Cameraradar

RTSP (Real Time Streaming Protocol) is the protocol that most of these IP cameras use. Not all of the cameras use RTSP, but the vast majority do.

RTSP uses the following commands, typically sent from the client to the server, when negotiating and controlling media transmissions:

  • Options: This request determines what other types of requests the media server will accept.

  • Describe: A describe request identifies the URL and type of data.

  • Announce: The announce method describes the presentation when sent from the client to the server and updates the description when sent from server to client.

  • Setup: Setup requests specify how a media stream must be transported before a play request is sent.

  • Play: A play request starts the media transmission by telling the server to start sending the data.

  • Pause: Pause requests temporarily halt the stream delivery.

  • Record: A record request initiates a media recording.

  • Teardown: This request terminates the session entirely and stops all media streams.

  • Redirect: Redirect requests inform the client that it must connect to another server by providing a new URL for the client to issue requests to.

Other types of RTSP requests include ‘get parameter,’ ‘set parameter,’ and ’embedded (interleaved) binary data,’

1. Download and Install cameradar

sudo apt install docker

sudo systemctl start docker

sudo git clone https://github.com/Ullaakut/cameradar

2. Run the RTSP Credential Brute-forcer

sudo docker run ullaakut/cameradar -t {IP}

Cameradar will now attempt to find a RTSP stream at one of the default RTSP ports namely 554, 5554 and 8554. If you suspect there may be other ports with RTSP streams (you may want to run an nmap scan first), you can add them with the -p switch:

sudo docker run ullaakut/cameradar -t {IP} -p {PORT}

3. Using Custom Username and Password Lists

Password list must be json format. Covert text file to json: https://anyconv.com/txt-to-json-converter/.

/usr/share/seclists/Passwords/Common-Credentials/10-million-password-list-top-1000000.txt --> 10-million-password-list-top-1000000.json

sudo docker run ullaakut/cameradar -t -v /usr/share/seclists/Passwords/Common-Credentials:/tmp/dictionaries -c "tmp/dictionaries/10-million-password-list-top-1000000.json" -t {IP}

PreviousDefault PasswordsNextSCADA/ICS

Last updated