水一篇无线摄像头渗透测试
2022-12-3 23:51:41 Author: 轩公子谈技术(查看原文) 阅读量:19 收藏

买了一套课程,送了一些工具大礼包,无聊中,看到有一个智能摄像头,于是玩一玩,发现有三种方式进行联动。

wifi网线4G

搞不明白一点就是,摄像头没网口,怎么网线连接。。。。

然后下载app,进行匹配链接,既然能联网,肯定有个ip,有ip可能有web,有web可能有漏洞。

于是开干

简单进行了端口扫描

嗨黑嘿

访问尝试下,emmm

目录扫描

但是也都是一样的访问不了

于是用nmap漏洞模块试试

nmap 192.168.31.29 --script=vuln
Starting Nmap 7.92 ( https://nmap.org ) at 2022-12-03 22:02 CSTPre-scan script results:| broadcast-avahi-dos: |   Discovered hosts:|     224.0.0.251|   After NULL UDP avahi packet DoS (CVE-2011-1002).|_  Hosts are all up (not vulnerable).Nmap scan report for 192.168.31.29Host is up (0.0082s latency).Not shown: 997 closed tcp ports (conn-refused)PORT     STATE SERVICE80/tcp   open  http| http-slowloris-check: |   VULNERABLE:|   Slowloris DOS attack|     State: LIKELY VULNERABLE|     IDs:  CVE:CVE-2007-6750|       Slowloris tries to keep many connections to the target web server open and hold|       them open as long as possible.  It accomplishes this by opening connections to|       the target web server and sending a partial request. By doing so, it starves|       the http server's resources causing Denial Of Service.|       |     Disclosure date: 2009-09-17|     References:|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750|_      http://ha.ckers.org/slowloris/| http-enum: |   /cgi-bin/mj_wwwusr: Majordomo2 Mailing List|   /cgi-bin/vcs: Mitel Audio and Web Conferencing (AWC)|   /cgi-bin/ffileman.cgi?: Ffileman Web File Manager|   /cgi-bin/ck/mimencode: ContentKeeper Web Appliance|   /cgi-bin/masterCGI?: Alcatel-Lucent OmniPCX Enterprise|   /cgi-bin/awstats.pl: AWStats|_  /cgi-bin/image/shikaku2.png: TeraStation PRO RAID 0/1/5 Network Attached Storage|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.|_http-csrf: Couldn't find any CSRF vulnerabilities.|_http-majordomo2-dir-traversal: ERROR: Script execution failed (use -d to debug)|_http-dombased-xss: Couldn't find any DOM based XSS.554/tcp  open  rtsp9898/tcp open  monkeycom

发现了一个cve,apache的dos

可以使用msf进行漏洞验证


然后又对另外两个端口进行深入探测

发现 554 端口对应的是rtsp协议,可能存在弱口令,未授权等

尝试测试未授权,失败了

尝试爆破密码,也没成功

模拟器抓包,安装证书后也无法获取数据包,经反编译发现,双向认证,emmm,我是废物。


文章来源: http://mp.weixin.qq.com/s?__biz=MzU3MDg2NDI4OA==&mid=2247487273&idx=1&sn=2db05485094a1adcddabd97cb95d00fc&chksm=fce9a8e6cb9e21f0af0560cbdfbee84414419fe0872e364b48a50043d7056c458870646f8e32#rd
如有侵权请联系:admin#unsafe.sh