Camera Lore

From One-Eyed Man Wiki
Revision as of 13:28, 15 May 2022 by Dwrob (talk | contribs)
Jump to navigation Jump to search

Interesting reading

https://cyberlinksecurity.ie/vulnerabilities-to-exploit-a-chinese-ip-camera/

Camera 1: Western Addition

Manufacturer: Reolink

Model: E1 Zoom

UID: 95270003RSI61WOG

Build No: 21112408

Hardware Ver: IPC_515BSD6

Config Ver: v3.0.0.0

Firmware Ver: v3.0.0.716_21112408

Detail: IPC_515BSD6S10E0W7110000 0001

MAC: 38:C8:04:E0:AD:B4

Nmap scan report

PORT STATE SERVICE VERSION
80/tcp open http nginx | http-title: Reolink
443/tcp open ssl/http
| nginx
| http-methods: 
|_  Supported Methods: GET HEAD
|_http-title: 400 The plain HTTP request was sent to HTTPS port
| ssl-cert: Subject: commonName=reo-link/organizationName=reo-link/stateOrProvinceName=GD/countryName=CN
| Issuer: commonName=reo-link/organizationName=reo-link/stateOrProvinceName=GD/countryName=CN
| Public Key type: rsa
| Public Key bits: 1024
| Signature Algorithm: sha1WithRSAEncryption
| Not valid before: 2016-01-08T07:54:35
| Not valid after:  2026-01-05T07:54:35
| MD5:   f5a4 d59f ae7c 8da1 96e7 e8e0 7d7f d9d7
|_SHA-1: 8b54 6fd5 ca3e e466 b5dd f03c ad93 37db 8b17 c6f0
|_ssl-date: TLS randomness does not represent time
| tls-alpn: 
|_  http/1.1
| tls-nextprotoneg: 
|_  http/1.1
554/tcp open rtsp D-Link DCS-2130 or Pelco IDE10DN webcam rtspd

|_rtsp-methods: OPTIONS, DESCRIBE, SETUP, TEARDOWN, PLAY, PAUSE, GET_PARAMETER, SET_PARAMETER

1935/tcp open rtmp?
6001/tcp open rtsp D-Link DCS-2130 or Pelco IDE10DN webcam rtspd

|_rtsp-methods: OPTIONS, DESCRIBE, SETUP, TEARDOWN, PLAY, PAUSE, GET_PARAMETER, SET_PARAMETER

8000/tcp open http-alt tcpwrapped http-server-header: gSOAP/2.8 |_http-title: Site doesn't have a title (text/xml; charset=utf-8).
9000/tcp open cslistener?
Service Info: Device: webcam; CPE: cpe:/h:pelco:ide10dn

Port 8000 returns:

<SOAP-ENV:Envelope>
     <SOAP-ENV:Body>
          <SOAP-ENV:Fault>
               <faultcode>SOAP-ENV:Client</faultcode>
               <faultstring>HTTP GET method not implemented</faultstring>
          </SOAP-ENV:Fault>
     </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

