Header Ads

    • Breaking News

    Join the spark hacking Tools Discord Server! Check out the spark hacking Tools community on Discord - hang out with 1 other members and enjoy free voice and text chat.https://discord.gg/eTsYZp

    How to Watch Security Cameras on the Internet

    October 19, 2019 0

    How to Watch Security Cameras on the Internet

    How to Watch Security Cameras on the Internet : Camera hacking is not very new for hacker community . Due to mis-configuration in the Camera security , the cameras that can be accessed over the internet can be viewed by anyone without any Authentication . Though there is no real hacking in this but its somewhat nice to explore .
    I would use this to explain the necessity of security configuration for IP cams . The Cams that have been used to provide the security , are now accessible to anyone without any authentication , and have become the biggest security Loophole.
    The hacking tutorial section is now full of useless threads,The worst of all most of them are questions and other shits.
    So yeah here i am writing a new tutorial trying to make this section back to what it used to be.
    ====================
    Pro Tip :
    Secure yourself before doing this.
    This is Purely for Educational Purposes and Dangerous . Don’t Access Password Protected Cameras
    ====================

    How to Watch Security Cameras on the Internet :

    1-Open your browser.
    2-Go to http://www.google.com
    3-Copy paste a code and put it in google click enter and bam you will get some cameras by clicking on the search links .
    Here I have accumulated a list of Google Dorks that can be used to explore some of the IP cams that can be accessed Online without any Authentication .
    inurl:/view.shtml
 intitle:”Live View / – AXIS” | inurl:view/view.shtml^
 inurl:ViewerFrame?Mode=
 inurl:ViewerFrame?Mode=Refresh
 inurl:axis-cgi/jpg
 inurl:view/index.shtml
 inurl:view/view.shtml
 liveapplet
 intitle:liveapplet
 allintitle:”Network Camera NetworkCamera”
 intitle:axis intitle:”video server”
 intitle:liveapplet inurl:LvAppl
 intitle:”EvoCam” inurl:”webcam.html”
 intitle:”Live NetSnap Cam-Server feed”
 intitle:”Live View / – AXIS 206M”
 intitle:”Live View / – AXIS 206W”
 intitle:”Live View / – AXIS 210″
 inurl:indexFrame.shtml Axis
 intitle:start inurl:cgistart
 intitle:”WJ-NT104 Main Page”
 intitle:snc-z20 inurl:home/
 intitle:snc-cs3 inurl:home/
 intitle:snc-rz30 inurl:home/
 intitle:”sony network camera snc-p1″
 viewnetcam.com
 intitle:”Toshiba Network Camera” user login
 intitle:”i-Catcher Console – Web Monitor”
    Here is a Screenshot  :

    How to Watch Security Cameras on the Internet
    You can modify these dorks as per your needs during a penetration test on an organisation . Consider when you might be doing Penetration testing for a Bank or a multinational that has lots of IP cameras with remote access over internet enabled , this might be the First Loophole to report .
    So friends you enjoyed our tutorial “How to Watch Security Cameras on the Internet” .. If yes don’t forget to say thanks.
    Disclaimer : Don’t try to access a password protected camera or you might get into real trouble . Doing Hacking is punishable under Law and we hold no responsibility of what you do with this information . Purely for Educational Purposes .
    Email Harvesting Tutorial using Metasploit for Penetration testing

    Email Harvesting Tutorial using Metasploit

    Harvesting mails online is something which all ethical hacker require .The simplest method involves spammers purchasing or trading lists of email addresses from other spammers . But being etchical hackers you might need to get mail lists .Another common method is the use of special software known as “harvesting bots” or “harvesters”, which spider Web pages, postings on Usenet, mailing list archives, internet forums and other online sources to obtain email addresses from public data.
    Harvesting emails is process of collecting the mail address present online that can be located using search engines . It is the process of obtaining lists of email addresses using various methods for use in bulk email or other purposes usually grouped as spam.
    Email harvesting is also used by hackers to spam their RAT’s and create large botnets . Phishing campaigns are also run using the publicly available email addresses .
    This technique therefore is an important task to be performed during a penetration test . We will be using our favorite Metasploit framework to perform an email harvesting .
    How to Perform Email Harvesting using Metasploit : 
    Start by opening a terminal and just type msfconsole to start Metasploit for mail Harvesting Tutorial using Metasploit.
    msfconsole

    Email Harvesting Tutorial using Metasploit
    Now to look for an exploit that can help you with email harvesting , type search collector .
    search collector
    This might take some time depending on the machine you use .
    When you see the search has completed , you must see something similar as in the below screenshot .

