSP/1\.0\x20400\x20Bad\x20Request\r\nServer:\x20AJSS/1\ SF:.0\.4\x20\(Build/001\.0;\x20Platform/Linux;\x20Release/Ajy\x20Rtsp\x20S SF:vr;\x20State/Development;\x20\)\r\nCseq:\x20\r\nConnection:\x20Close\r\ SF:n\r\n")%r(SIPOptions,B4,"RTSP/1\.0\x20200\x20OK\r\nServer:\x20AJSS/1\.0 SF:\.4\x20\(Build/001\.0;\x20Platform/Linux;\x20Release/Ajy\x20Rtsp\x20Svr SF:;\x20State/Development;\x20\)\r\nCseq:\x2042\x20OPTIONS\r\nPublic:\x20D SF:ESCRIBE,\x20SETUP,\x20TEARDOWN,\x20PLAY,\x20OPTIONS\r\n\r\n"); | |||
Device type: general purpose | |||
Running: Linux 2.6.X|3.X | |||
OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3 | |||
OS details: Linux 2.6.32 - 3.13 |
Shinobi configuration
{ "mode":"start", "mid":"hOESb6D7088899", "name":"Schlacht-Kam", "type":"h264", "protocol":"rtsp", "host":"192.168.49.151", "port":"554", "path":"/live/ch0?token=2d22944c5842873f078e76b942fe9da2", "height":"480", "width":"640", "ext":"mp4", "fps":"1", "details":{ "max_keep_days":"", "notes":"", "dir":"", "rtmp_key":"", "auto_host_enable":"1", "auto_host":"rtsp://xxxxxx:xxxxxx@192.168.49.151:554/live/ch0?token=2d22944c5842873f078e76b942fe9da2", "rtsp_transport":"tcp", "muser":"xxxxxx", "mpass":"xxxxxx", "port_force":"0", "fatal_max":"0", "skip_ping":null, "is_onvif":"1", "onvif_non_standard":"1", "onvif_port":"8899", "primary_input":"0:0", "aduration":"1000000", "probesize":"1000000", "stream_loop":"0", "sfps":"", "wall_clock_timestamp_ignore":null, "accelerator":"1", "hwaccel":"auto", "hwaccel_vcodec":"", "hwaccel_device":"", "stream_type":"hls", "stream_flv_type":"ws", "stream_flv_maxLatency":"", "stream_mjpeg_clients":"", "stream_vcodec":"copy", "stream_acodec":"no", "hls_time":"2", "hls_list_size":"3", "preset_stream":"ultrafast", "stream_quality":"15", "stream_fps":"2", "stream_scale_x":"", "stream_scale_y":"", "stream_rotate":null, "signal_check":"10", "signal_check_log":"0", "stream_vf":"", "tv_channel":"0", "tv_channel_id":"", "tv_channel_group_title":"", "stream_timestamp":"0", "stream_timestamp_font":"", "stream_timestamp_font_size":"", "stream_timestamp_color":"", "stream_timestamp_box_color":"", "stream_timestamp_x":"", "stream_timestamp_y":"", "stream_watermark":"0", "stream_watermark_location":"", "stream_watermark_position":"tr", "snap":"0", "snap_fps":"", "snap_scale_x":"", "snap_scale_y":"", "snap_vf":"", "vcodec":"copy", "crf":"1", "preset_record":"", "acodec":"no", "record_scale_y":"", "record_scale_x":"", "cutoff":"15", "rotate":null, "vf":"", "timestamp":"0", "timestamp_font":"", "timestamp_font_size":"10", "timestamp_color":"white", "timestamp_box_color":"0x00000000@1", "timestamp_x":"(w-tw)/2", "timestamp_y":"0", "watermark":"0", "watermark_location":"", "watermark_position":"tr", "record_timelapse":null, "record_timelapse_mp4":null, "record_timelapse_fps":null, "record_timelapse_scale_x":"", "record_timelapse_scale_y":"", "record_timelapse_vf":"", "record_timelapse_watermark":null, "record_timelapse_watermark_location":"", "record_timelapse_watermark_position":null, "cust_input":"", "cust_stream":"", "cust_snap":"", "cust_record":"", "cust_detect":"", "cust_detect_object":