Shinobi config

{
  "mode":"start",
  "mid":"QoSm5ACILv8000",
  "name":"Western Addition",
  "type":"h264",
  "protocol":"rtsp",
  "host":"192.168.25.100",
  "port":"554",
  "path":"/h264Preview_01_main",
  "height":"480",
  "width":"640",
  "ext":"mp4",
  "fps":"1",
  "details":{
     "max_keep_days":"",
     "notes":"",
     "dir":"",
     "rtmp_key":"",
     "auto_host_enable":"1",
     "auto_host":"rtsp://xxxxxx:xxxxxx@192.168.25.100:554/h264Preview_01_main",
     "rtsp_transport":"tcp",
     "muser":"xxxxxx",
     "mpass":"xxxxxx",
     "port_force":"0",
     "fatal_max":"0",
     "skip_ping":null,
     "is_onvif":"1",
     "onvif_non_standard":null,
     "onvif_port":"8000",
     "primary_input":"0:0",
     "aduration":"1000000000",
     "probesize":"1000000000",
     "stream_loop":"0",
     "sfps":"",
     "wall_clock_timestamp_ignore":null,
     "accelerator":"0",
     "hwaccel":"auto",
     "hwaccel_vcodec":"",
     "hwaccel_device":"",
     "stream_type":"hls",
     "stream_flv_type":"ws",
     "stream_flv_maxLatency":"",
     "stream_mjpeg_clients":"",
     "stream_vcodec":"copy",
     "stream_acodec":"no",
     "hls_time":"2",
     "hls_list_size":"3",
     "preset_stream":"ultrafast",
     "stream_quality":"15",
     "stream_fps":"2",
     "stream_scale_x":"",
     "stream_scale_y":"",
     "stream_rotate":null,
     "signal_check":"10",
     "signal_check_log":"0",
     "stream_vf":"",
     "tv_channel":"0",
     "tv_channel_id":"",
     "tv_channel_group_title":"",
     "stream_timestamp":"0",
     "stream_timestamp_font":"",
     "stream_timestamp_font_size":"",
     "stream_timestamp_color":"",
     "stream_timestamp_box_color":"",
     "stream_timestamp_x":"",
     "stream_timestamp_y":"",
     "stream_watermark":"0",
     "stream_watermark_location":"",
     "stream_watermark_position":"tr",
     "snap":"0",
     "snap_fps":"",
     "snap_scale_x":"",
     "snap_scale_y":"",
     "snap_vf":"",
     "vcodec":"copy",
     "crf":"1",
     "preset_record":"",
     "acodec":"no",
     "record_scale_y":"",
     "record_scale_x":"",
     "cutoff":"15",
     "rotate":null,
     "vf":"",
     "timestamp":"0",
     "timestamp_font":"",
     "timestamp_font_size":"10",
     "timestamp_color":"white",
     "timestamp_box_color":"0x00000000@1",
     "timestamp_x":"(w-tw)/2",
     "timestamp_y":"0",
     "watermark":"0",
     "watermark_location":"",
     "watermark_position":"tr",
     "record_timelapse":null,
     "record_timelapse_mp4":null,
     "record_timelapse_fps":null,
     "record_timelapse_scale_x":"",
     "record_timelapse_scale_y":"",
     "record_timelapse_vf":"",
     "record_timelapse_watermark":null,
     "record_timelapse_watermark_location":"",
     "record_timelapse_watermark_position":null,
     "cust_input":"",
     "cust_stream":"",
     "cust_snap":"",
     "cust_record":"",
     "cust_detect":"",
     "cust_detect_object":"",
     "cust_sip_record":"",
     "custom_output":"",
     "detector":"0",
     "detector_http_api":null,
     "detector_send_frames":"1",
     "detector_fps":"",
     "detector_scale_x":"640",
     "detector_scale_y":"480",
     "detector_lock_timeout":"",
     "detector_save":"0",
     "detector_record_method":"sip",
     "detector_trigger":"1",
     "detector_trigger_record_fps":"",
     "detector_timeout":"10",
     "detector_send_video_length":"",
     "watchdog_reset":"0",
     "detector_delete_motionless_videos":"0",
     "det_multi_trig":null,
     "group_detector_multi":"",
     "detector_webhook":"0",
     "detector_webhook_timeout":"",
     "detector_webhook_url":"",
     "detector_webhook_method":null,
     "detector_command_enable":"0",
     "detector_command":"",
     "detector_command_timeout":"",
     "snap_seconds_inward":"",
     "detector_mail":"0",
     "detector_mail_timeout":"",
     "use_detector_filters":null,
     "use_detector_filters_object":null,
     "cords":"[]",
     "detector_filters":"",
     "detector_pam":"1",
     "detector_sensitivity":"",
     "detector_max_sensitivity":"",
     "detector_threshold":"1",
     "detector_color_threshold":"",
     "inverse_trigger":null,
     "detector_frame":"0",
     "detector_noise_filter":null,
     "detector_noise_filter_range":"",
     "detector_notrigger":"0",
     "detector_notrigger_mail":"0",
     "detector_notrigger_discord":null,
     "detector_notrigger_timeout":"",
     "detector_notrigger_webhook":null,
     "detector_notrigger_webhook_url":"",
     "detector_notrigger_webhook_method":null,
     "detector_notrigger_command_enable":null,
     "detector_notrigger_command":"",
     "detector_notrigger_command_timeout":"",
     "detector_audio":null,
     "detector_audio_min_db":"",
     "detector_audio_max_db":"",
     "detector_use_detect_object":"0",
     "detector_send_frames_object":null,
     "detector_obj_count_in_region":null,
     "detector_obj_region":null,
     "detector_use_motion":"1",
     "detector_fps_object":"",
     "detector_scale_x_object":"",
     "detector_scale_y_object":"",
     "detector_lisence_plate":"0",
     "detector_lisence_plate_country":"us",
     "detector_buffer_vcodec":"auto",
     "detector_buffer_acodec":null,
     "detector_buffer_fps":"",
     "event_record_scale_x":"",
     "event_record_scale_y":"",
     "detector_buffer_hls_time":"",
     "detector_buffer_hls_list_size":"",
     "detector_buffer_start_number":"",
     "detector_buffer_live_start_index":"",
     "control":"1",
     "control_base_url":"",
     "control_url_method":"ONVIF",
     "control_digest_auth":null,
     "control_stop":"1",
     "control_url_stop_timeout":"",
     "control_turn_speed":"",
     "detector_ptz_follow":null,
     "detector_ptz_follow_target":"",
     "detector_obj_count":null,
     "control_url_center":"",
     "control_url_left":"",
     "control_url_left_stop":"",
     "control_url_right":"",
     "control_url_right_stop":"",
     "control_url_up":"",
     "control_url_up_stop":"",
     "control_url_down":"",
     "control_url_down_stop":"",
     "control_url_enable_nv":"",
     "control_url_disable_nv":"",
     "control_url_zoom_out":"",
     "control_url_zoom_out_stop":"",
     "control_url_zoom_in":"",
     "control_url_zoom_in_stop":"",
     "control_invert_y":null,
     "groups":"[]",
     "notify_email":null,
     "notify_onUnexpectedExit":null,
     "notify_useRawSnapshot":null,
     "loglevel":"warning",
     "sqllog":"0",
     "detector_cascades":"",
     "stream_channels":"",
     "input_maps":"",
     "input_map_choices":""
  },
  "shto":"[]",
  "shfr":"[]"
}

