1 00:00:00,090 --> 00:00:01,770 All right, welcome back, everyone. 2 00:00:01,800 --> 00:00:08,580 This is fresh air and this session is about getting started, which showed him and will force the strong 3 00:00:08,790 --> 00:00:14,970 start with finding the Web cameras, I mean, IP cameras and try to get access into it. 4 00:00:15,150 --> 00:00:16,740 All right, let's get started. 5 00:00:17,790 --> 00:00:20,450 OK, so here it is. 6 00:00:20,460 --> 00:00:21,720 We'll get it. 7 00:00:21,750 --> 00:00:22,200 Simple. 8 00:00:22,210 --> 00:00:27,120 We just have to go to these children, dot, dot, dial and. 9 00:00:28,020 --> 00:00:30,270 Yeah, and yes. 10 00:00:30,780 --> 00:00:36,600 And once you go to this or not, I, you just have to sign up and once you sign up to the account, 11 00:00:36,600 --> 00:00:38,070 you get this right. 12 00:00:38,070 --> 00:00:40,460 You get to see this lovely dashboard here. 13 00:00:40,860 --> 00:00:42,330 And what do you need to do? 14 00:00:42,640 --> 00:00:48,830 The first thing that you have to start with is always search for cameras. 15 00:00:48,840 --> 00:00:49,150 Right. 16 00:00:49,170 --> 00:00:54,620 So the most popular keyword for this is the webcam type webcam. 17 00:00:54,630 --> 00:00:57,980 There are some keywords that I keep making use of. 18 00:00:58,860 --> 00:01:02,630 And once you hit that, this will give you the result. 19 00:01:02,790 --> 00:01:04,100 Multiple search results. 20 00:01:04,530 --> 00:01:05,690 What do you see on the left? 21 00:01:05,700 --> 00:01:08,420 That is a more specific filters. 22 00:01:09,270 --> 00:01:17,850 So just like you can see the number of results came in from China and then we have Suzlon and United 23 00:01:17,850 --> 00:01:18,730 States as well. 24 00:01:19,290 --> 00:01:23,980 And, of course, the top services and the top organizations as well. 25 00:01:24,000 --> 00:01:24,330 Right. 26 00:01:24,840 --> 00:01:27,350 What do you see on the on the search result? 27 00:01:27,360 --> 00:01:33,930 These are the results of individual devices, having the public IP address right now. 28 00:01:34,710 --> 00:01:36,900 What are we actually trying to look for? 29 00:01:36,990 --> 00:01:41,850 See, when you let's say, for example, we get into any of the device. 30 00:01:41,860 --> 00:01:42,220 Right. 31 00:01:42,780 --> 00:01:52,200 So let's say we go to maybe this one our. 32 00:01:54,740 --> 00:02:00,350 Let's go to China for a while, we can possibly try to. 33 00:02:04,890 --> 00:02:06,730 Let's let's try with this maybe. 34 00:02:07,590 --> 00:02:15,660 OK, this seems to be something suspicious, I'll tell you why, because there was a key word called 35 00:02:15,660 --> 00:02:16,320 honeypot. 36 00:02:16,650 --> 00:02:22,140 That means it was intentionally created webcam, vulnerable webcam. 37 00:02:22,320 --> 00:02:22,680 Right. 38 00:02:23,280 --> 00:02:25,510 So even that happened to so. 39 00:02:26,010 --> 00:02:26,910 Oh, right. 40 00:02:26,940 --> 00:02:35,190 So this is also an important because you see some organizations that are in the security, they make 41 00:02:35,190 --> 00:02:39,690 this to attract the hackers and see the patterns as well. 42 00:02:39,720 --> 00:02:39,980 Right. 43 00:02:40,380 --> 00:02:44,790 So Workcamps, let's try this if we get some details. 44 00:02:45,540 --> 00:02:45,930 OK. 45 00:02:46,620 --> 00:02:48,630 So this is this device. 46 00:02:48,630 --> 00:02:56,910 This webcam belongs here in France and we get the public IP address, what we could what we can do with 47 00:02:56,910 --> 00:02:57,240 this. 48 00:02:57,390 --> 00:03:05,290 Now, understand this first, this search results keep changing every day, every every hour as well. 49 00:03:05,310 --> 00:03:05,650 Right. 50 00:03:05,670 --> 00:03:10,650 So if you try at this moment, you might find some different results. 51 00:03:11,730 --> 00:03:19,680 You would be lucky if you even see the images, live images as well, or probably an open, open Web 52 00:03:19,680 --> 00:03:20,220 camera. 53 00:03:20,370 --> 00:03:22,060 What do you need to do in that case? 54 00:03:22,520 --> 00:03:24,870 Well, I'll show you what exactly you would get. 55 00:03:25,260 --> 00:03:32,250 So let's say in this could be any of the Web camera or any of the results just on the bottom, you would 56 00:03:32,250 --> 00:03:35,310 find the live image or probably in image. 