"", "cust_sip_record":"", "custom_output":"", "detector":"0", "detector_http_api":null, "detector_send_frames":"1", "detector_fps":"", "detector_scale_x":"640", "detector_scale_y":"480", "detector_lock_timeout":"", "detector_save":"0", "detector_record_method":"sip", "detector_trigger":"1", "detector_trigger_record_fps":"", "detector_timeout":"10", "detector_send_video_length":"", "watchdog_reset":"0", "detector_delete_motionless_videos":"0", "det_multi_trig":null, "group_detector_multi":"", "detector_webhook":"0", "detector_webhook_timeout":"", "detector_webhook_url":"", "detector_webhook_method":null, "detector_command_enable":"0", "detector_command":"", "detector_command_timeout":"", "snap_seconds_inward":"", "detector_mail":"0", "detector_mail_timeout":"", "use_detector_filters":null, "use_detector_filters_object":null, "cords":"[]", "detector_filters":"", "detector_pam":"1", "detector_sensitivity":"", "detector_max_sensitivity":"", "detector_threshold":"1", "detector_color_threshold":"", "inverse_trigger":null, "detector_frame":"0", "detector_noise_filter":null, "detector_noise_filter_range":"", "detector_notrigger":"0", "detector_notrigger_mail":"0", "detector_notrigger_discord":null, "detector_notrigger_timeout":"", "detector_notrigger_webhook":null, "detector_notrigger_webhook_url":"", "detector_notrigger_webhook_method":null, "detector_notrigger_command_enable":null, "detector_notrigger_command":"", "detector_notrigger_command_timeout":"", "detector_audio":null, "detector_audio_min_db":"", "detector_audio_max_db":"", "detector_use_detect_object":"0", "detector_send_frames_object":null, "detector_obj_count_in_region":null, "detector_obj_region":null, "detector_use_motion":"1", "detector_fps_object":"", "detector_scale_x_object":"", "detector_scale_y_object":"", "detector_lisence_plate":"0", "detector_lisence_plate_country":"us", "detector_buffer_vcodec":"auto", "detector_buffer_acodec":null, "detector_buffer_fps":"", "event_record_scale_x":"", "event_record_scale_y":"", "detector_buffer_hls_time":"", "detector_buffer_hls_list_size":"", "detector_buffer_start_number":"", "detector_buffer_live_start_index":"", "control":"1", "control_base_url":"", "control_url_method":"ONVIF", "control_digest_auth":null, "control_stop":"0", "control_url_stop_timeout":"", "control_turn_speed":"", "detector_ptz_follow":null, "detector_ptz_follow_target":"", "detector_obj_count":null, "control_url_center":"", "control_url_left":"", "control_url_left_stop":"", "control_url_right":"", "control_url_right_stop":"", "control_url_up":"", "control_url_up_stop":"", "control_url_down":"", "control_url_down_stop":"", "control_url_enable_nv":"", "control_url_disable_nv":"", "control_url_zoom_out":"", "control_url_zoom_out_stop":"", "control_url_zoom_in":"", "control_url_zoom_in_stop":"", "control_invert_y":null, "groups":"[]", "notify_email":null, "notify_onUnexpectedExit":null, "notify_useRawSnapshot":null, "loglevel":"warning", "sqllog":"0", "detector_cascades":"", "stream_channels":"", "input_maps":"", "input_map_choices":"" }, "shto":"[]", "shfr":"[]" }
Camera 3: OOSSXX
Manufacturer: OOSSXX