Camera 2: Schlacht-Kam

Manufacturer: Wansview

Model: W9

Camera ID: WVCB8HETHZEDS84S

Firmware Version: 07.26100.07.17

Wi-Fi Mac: 60:1D:9D:DC:B3:36

Ethernet MAC: 78:A5:DD:4C:C0:23

Advertised RSTP stream URLs:

  • [FHD] rtsp://xxxxxx:xxxxxx@192.168.49.151:554/live/ch0
  • [SD] rtsp://xxxxxx:xxxxxx@192.168.49.151:554/live/ch1

ONVIF port: 8899

Nmap scan report

1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port554-TCP:V=7.92%I=7%D=5/14%Time=628070D2%P=x86_64-pc-linux-gnu%r(Get
SF:Request,94,"RTSP/1\.0\x20400\x20Bad\x20Request\r\nServer:\x20AJSS/1\.0\
SF:.4\x20\(Build/001\.0;\x20Platform/Linux;\x20Release/Ajy\x20Rtsp\x20Svr;
SF:\x20State/Development;\x20\)\r\nCseq:\x20\r\nConnection:\x20Close\r\n\r
SF:\n")%r(RTSPRequest,81,"RTSP/1\.0\x20400\x20Bad\x20Request\r\nServer:\x2
SF:0AJSS/1\.0\.4\x20\(Build/001\.0;\x20Platform/Linux;\x20Release/Ajy\x20R
SF:tsp\x20Svr;\x20State/Development;\x20\)\r\nCseq:\x20\r\n\r\n")%r(Generi
SF:cLines,94,"RTSP/1\.0\x20400\x20Bad\x20Request\r\nServer:\x20AJSS/1\.0\.
SF:4\x20\(Build/001\.0;\x20Platform/Linux;\x20Release/Ajy\x20Rtsp\x20Svr;\
SF:x20State/Development;\x20\)\r\nCseq:\x20\r\nConnection:\x20Close\r\n\r\
SF:n")%r(HTTPOptions,81,"RTSP/1\.0\x20400\x20Bad\x20Request\r\nServer:\x20
SF:AJSS/1\.0\.4\x20\(Build/001\.0;\x20Platform/Linux;\x20Release/Ajy\x20Rt
SF:sp\x20Svr;\x20State/Development;\x20\)\r\nCseq:\x20\r\n\r\n")%r(FourOhF
SF:ourRequest,94,"RTSP/1\.0\x20400\x20Bad\x20Request\r\nServer:\x20AJSS/1\
SF:.0\.4\x20\(Build/001\.0;\x20Platform/Linux;\x20Release/Ajy\x20Rtsp\x20S
SF:vr;\x20State/Development;\x20\)\r\nCseq:\x20\r\nConnection:\x20Close\r\
SF:n\r\n")%r(SIPOptions,B4,"RTSP/1\.0\x20200\x20OK\r\nServer:\x20AJSS/1\.0
SF:\.4\x20\(Build/001\.0;\x20Platform/Linux;\x20Release/Ajy\x20Rtsp\x20Svr
SF:;\x20State/Development;\x20\)\r\nCseq:\x2042\x20OPTIONS\r\nPublic:\x20D
SF:ESCRIBE,\x20SETUP,\x20TEARDOWN,\x20PLAY,\x20OPTIONS\r\n\r\n");
PORT STATE SERVICE VERSION
80/tcp open http Boa HTTPd 0.94.13 |_http-server-header: Boa/0.94.13