    Now you need to use one of the exploits available . I prefer search_email_collector to perform the email harvesting attack .
    use gather/search_email_collector
    Now I will configure this exploit to make it useful for our purpose . To see what all I need to configure in this exploit just type :
    show options
    This is what you must see :

    Email Harvesting Tutorial using Metasploit
    The Two main options to look at here are :
    DOMAIN and OUTFILE .
    The Domain specifies the domain for which the email addresses will be harvested . OUTFILE is the output file that will be created in your root folder with all the email address in it .
    Now I will configure this exploit to suit my needs . Since this is not a professional penetration test , I will use a free web domain to harvest emails . My choice is Yahoo.com . Now I must get the email addresses on domain yahoo.com in my email list that can be harvested online .
    To do so type the following :
    set DOMAIN yahoo.com
set OUTFILE yahoo-list.txt
    To check if I did all right type :
    show options
    See the below screenshot for reference  :


    Seems all is good and we are set to do some email harvesting . To start the exploit to run just type EXPLOIT !!
    exploit

    This must create the email list in .txt format . This will have all the emails that have been harvested for Yahoo.com .
    Enjoy email harvesting !!
    I hope you all have enjoyed the email harvesting tutorial using metasploit by Hackingloops.
    Buffer Overflow explained through C code
    Buffer Overflow explained through C code
    Buffer overflow is a well known vulnerability . It is one of the most frequent attack types.
    It uses input to a poorly implemented, but (in intention) completely harmless application, typically with root / administrator privileges. It results from input that is longer than the implementer intended. To understand its inner workings, we need to talk a little bit about how computers use memory.

    Buffer Overflow through C language .

    Lets take an example C program that has a this vulnerability . The vulnerability doesnt exist in the C language or the compiler but it exists in the strcpy function . This function is vulnerable to buffer overflow as it doesn’t check for the memory bounds of the data it copies .
    Let study some real program examples that show the danger of such situations based on the C. In the examples,I have not implement any malicious code injection but just to show that the buffer can be overflow. Modern compilers normally provide overflow checking option during the compile/link time but during the run time it is quite difficult to check this problem without any extra protection mechanism such as using exception handling.

    C code to Show Buffer overflow

    #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
 
 //Author : Vanshit Malhotra
 //Demonstrate Buffer Overflow via Segmantation Fault
 
 int main(int argc, char *argv[])
 {
 char mybuffer[5];
 if (argc < 2)
 {
 printf("strcpy() NOT executed....\n");
 printf("Syntax: %s <characters>\n", argv[0]);
 exit(0);
 }
strcpy(mybuffer, argv[1]);
printf("mybuffer content= %s\n", mybuffer);
 return 0;
 }
    Here are the screenshots from the execution of the code  .
    Observe the SEGMENTATION FAULT that occurs when data more than the buffer limit is provided as an input to the program . 
    You might like using strcpy_s() instaed of strcpy() function to avoid buffer overflow in your C code . 
    The vulnerability exists because the mybuffer could be overflowed if the user input (argv[1]) bigger than 8 bytes. Why 8 bytes?  For 32 bit (4 bytes) system, we must fill up a double word (32 bits) memory.  Character (char) size is 1 byte, so if we request buffer with 5 bytes, the system will allocate 2 double words (8 bytes).  That is why when you input more than 8 bytes; the mybuffer will be over flowed .
    Similar standard functions that are technically less vulnerable, such as strncpy(), strncat(), and memcpy(), do exist. But the problem with these functions is that it is the programmer responsibility to assert the size of the buffer, not the compiler.
    DNSMAP Video Tutorial on Kali Linux – DNS Information Gathering
    DNSMAP Video Tutorial on Kali Linux : In this video tutorial, we will learn how to gather DNS information about all the subdomains of a web application or website using DNSMAP network mapper tool. DNSMAP is basically an sub domain mapping tool which gives all the subdomains, their corresponding IPv4 IP address and IPv6 IP address as output. Unlike other tools, where we use brute force technology to gather all sub domains we don’t have a feature to abort the brute forcing if domain uses wildcards technically you can say it producing false positives while enumerating sub domain data. So friends lets first discuss the key features of DNSMAP and what all we can gather using it.
    DNSMAP Video Tutorial on Kali Linux by Hackingloops
    DNSMAP Video Tutorial on Kali Linux by Hackingloops

    How to open DNSMAP tool on Kali Linux ?

    Go to Applications –> Information Gathering –> DNS Analysis –> DNSMAP
    Important Options or Switches in DNSMAP Tool on Kali Linux :
    -w : This option is used to provide the word list file which you wish to use for brute forcing. If you don’t provide this option, DNSMAP will use the default file.
    -r : This option is used to store results into a text file. Here we can provide a result file path where we wish to store the results. If we don’t provide this option it will show results only on screen.
    -c : This obtain is same as -r option, it just stores file in CSV format.
    -d : This option is used if you wish to provide delay between 2 DNS lookups. If we don’t provide this option, it will use system default 10ms delay.
    -i : This option is used for false positive i.e. if you wish to ignore any IP from lookups.
    Sample DNSMAP command for DNS Network Mapping :
    In case you want to provide custom wordlist file :
     dnsmap anytargetwebsite.com -w ~/Desktop/Hackingloops/wordlist.txt -r ~/Desktop/Hackingloops/results.txt
    If you wish to use default or inbuilt wordlist file :
    dnsmap anytargetwebsite.com -r ~/Desktop/Hackingloops/results1.txt

    DNSMAP Video tutorial on Kali Linux by Hackingloops :


    If you have any queries feel free to ask and don’t forget to say thanks if you like our DNSMAP Video Tutorial.
    Tags:
    Author Image

    About Gamemaker gafoor.2

    No comments

    Subscribe to: Post Comments ( Atom )

    Post Top Ad

    Author Details

    Templatesyard is a blogger resources site is a provider of high quality blogger template with premium looking layout and robust design. The main mission of templatesyard is to provide the best quality blogger templates.

    Post Bottom Ad