Fix bug for some cameras running gst rtsp server
This commit is contained in:
Brendan LE GLAUNEC
committed by
Brendan Le Glaunec
Brendan Le Glaunec
parent
bf3a967fad
commit
a2af1329d7
@@ -34,12 +34,12 @@
|
|||||||
Install [docker](https://docs.docker.com/engine/installation/) on your machine, and run the following command:
|
Install [docker](https://docs.docker.com/engine/installation/) on your machine, and run the following command:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
docker run ullaakut/cameradar <command-line options>
|
docker run -t ullaakut/cameradar -t <target> <other command-line options>
|
||||||
```
|
```
|
||||||
|
|
||||||
[See command-line options](#command-line-options).
|
[See command-line options](#command-line-options).
|
||||||
|
|
||||||
e.g.: `docker run ullaakut/cameradar -t 192.168.100.0/24 -l` will scan the ports 554 and 8554 of hosts on the 192.168.100.0/24 subnetwork and attack the discovered RTSP streams and will output lots of logs.
|
e.g.: `docker run -t ullaakut/cameradar -t 192.168.100.0/24 -l` will scan the ports 554 and 8554 of hosts on the 192.168.100.0/24 subnetwork and attack the discovered RTSP streams and will output lots of logs.
|
||||||
|
|
||||||
* `YOUR_TARGET` can be a subnet (e.g.: `172.16.100.0/24`) or even an IP (e.g.: `172.16.100.10`), a range of IPs (e.g.: `172.16.100.10-172.16.100.20`) or a mix of all those separated by commas (e.g.: `172.17.100.0/24,172.16.100.10-172.16.100.20,0.0.0.0`).
|
* `YOUR_TARGET` can be a subnet (e.g.: `172.16.100.0/24`) or even an IP (e.g.: `172.16.100.10`), a range of IPs (e.g.: `172.16.100.10-172.16.100.20`) or a mix of all those separated by commas (e.g.: `172.17.100.0/24,172.16.100.10-172.16.100.20,0.0.0.0`).
|
||||||
* If you want to get the precise results of the nmap scan in the form of an XML file, you can add `-v /your/path:/tmp/cameradar_scan.xml` to the docker run command, before `ullaakut/cameradar`.
|
* If you want to get the precise results of the nmap scan in the form of an XML file, you can add `-v /your/path:/tmp/cameradar_scan.xml` to the docker run command, before `ullaakut/cameradar`.
|
||||||
@@ -122,14 +122,14 @@ RTSPURL allows you to generate the full URL of a stream.
|
|||||||
|
|
||||||
The **RTSP port used for most cameras is 554**, so you should probably specify 554 as one of the ports you scan. Not specifying any ports to the cameraccess application will scan the 554 and 8554 ports.
|
The **RTSP port used for most cameras is 554**, so you should probably specify 554 as one of the ports you scan. Not specifying any ports to the cameraccess application will scan the 554 and 8554 ports.
|
||||||
|
|
||||||
e.g.: `docker run ullaakut/cameradar -p "18554,19000-19010" -t localhost` will scan the ports 18554, and the range of ports between 19000 and 19010 on localhost.
|
e.g.: `docker run -t ullaakut/cameradar -p "18554,19000-19010" -t localhost` will scan the ports 18554, and the range of ports between 19000 and 19010 on localhost.
|
||||||
|
|
||||||
You **can use your own files for the ids and routes dictionaries** used to attack the cameras, but the Cameradar repository already gives you a good base that works with most cameras, in the `/dictionaries` folder.
|
You **can use your own files for the ids and routes dictionaries** used to attack the cameras, but the Cameradar repository already gives you a good base that works with most cameras, in the `/dictionaries` folder.
|
||||||
|
|
||||||
e.g.:
|
e.g.:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
docker run -v /my/folder/with/dictionaries:/tmp/dictionaries \
|
docker run -t -v /my/folder/with/dictionaries:/tmp/dictionaries \
|
||||||
ullaakut/cameradar \
|
ullaakut/cameradar \
|
||||||
-r "/tmp/dictionaries/my_routes" \
|
-r "/tmp/dictionaries/my_routes" \
|
||||||
-c "/tmp/dictionaries/my_credentials.json" \
|
-c "/tmp/dictionaries/my_credentials.json" \
|
||||||
@@ -193,6 +193,10 @@ See the cameraccess example. You just need to run `go get github.com/EtixLabs/ca
|
|||||||
|
|
||||||
Use the `--net=host` flag when launching the cameradar image, or use the binary by running `go run cameraccess/main.go`.
