- Joined
- Aug 19, 2023
- Messages
- 911
- Reaction score
- 40,611
- Points
- 93
- Thread Author
-
- #1
FIND VULNERABLE WEBCAMS ACROSS THE GLOBE USING SHODAN
Step 1:Log in to ShodanFirst, whether using the website or the command line, you need to log in to shodanhq.com in a web browser. Although you can use Shodan without logging in, Shodan restricts some of its capabilities to only logged-in users. For instance, you can only view one page of search results without logging in. And you can only see two pages of search results when logged in to a free account. As for the command line, you will need your API Key to perform some requests.
Step 2:Set Up Shodan via Command Line (Optional)A particularly useful feature of Shodan is that you don't need to open a web browser to use it if you know your API Key. To install Shodan, you'll need to have a working Python installation. Then, you can type the following in a terminal window to install the Shodan library.
Then, you can see all the available options -h to bring up the help menu.
Step 3:Search for Accessible WebcamsThere are many ways to find webcams on Shodan. Usually, using the name of the webcam's manufacturer or webcam server is a good start. Shodan indexes the information in the banner, not the content, which means that if the manufacturer puts its name in the banner, you can search by it. If it doesn't, then the search will be fruitless.
One of my favorites is webcamxp, a webcam and network camera software designed for older Windows systems. After typing this into the Shodan search engine online, it pulls up links to hundreds, if not thousands, of web-enabled security cameras around the world.
Code:
Code:
Code:
Try Default Username & PasswordsAlthough some of the webcams Shodan shows you are unprotected, many of them will require authentication. To attempt to gain access without too much effort, try the default username and password for the security camera hardware or software. I have compiled a short list of the default username and passwords of some of the most widely used webcams below.
Step 1:Log in to ShodanFirst, whether using the website or the command line, you need to log in to shodanhq.com in a web browser. Although you can use Shodan without logging in, Shodan restricts some of its capabilities to only logged-in users. For instance, you can only view one page of search results without logging in. And you can only see two pages of search results when logged in to a free account. As for the command line, you will need your API Key to perform some requests.
Step 2:Set Up Shodan via Command Line (Optional)A particularly useful feature of Shodan is that you don't need to open a web browser to use it if you know your API Key. To install Shodan, you'll need to have a working Python installation. Then, you can type the following in a terminal window to install the Shodan library.
Quote:
Code:
~$ pip install shodan Collecting shodan Downloading https://files.pythonhosted.org/pack...5002192980ad492dc5262717/shodan-1.14.0.tar.gz (46kB) 100% |████████████████████████████████| 51kB 987kB/s Requirement already satisfied: XlsxWriter in /usr/lib/python2.7/dist-packages (from shodan) (1.1.2) Requirement already satisfied: click in /usr/lib/python2.7/dist-packages (from shodan) (7.0) Collecting click-plugins (from shodan) Downloading https://files.pythonhosted.org/pack...ecef/click_plugins-1.1.1-py2.py3-none-any.whl Requirement already satisfied: colorama in /usr/lib/python2.7/dist-packages (from shodan) (0.3.7) Requirement already satisfied: requests>=2.2.1 in /usr/lib/python2.7/dist-packages (from shodan) (2.21.0) Building wheels for collected packages: shodan Running setup.py bdist_wheel for shodan ... done Stored in directory: /root/.cache/pip/wheels/fb/99/c7/f763e695efe05966126e1a114ef7241dc636dca3662ee29883 Successfully built shodan Installing collected packages: click-plugins, shodan Successfully installed click-plugins-1.1.1 shodan-1.14.0
Then, you can see all the available options -h to bring up the help menu.
These controls are pretty straightforward, but not all of them work without connecting it to your Shodan API Key. In a web browser, log in to your Shodan account, then go to "My Account" where you'll see your unique API Key. Copy it, then use the init command to connect the key.Quote:~$ shodan -h Usage: shodan [OPTIONS] COMMAND [ARGS]... Options: -h, --help Show this message and exit. Commands: alert Manage the network alerts for your account convert Convert the given input data file into a different format. count Returns the number of results for a search data Bulk data access to Shodan domain View all available information for a domain download Download search results and save them in a compressed JSON... honeyscore Check whether the IP is a honeypot or not. host View all available information for an IP address info Shows general information about your account init Initialize the Shodan command-line myip Print your external IP address org Manage your organization's access to Shodan parse Extract information out of compressed JSON files. radar Real-Time Map of some results as Shodan finds them. scan Scan an IP/ netblock using Shodan. search Search the Shodan database stats Provide summary information about a search query stream Stream data in real-time. version Print version of this tool.
Step 3:Search for Accessible WebcamsThere are many ways to find webcams on Shodan. Usually, using the name of the webcam's manufacturer or webcam server is a good start. Shodan indexes the information in the banner, not the content, which means that if the manufacturer puts its name in the banner, you can search by it. If it doesn't, then the search will be fruitless.
One of my favorites is webcamxp, a webcam and network camera software designed for older Windows systems. After typing this into the Shodan search engine online, it pulls up links to hundreds, if not thousands, of web-enabled security cameras around the world.