|_http-title: 403 Forbidden

554/tcp open rtsp
| fingerprint-strings:
| FourOhFourRequest, GenericLines, GetRequest: 
| RTSP/1.0 400 Bad Request
| Server: AJSS/1.0.4 (Build/001.0; Platform/Linux; Release/Ajy Rtsp Svr; State/Development; )
| Cseq: 
| Connection: Close
| HTTPOptions, RTSPRequest: 
| RTSP/1.0 400 Bad Request
| Server: AJSS/1.0.4 (Build/001.0; Platform/Linux; Release/Ajy Rtsp Svr; State/Development; )
| Cseq:
| SIPOptions: 
| RTSP/1.0 200 OK
| Server: AJSS/1.0.4 (Build/001.0; Platform/Linux; Release/Ajy Rtsp Svr; State/Development; )
| Cseq: 42 OPTIONS
| Public: DESCRIBE, SETUP, TEARDOWN, PLAY, OPTIONS
| rtsp-methods: DESCRIBE, SETUP, TEARDOWN, PLAY, OPTIONS
8899/tcp open tcpwrapped

ospf-lite

Device type: general purpose
Running: Linux 2.6.X|3.X
OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3
OS details: Linux 2.6.32 - 3.13

Shinobi config

{
  "mode":"start",
  "mid":"hOESb6D7088899",
  "name":"Schlacht-Kam",
  "type":"h264",
  "protocol":"rtsp",
  "host":"192.168.49.151",
  "port":"554",
  "path":"/live/ch0?token=2d22944c5842873f078e76b942fe9da2",
  "height":"480",
  "width":"640",
  "ext":"mp4",
  "fps":"1",
  "details":{
     "max_keep_days":"",
     "notes":"",
     "dir":"",
     "rtmp_key":"",
     "auto_host_enable":"1",
     "auto_host":"rtsp://xxxxxx:xxxxxx@192.168.49.151:554/live/ch0?token=2d22944c5842873f078e76b942fe9da2",
     "rtsp_transport":"tcp",
     "muser":"xxxxxx",
     "mpass":"xxxxxx",
     "port_force":"0",
     "fatal_max":"0",
     "skip_ping":null,
     "is_onvif":"1",
     "onvif_non_standard":"1",
     "onvif_port":"8899",
     "primary_input":"0:0",
     "aduration":"1000000",
     "probesize":"1000000",
     "stream_loop":"0",
     "sfps":"",
     "wall_clock_timestamp_ignore":null,
     "accelerator":"1",
     "hwaccel":"auto",
     "hwaccel_vcodec":"",
     "hwaccel_device":"",
     "stream_type":"hls",
     "stream_flv_type":"ws",
     "stream_flv_maxLatency":"",
     "stream_mjpeg_clients":"",
     "stream_vcodec":"copy",
     "stream_acodec":"no",
     "hls_time":"2",
     "hls_list_size":"3",
     "preset_stream":"ultrafast",
     "stream_quality":"15",
     "stream_fps":"2",
     "stream_scale_x":"",
     "stream_scale_y":"",
     "stream_rotate":null,
     "signal_check":"10",
     "signal_check_log":"0",
     "stream_vf":"",
     "tv_channel":"0",
     "tv_channel_id":"",
     "tv_channel_group_title":"",
     "stream_timestamp":"0",
     "stream_timestamp_font":"",
     "stream_timestamp_font_size":"",
     "stream_timestamp_color":"",
     "stream_timestamp_box_color":"",
     "stream_timestamp_x":"",
     "stream_timestamp_y":"",
     "stream_watermark":"0",
     "stream_watermark_location":"",
     "stream_watermark_position":"tr",
     "snap":"0",
     "snap_fps":"",
     "snap_scale_x":"",
     "snap_scale_y":"",
     "snap_vf":"",
     "vcodec":"copy",
     "crf":"1",
     "preset_record":"",
     "acodec":"no",
     "record_scale_y":"",
     "record_scale_x":"",
     "cutoff":"15",
     "rotate":null,
     "vf":"",
     "timestamp":"0",
     "timestamp_font":"",
     "timestamp_font_size":"10",
     "timestamp_color":"white",
     "timestamp_box_color":"0x00000000@1",
     "timestamp_x":"(w-tw)/2",
     "timestamp_y":"0",
     "watermark":"0",
     "watermark_location":"",
     "watermark_position":"tr",
     "record_timelapse":null,
     "record_timelapse_mp4":null,
     "record_timelapse_fps":null,
     "record_timelapse_scale_x":"",
     "record_timelapse_scale_y":"",
     "record_timelapse_vf":"",
     "record_timelapse_watermark":null,
     "record_timelapse_watermark_location":"",
     "record_timelapse_watermark_position":null,
     "cust_input":"",
     "cust_stream":"",
