Today we will try to gain access to a CCTV camera provider using Shodan but first what is Shodan?
SHODAN:- Shodan is a scanner which finds devices connected over the internet. Shodan can finds devices like traffic lights, security cameras, home heating devices and baby monitors, ethical hacking consultants assure. This web scanner can also finds the SCADA system like -gas stations, nuclear power plants. Shodan tells the physical location of connected devices over the internet.
Ethical hacking researcher says that shodan can creates violation on users privacy because it ping almost on any device connected over the internet without taking users permission.
For using shodan go to: https://www.shodan.io/
° For creating an account go to https://account.shodan.io/register
Shodan search engine can also be used without signing up. Signing up is not compulsory.
Enter the necessary details- your username,password and email for signing up in shodan.
After creating an account sign in with your credentials.
After singing in, shodan will open. Now you can explore shodan.
After creating your account in shodan. Sign in to your account and shodan will show your account api key. For security reasons the key has been hided (ZoxxxxxxPFmYHJvSWhKixxxxxxxxxxHmT).
You can also use the API key in recon-ng for reconnaissance.
You can also search any website/IP address simply enter the your target name and as you see below it will show the details of the target, mention ethical hacking investigators.
Fun with SHODAN:-
SHODAN FEATURES:-
Shodan offers many great features to search. Normal user can easily explore shodan. Most of the pentesters use shodan for finding vulnerabilities, according to ethical hacking courses.
There are many keywords to search in shodan and here are some of the keywords which have been used to show you how shodan works:-
VSAT – Mainly works in boats/ship tracker to detect boats/ship location.
Cameras – Shows the open IP’s of the web-cameras which are used in surveillance.
Exploring the other like – databases, video game servers, Industrial Control System.
Databases – show the databases with lack of security.
Video Game Servers – shows the running open servers of the games.
ICS (Industrial Control System) – shows the open ICS systems which are vulnerable.
SEARCHING LIVE CAMS:-
You can search the live cameras with open ports.For searching the live webcams. go to shodan search engine and type webcams.
For example :-
For searching webcams, you can type webcams or the query of the webcam which mostly URL path used by IP camera " webcam XP
.
===================SNIP================
After searching through the query, there is an IP – 93.254.183.171:8080 which we will examine further.
After clicking on the IP, You can see open port and the IP address of the myvzw.com from the organisation verizon wireless.
Now to open IP address type the above IP address with the port into your browser 93.254.183.171:8080 as shown below.
As you can see the targeted IP camera is working but it is night over there. Now we will try to find some previous recording to check if the camera is working.
As you can see we have full control of the admin portal of the security camera
This is the end of today article follow us to get updated when we realese another one
 part 1){kind=link}
1 Comments
It was so helpful
ReplyDelete