Code:
Code:
~$ shodan search webcamxp 81.133.███.███ 8080 ████81-133-███-███.in-addr.btopenworld.com HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=utf-8\r\nConten t-Length: 7313\r\nCache-control: no-cache, must revalidate\r\nDate: Tue, 06 Aug 2019 21:39:29 GMT\r\nExpires: Tue, 06 Aug 2019 21:39:29 GMT\r\nPragma: no-cache\r\nServer: webcamXP 5\r\n\r\n 74.218.███.██ 8080 ████-74-218-███-██.se.biz.rr.com HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 7413\r\nCache-control: no-cache, must revalidate\r\nDate: Wed, 07 Aug 2019 14:22:02 GMT\r\nExpires: Wed, 07 Aug 2019 14:22:02 GMT\r\nPragma: no-cache\r\nServer: webcamXP 5\r\n\r\n 208.83.██.205 9206 ████████████.joann.com HTTP/1.1 704 t\r\nServer: webcam XP\r\n\r\n 115.135.██.185 8086 HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2192\r\nCache-control: no-cache, must revalidate\r\nDate: Wed, 07 Aug 2019 06:49:20 GMT\r\nExpires: Wed, 07 Aug 2019 06:49:20 GMT\r\nPragma: no-cache\r\nServer: webcamXP 5\r\n\r\n 137.118.███.107 8080 137-118-███-███.wilkes.net HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 2073\r\nCache-control: no-cache, must revalidate\r\nDate: Wed, 07 Aug 2019 12:37:54 GMT\r\nExpires: Wed, 07 Aug 2019 12:37:54 GMT\r\nPragma: no-cache\r\nServer: webcamXP 5\r\n\r\n 218.161.██.██ 8080 218-161-██-██.HINET-IP.hinet.net HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 7431\r\nCache-control: no-cache, must revalidate\r\nDate: Mon, 05 Aug 2019 18:39:52 GMT\r\nExpires: Mon, 05 Aug 2019 18:39:52 GMT\r\nPragma: no-cache\r\nServer: webcamXP 5\r\n\r\n ... 92.78.██.███ 37215 ███-092-078-███-███.███.███.pools.vodafone-ip.de HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 8163\r\nCache-control: no-cache, must revalidate\r\nDate: Wed, 07 Aug 2019 05:17:22 GMT\r\nExpires: Wed, 07 Aug 2019 05:17:22 GMT\r\nPragma: no-cache\r\nServer: webcamXP 5\r\n\r\n 85.157.██.███ 8080 ████████.netikka.fi HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 7947\r\nCache-control: no-cache, must revalidate\r\nDate: Wed, 07 Aug 2019 00:25:41 GMT\r\nExpires: Wed, 07 Aug 2019 00:25:41 GMT\r\nPragma: no-cache\r\nServer: webcamXP 5\r\n\r\n 108.48.███.███ 8080 ████-108-48-███-███.washdc.fios.verizon.net HTTP/1.1 401 Unauthorized\r\nConnection: close\r\nContent-Length: 339\r\nCache-control: no-cache, must revalidate\r\nDate: Tue, 06 Aug 2019 22:40:21 GMT\r\nExpires: Tue, 06 Aug 2019 22:17:21 GMT\r\nPragma: no-cache\r\nServer: webcamXP\r\nWWW-Authenticate: Basic realm="webcamXP"\r\nContent-Type: text/html\r\n\r\n (END)
Code:
~$ shodan search -h Usage: shodan search [OPTIONS] <search query> Search the Shodan database Options: --color / --no-color --fields TEXT List of properties to show in the search results. --limit INTEGER The number of search results that should be returned. Maximum: 1000 --separator TEXT The separator between the properties of the search results. -h, --help Show this message and exit.
Code:
~$ shodan search --fields ip_str,port,org,hostnames webcamxp 81.133.███.███ 8080 BT ████81-133-███-███.in-addr.btopenworld.com 74.218.███.██ 8080 Spectrum Business ████-74-218-███-██.se.biz.rr.com 208.83.██.███ 9206 Jo-ann Stores, LLC ████████████.joann.com 115.135.██.███ 8086 TM Net 137.118.███.███ 8080 Wilkes Communications 137-118-███-███.wilkes.net 218.161.██.██ 8080 HiNet 218-161-██-██.HINET-IP.hinet.net ... 92.78.██.███ 37215 Vodafone DSL ███-092-078-███-███.███.███.pools.vodafone-ip.de 85.157.██.███ 8080 Elisa Oyj ████████.netikka.fi 108.48.███.███ 8080 Verizon Fios ████-108-48-███-███.washdc.fios.verizon.net (END)
Try Default Username & PasswordsAlthough some of the webcams Shodan shows you are unprotected, many of them will require authentication. To attempt to gain access without too much effort, try the default username and password for the security camera hardware or software. I have compiled a short list of the default username and passwords of some of the most widely used webcams below.
- ACTi: admin/123456 or Admin/123456
- Axis (traditional): root/pass,
- Axis (new): requires password creation during first login
- Cisco: No default password, requires creation during first login
- Grandstream: admin/admin
- IQinVision: root/system
- Mobotix: admin/meinsm
- Panasonic: admin/12345
- Samsung Electronics: root/root or admin/4321
- Samsung Techwin (old): admin/1111111
- Samsung Techwin (new): admin/4321
- Sony: admin/admin
- TRENDnet: admin/admin
- Toshiba: root/ikwd
- Vivotek: root/<blank>
- WebcamXP: admin/ <blank>