     "cust_snap":"",
     "cust_record":"",
     "cust_detect":"",
     "cust_detect_object":"",
     "cust_sip_record":"",
     "custom_output":"",
     "detector":"0",
     "detector_http_api":null,
     "detector_send_frames":"1",
     "detector_fps":"",
     "detector_scale_x":"640",
     "detector_scale_y":"480",
     "detector_lock_timeout":"",
     "detector_save":"0",
     "detector_record_method":"sip",
     "detector_trigger":"1",
     "detector_trigger_record_fps":"",
     "detector_timeout":"10",
     "detector_send_video_length":"",
     "watchdog_reset":"0",
     "detector_delete_motionless_videos":"0",
     "det_multi_trig":null,
     "group_detector_multi":"",
     "detector_webhook":"0",
     "detector_webhook_timeout":"",
     "detector_webhook_url":"",
     "detector_webhook_method":null,
     "detector_command_enable":"0",
     "detector_command":"",
     "detector_command_timeout":"",
     "snap_seconds_inward":"",
     "detector_mail":"0",
     "detector_mail_timeout":"",
     "use_detector_filters":null,
     "use_detector_filters_object":null,
     "cords":"[]",
     "detector_filters":"",
     "detector_pam":"1",
     "detector_sensitivity":"",
     "detector_max_sensitivity":"",
     "detector_threshold":"1",
     "detector_color_threshold":"",
     "inverse_trigger":null,
     "detector_frame":"0",
     "detector_noise_filter":null,
     "detector_noise_filter_range":"",
     "detector_notrigger":"0",
     "detector_notrigger_mail":"0",
     "detector_notrigger_discord":null,
     "detector_notrigger_timeout":"",
     "detector_notrigger_webhook":null,
     "detector_notrigger_webhook_url":"",
     "detector_notrigger_webhook_method":null,
     "detector_notrigger_command_enable":null,
     "detector_notrigger_command":"",
     "detector_notrigger_command_timeout":"",
     "detector_audio":null,
     "detector_audio_min_db":"",
     "detector_audio_max_db":"",
     "detector_use_detect_object":"0",
     "detector_send_frames_object":null,
     "detector_obj_count_in_region":null,
     "detector_obj_region":null,
     "detector_use_motion":"1",
     "detector_fps_object":"",
     "detector_scale_x_object":"",
     "detector_scale_y_object":"",
     "detector_lisence_plate":"0",
     "detector_lisence_plate_country":"us",
     "detector_buffer_vcodec":"auto",
     "detector_buffer_acodec":null,
     "detector_buffer_fps":"",
     "event_record_scale_x":"",
     "event_record_scale_y":"",
     "detector_buffer_hls_time":"",
     "detector_buffer_hls_list_size":"",
     "detector_buffer_start_number":"",
     "detector_buffer_live_start_index":"",
     "control":"1",
     "control_base_url":"",
     "control_url_method":"ONVIF",
     "control_digest_auth":null,
     "control_stop":"0",
     "control_url_stop_timeout":"",
     "control_turn_speed":"",
     "detector_ptz_follow":null,
     "detector_ptz_follow_target":"",
     "detector_obj_count":null,
     "control_url_center":"",
     "control_url_left":"",
     "control_url_left_stop":"",
     "control_url_right":"",
     "control_url_right_stop":"",
     "control_url_up":"",
     "control_url_up_stop":"",
     "control_url_down":"",
     "control_url_down_stop":"",
     "control_url_enable_nv":"",
     "control_url_disable_nv":"",
     "control_url_zoom_out":"",
     "control_url_zoom_out_stop":"",
     "control_url_zoom_in":"",
     "control_url_zoom_in_stop":"",
     "control_invert_y":null,
     "groups":"[]",
     "notify_email":null,
     "notify_onUnexpectedExit":null,
     "notify_useRawSnapshot":null,
     "loglevel":"warning",
     "sqllog":"0",
     "detector_cascades":"",
     "stream_channels":"",
     "input_maps":"",
     "input_map_choices":""
  },
  "shto":"[]",
  "shfr":"[]"
}