Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to access camera with custom password #255

Closed
developakr opened this issue Jan 20, 2020 · 3 comments
Closed

Unable to access camera with custom password #255

developakr opened this issue Jan 20, 2020 · 3 comments
Assignees
@Ullaakut
Labels
question

Comments

@developakr
Copy link

developakr commented Jan 20, 2020
edited
Loading

While using the VLC I can monitor the Besder 6024PB-JW201 1080p camera via this link:
rtsp://admin:[email protected]:554/onvif1

I did a test by my camera with "Cameradar v4.1.2", I inserted the password "password123" into the "credentials.json" file. The required route "onvif1" already exists in the "routes" file.

then I started the "Cameradar"
./cameradar -t 192.168.0.228

When I run the "Cameradar" on the screen, I see "Cameradar" trying different combinations of usernames and passwords.
For example:

* Trying 192.168.0.228:554...
* TCP_NODELAY set
* Connected to 192.168.0.228 (192.168.0.228) port 554 (#0)
* Server auth using Digest with user 'service'
> DESCRIBE rtsp://service:[email protected]:554/ RTSP/1.0
CSeq: 1
Accept: application/sdp

Later the program starts checking the routes, but as far as I can see the front of the rtsp:// link no longer has username and password values
"rtsp://:@192.168.0.228: 554/cam/realmonitor"
For example:

< RTSP/1.0 401 Unauthorized
< CSeq: 1
< WWW-Authenticate: Digest realm="HIipCamera",nonce="13759f8bcb221178a57ff433b8721278"
< 
* Connection #0 to host 192.168.0.228 left intact
* Issue another request to this URL: 'rtsp://192.168.0.228:554/cam'
* Protocol "rtsp" not supported or disabled in libcurl
* Closing connection -1
*   Trying 192.168.0.228:554...
* TCP_NODELAY set
* Connected to 192.168.0.228 (192.168.0.228) port 554 (#0)
* Server auth using Digest with user ''
> DESCRIBE rtsp://:@192.168.0.228:554/cam/realmonitor RTSP/1.0
CSeq: 1
Accept: application/sdp

The program reports when the job is complete - that did not find the correct username and password Also prints wrong path "RTSP route: /cam/realmonitor"
For example:

 > Perform failed for "rtsp://:@192.168.0.228:554/cam" (auth 2): curl: Unsupported protocol
Validating that streams are accessible...ok
  > Perform failed for "rtsp://:@192.168.0.228:554/cam/realmonitor" (auth 2): curl: RTSP CSeq mismatch or invalid CSeq
✖       Admin panel URL:        http://192.168.0.228/ You can use this URL to try attacking the camera's admin panel instead.
        Available:              ✖
        IP address:             192.168.0.228
        RTSP port:              554
        Auth type:              digest
        Username:               not found
        Password:               not found
        RTSP route:             /cam/realmonitor


✖ Streams were found but none were accessed. They are most likely configured with secure credentials and routes. You can try adding entries to the dictionary or generating your own in order to attempt a bruteforce attack on the cameras.

Am I doing something wrong, or is there a bug in the program?

Maybe you can create an option when the route is known, "Cameradar" would bruteforce only the username and password?
@Ullaakut
Copy link
Owner

Ullaakut commented Jan 21, 2020
edited
Loading

Hi, thanks for reporting this issue. I managed to reproduce it on my side so I'm investigating it. In my logs though, it does try the correct combination of username and password:

> DESCRIBE rtsp://admin:[email protected]:8554/live.sdp RTSP/1.0 > 401

But it still gets a 401 response, so there might be an issue with this specific password, maybe because it's alphanumerical?

Anyway, I'll make more tests and let you know when I find a solution :)

Thanks!

EDIT: Nevermind, I made a mistake when setting up the camera. It works on my side now 🤔

Screenshot 2020-01-21 at 8 29 06 AM

Could you please share the full log of cameradar for me to figure out what's wrong?

@Ullaakut Ullaakut changed the title Cameradar cannot find the known username and password Unable to access camera with custom password Jan 21, 2020
@Ullaakut Ullaakut self-assigned this Jan 21, 2020
@Ullaakut Ullaakut added the bug label Jan 21, 2020
@developakr
Copy link
Author

developakr commented Jan 29, 2020
edited
Loading

Sending log file.
log.txt
I take the LOG file correctly?
./cameradar --targets=192.168.0.226 -v &>/root/Desktop/log.txt

VLC can monitor the Besder 6024PB-JW201 1080p camera via this link:
rtsp://admin:[email protected]:554/onvif1
Thank you

@Ullaakut
Copy link
Owner

The issue you have is a duplicate of #247, which has been fixed in #252 :)

*   Trying 192.168.0.226:554...
* TCP_NODELAY set
* Connected to 192.168.0.226 (192.168.0.226) port 554 (#0)
* Server auth using Digest with user 'admin'
> DESCRIBE rtsp://admin:[email protected]:554/ RTSP/1.0
CSeq: 1
Accept: application/sdp

< RTSP/1.0 401 Unauthorized
< CSeq: 1
< WWW-Authenticate: Digest realm="HIipCamera",nonce="e410540f98c2aca4da5d729a3304090c"
< 
* Connection #0 to host 192.168.0.226 left intact
* Issue another request to this URL: 'rtsp://admin:[email protected]:554/'
* Protocol "rtsp" not supported or disabled in libcurl
* Closing connection -1

All you need to do is to upgrade to the latest version of cameradar (docker pull ullaakut/cameradar:latest or git pull depending on whether you use the binary or the docker image)

@Ullaakut Ullaakut added question and removed bug labels Jan 29, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Ullaakut Ullaakut

Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Ullaakut @developakr