Avatar of Neogeo147
Neogeo147
Flag for United States of America asked on

Hydra Brute Force Attack on IP camera system

We found a camera that was installed without anyones knowledge on a jobsite, we currently have the IP camera system in our possession and there is a username and password for the device.

I have discovered that the username is "root" however the password is what we are trying to get past to see who set this up, perhaps we can get an email address off of it or if it was streaming to a website and or a NAS device or something.

So I'm currently using Hydra for Ubuntu to brute force attack the password. It is not a Basic Authentication password, it is a digest authentication. I do have a password list and when I use Hydra it comes back with several passwords it thinks is it but not the correct one.

I have read that it is due to the web interface attack that its not getting rejected on certain passwords therefore its giving me false positives.

below is what I am currently asking hydra to do but perhaps I need to add in something else to this, let me know what you think.

hydra -l root -P pwlist.txt (ip address) http-get /

I have tried this command also with -e ns and -f triggers also changing the end to http-head but still getting false positives.

Does anybody have any idea as to how I can get around this?
LinuxSecurityPHP

Avatar of undefined
Last Comment
Neogeo147

8/22/2022 - Mon
Neogeo147

ASKER
yes I have checked with the manufacturer on the default username and password, username is root but the password is not the default.
SOLUTION
gheist

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
ASKER CERTIFIED SOLUTION
btan

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
SOLUTION
Zephyr ICT

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
SOLUTION
btan

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Neogeo147

ASKER
Well after everything I've gone through I was able to snoop a little and started looking at browsing history and found that the camera was accessed on June 8th and it showed me what the original IP was, I then snooped for the IP on other peoples terminals in there internet history which one user popped up on. So I searched his computer for any passwords and found 15 of them. I went back to the camera and tried the first password for no luck but the second password worked.... Bummer part was the Camera was pretty much at factory defaults other than the password change.

Thanks for all your help everyone, but the rabbit hole continues and this case is closed, next time (hopefully there isn't a next time) the users know not to touch it if they find one.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck