Link to home
Start Free TrialLog in
Avatar of Jesse Turner
Jesse TurnerFlag for United States of America

asked on

Hydra Brute Force Attack on IP camera system

We found a camera that was installed without anyones knowledge on a jobsite, we currently have the IP camera system in our possession and there is a username and password for the device.

I have discovered that the username is "root" however the password is what we are trying to get past to see who set this up, perhaps we can get an email address off of it or if it was streaming to a website and or a NAS device or something.

So I'm currently using Hydra for Ubuntu to brute force attack the password. It is not a Basic Authentication password, it is a digest authentication. I do have a password list and when I use Hydra it comes back with several passwords it thinks is it but not the correct one.

I have read that it is due to the web interface attack that its not getting rejected on certain passwords therefore its giving me false positives.

below is what I am currently asking hydra to do but perhaps I need to add in something else to this, let me know what you think.

hydra -l root -P pwlist.txt (ip address) http-get /

I have tried this command also with -e ns and -f triggers also changing the end to http-head but still getting false positives.

Does anybody have any idea as to how I can get around this?
Avatar of Jesse Turner
Jesse Turner
Flag of United States of America image

ASKER

yes I have checked with the manufacturer on the default username and password, username is root but the password is not the default.
SOLUTION
Avatar of gheist
gheist
Flag of Belgium image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Avatar of btan
btan

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Well after everything I've gone through I was able to snoop a little and started looking at browsing history and found that the camera was accessed on June 8th and it showed me what the original IP was, I then snooped for the IP on other peoples terminals in there internet history which one user popped up on. So I searched his computer for any passwords and found 15 of them. I went back to the camera and tried the first password for no luck but the second password worked.... Bummer part was the Camera was pretty much at factory defaults other than the password change.

Thanks for all your help everyone, but the rabbit hole continues and this case is closed, next time (hopefully there isn't a next time) the users know not to touch it if they find one.