Model: OSX-BB188
MAC: 9C:A3:A9:34:93:36 (Guangzhou Juan Optical and Electronical Tech Joint Stock)
root@tolt:~# nmap -A 10.111.222.139 Starting Nmap 7.80 ( https://nmap.org ) at 2022-05-15 17:49 PDT Nmap scan report for 10.111.222.139 Host is up (0.0061s latency). Not shown: 998 closed ports PORT STATE SERVICE VERSION 80/tcp open http nginx |_http-title: 404 Not Found 10000/tcp open snet-sensor-mgmt? | fingerprint-strings: | DNSStatusRequestTCP, DNSVersionBindReqTCP, Help, Kerberos, LDAPBindReq, LDAPSearchReq, LPDString, RPCCheck, SIPOptions, SMBProgNeg, SSLSessionReq, TLSSessionReq, TerminalServerCookie, X11Probe: | HTTP/1.0 403 Forbidden | content-type: text/html | content-length: 38 |_ <html><body><h1>403</h1></body></html> 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service : SF-Port10000-TCP:V=7.80%I=7%D=5/15%Time=62819FC3%P=x86_64-pc-linux-gnu%r(R SF:PCCheck,6D,"HTTP/1\.0\x20403\x20Forbidden\r\ncontent-type:\x20text/html SF:\r\ncontent-length:\x2038\r\n\r\n<html><body><h1>403</h1></body></html> SF:")%r(DNSVersionBindReqTCP,6D,"HTTP/1\.0\x20403\x20Forbidden\r\ncontent- SF:type:\x20text/html\r\ncontent-length:\x2038\r\n\r\n<html><body><h1>403< SF:/h1></body></html>")%r(DNSStatusRequestTCP,6D,"HTTP/1\.0\x20403\x20Forb SF:idden\r\ncontent-type:\x20text/html\r\ncontent-length:\x2038\r\n\r\n<ht SF:ml><body><h1>403</h1></body></html>")%r(Help,6D,"HTTP/1\.0\x20403\x20Fo SF:rbidden\r\ncontent-type:\x20text/html\r\ncontent-length:\x2038\r\n\r\n< SF:html><body><h1>403</h1></body></html>")%r(SSLSessionReq,6D,"HTTP/1\.0\x SF:20403\x20Forbidden\r\ncontent-type:\x20text/html\r\ncontent-length:\x20 SF:38\r\n\r\n<html><body><h1>403</h1></body></html>")%r(TerminalServerCook SF:ie,6D,"HTTP/1\.0\x20403\x20Forbidden\r\ncontent-type:\x20text/html\r\nc SF:ontent-length:\x2038\r\n\r\n<html><body><h1>403</h1></body></html>")%r( SF:TLSSessionReq,6D,"HTTP/1\.0\x20403\x20Forbidden\r\ncontent-type:\x20tex SF:t/html\r\ncontent-length:\x2038\r\n\r\n<html><body><h1>403</h1></body>< SF:/html>")%r(Kerberos,6D,"HTTP/1\.0\x20403\x20Forbidden\r\ncontent-type:\ SF:x20text/html\r\ncontent-length:\x2038\r\n\r\n<html><body><h1>403</h1></ SF:body></html>")%r(SMBProgNeg,6D,"HTTP/1\.0\x20403\x20Forbidden\r\nconten SF:t-type:\x20text/html\r\ncontent-length:\x2038\r\n\r\n<html><body><h1>40 SF:3</h1></body></html>")%r(X11Probe,6D,"HTTP/1\.0\x20403\x20Forbidden\r\n SF:content-type:\x20text/html\r\ncontent-length:\x2038\r\n\r\n<html><body> SF:<h1>403</h1></body></html>")%r(LPDString,6D,"HTTP/1\.0\x20403\x20Forbid SF:den\r\ncontent-type:\x20text/html\r\ncontent-length:\x2038\r\n\r\n<html SF:><body><h1>403</h1></body></html>")%r(LDAPSearchReq,6D,"HTTP/1\.0\x2040 SF:3\x20Forbidden\r\ncontent-type:\x20text/html\r\ncontent-length:\x2038\r SF:\n\r\n<html><body><h1>403</h1></body></html>")%r(LDAPBindReq,6D,"HTTP/1 SF:\.0\x20403\x20Forbidden\r\ncontent-type:\x20text/html\r\ncontent-length SF::\x2038\r\n\r\n<html><body><h1>403</h1></body></html>")%r(SIPOptions,6D SF:,"HTTP/1\.0\x20403\x20Forbidden\r\ncontent-type:\x20text/html\r\nconten SF:t-length:\x2038\r\n\r\n<html><body><h1>403</h1></body></html>");