|
Use the `--net=host` flag when launching the cameradar image, or use the binary by running `go run cameraccess/main.go`.
|
||||||
|
|
||||||
|
> I don't see a colored output :(
|
||||||
|
|
||||||
|
You forgot the `-t` flag before `ullaakut/cameradar` in your command-line. This tells docker to allocate a pseudo-tty for cameradar, which makes it able to use colors.
|
||||||
|
|
||||||
## License
|
## License
|
||||||
|
|
||||||
Copyright 2017 Etix Labs
|
Copyright 2017 Etix Labs
|
||||||
|
|||||||
Executable
BIN
Binary file not shown.
@@ -53,9 +53,22 @@ func main() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
streams, _ := cmrdr.Discover(options.Target, options.Ports, options.OutputFile, options.Speed, options.EnableLogs)
|
streams, _ := cmrdr.Discover(options.Target, options.Ports, options.OutputFile, options.Speed, options.EnableLogs)
|
||||||
|
|
||||||
|
// Most cameras will be accessed successfully with these two attacks
|
||||||
streams, _ = cmrdr.AttackRoute(streams, routes, time.Duration(options.Timeout)*time.Millisecond, options.EnableLogs)
|
streams, _ = cmrdr.AttackRoute(streams, routes, time.Duration(options.Timeout)*time.Millisecond, options.EnableLogs)
|
||||||
streams, _ = cmrdr.AttackCredentials(streams, credentials, time.Duration(options.Timeout)*time.Millisecond, options.EnableLogs)
|
streams, _ = cmrdr.AttackCredentials(streams, credentials, time.Duration(options.Timeout)*time.Millisecond, options.EnableLogs)
|
||||||
|
|
||||||
|
// But some cameras run GST RTSP Server which prioritizes 401 over 404 contrary to most cameras.
|
||||||
|
// For these cameras, running another route attack will solve the problem.
|
||||||
|
for _, stream := range streams {
|
||||||
|
if stream.RouteFound == false || stream.CredentialsFound == false {
|
||||||
|
streams, _ = cmrdr.AttackRoute(streams, routes, time.Duration(options.Timeout)*time.Millisecond, options.EnableLogs)
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
streams, _ = cmrdr.AttackRoute(streams, routes, time.Duration(options.Timeout)*time.Millisecond, options.EnableLogs)
|
||||||
|
|
||||||
prettyPrint(streams)
|
prettyPrint(streams)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
+11
-1
@@ -48,13 +48,23 @@ func RunNmap(targets, ports string, resultFilePath string, nmapSpeed int, enable
|
|||||||
"nmap",
|
"nmap",
|
||||||
fmt.Sprintf("-T%d", nmapSpeed),
|
fmt.Sprintf("-T%d", nmapSpeed),
|
||||||
"-A",
|
"-A",
|
||||||
targets,
|
|
||||||
"-p",
|
"-p",
|
||||||
ports,
|
ports,
|
||||||
"-oX",
|
"-oX",
|
||||||
resultFilePath,
|
resultFilePath,
|
||||||
|
targets,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
fmt.Println(
|
||||||
|
"nmap",
|
||||||
|
fmt.Sprintf("-T%d", nmapSpeed),
|
||||||
|
"-A",
|
||||||
|
"-p",
|
||||||
|
ports,
|
||||||
|
"-oX",
|
||||||
|
resultFilePath,
|
||||||
|
targets)
|
||||||
|
|
||||||
// Pipe stdout to be able to write the logs in realtime
|
// Pipe stdout to be able to write the logs in realtime
|
||||||
stdout, err := cmd.StdoutPipe()
|
stdout, err := cmd.StdoutPipe()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|||||||
Reference in New Issue
Block a user