57 00:03:35,670 --> 00:03:41,550 And once you get that, you just have to click on the, you know, this button and you get the access 58 00:03:41,550 --> 00:03:41,800 to it. 59 00:03:42,600 --> 00:03:48,720 There are some some different cases as well where and it could be a private Web camera. 60 00:03:48,750 --> 00:03:56,840 When I say private, it might be exposed to the Internet, but you wouldn't be having the credentials, 61 00:03:56,910 --> 00:03:58,230 the right places for it. 62 00:03:58,530 --> 00:04:05,430 And for that being an ethical hacker or hacker, you would need to perform some sort of brute force 63 00:04:05,430 --> 00:04:10,010 attack or study attack to possibly get the right credentials for this. 64 00:04:10,020 --> 00:04:10,260 Right. 65 00:04:11,490 --> 00:04:15,630 Let's say you got the right webcam or your target as well. 66 00:04:16,080 --> 00:04:24,840 Now, if you try accessing this on your browser, you won't get the right access most of the time. 67 00:04:25,350 --> 00:04:33,900 OK, but my point is to tell you exactly what you need to try to see the the when you try something 68 00:04:33,900 --> 00:04:39,070 on the Web browser, what do you need to remember is what Beaudet is working. 69 00:04:39,120 --> 00:04:42,390 So when I say that, it means usually SCDP works. 70 00:04:42,390 --> 00:04:47,040 Of course, the default mode for a step is eighty four steps is four for three. 71 00:04:47,400 --> 00:04:56,950 And that is if it is the the organization or the webcam might use non default points as well. 72 00:04:57,660 --> 00:05:01,920 So it can even use eighty eighty eight thousand nine thousand eight thousand one as well. 73 00:05:02,250 --> 00:05:08,040 So if you want to get access to it, you have to specify the boats on the browser as well, just after 74 00:05:08,040 --> 00:05:08,760 the IP address. 75 00:05:08,760 --> 00:05:13,410 But a boat number, if you don't specify it, will by default take 80. 76 00:05:13,830 --> 00:05:17,230 And if your service is not working on that, it won't really open. 77 00:05:17,670 --> 00:05:21,780 So in that case, how do we verify that it's working on Radio four for three? 78 00:05:22,290 --> 00:05:29,260 Well, in our case, at working on both 80 and 80 and eighty eight in that case, even if you drive 79 00:05:29,260 --> 00:05:32,650 with this, it might work lovely. 80 00:05:33,060 --> 00:05:36,150 You can see this, you can get the access to it. 81 00:05:36,150 --> 00:05:38,720 And it is asking for the details as well. 82 00:05:38,730 --> 00:05:38,970 Right. 83 00:05:39,600 --> 00:05:48,710 So this is saying some some location, I'm not really sure, but this belongs to some different organization. 84 00:05:49,170 --> 00:05:55,020 But what you can try to do is if somehow you get the make it, you could try. 85 00:05:56,280 --> 00:05:58,250 You can start with the default password. 86 00:05:58,530 --> 00:06:07,950 So, for example, you can start with maybe Netgear if you get to know by the banner, if it's a Netgear, 87 00:06:07,980 --> 00:06:09,340 you can see what's in it. 88 00:06:09,360 --> 00:06:12,530 Go default password. 89 00:06:13,110 --> 00:06:13,790 Oh, sorry. 90 00:06:14,160 --> 00:06:27,180 I would say it's a webcam of another organizations or maybe will exist fast can default password both 91 00:06:27,670 --> 00:06:28,490 for scam. 92 00:06:28,530 --> 00:06:28,880 Sorry. 93 00:06:29,430 --> 00:06:30,320 So the password. 94 00:06:30,330 --> 00:06:30,590 Yeah. 95 00:06:30,600 --> 00:06:34,280 So usually you usually get the idea right. 96 00:06:34,590 --> 00:06:37,980 If you know about the vendor you can start with the default password. 97 00:06:37,980 --> 00:06:41,760 If you, if it doesn't work you can start with your brute force. 98 00:06:41,760 --> 00:06:42,030 Right. 99 00:06:43,680 --> 00:06:48,840 In our case we can, we have to try doing with multiple devices. 100 00:06:49,140 --> 00:06:53,550 What really happened is with the free account you can search for limited devices. 101 00:06:53,550 --> 00:06:53,810 Right. 102 00:06:54,060 --> 00:06:55,680 So you have to be sure about it. 103 00:06:56,040 --> 00:07:02,590 If you are into security research or something, you better you buy for the premium program. 104 00:07:03,120 --> 00:07:03,490 Where in. 105 00:07:03,570 --> 00:07:11,160 You can go even more research so you can even drive a camera as well as a result, and you might find 106 00:07:11,160 --> 00:07:14,740 some more results for the camera. 107 00:07:14,760 --> 00:07:16,410 You also get. 108 00:07:19,260 --> 00:07:25,350 With cameras, you also get some more results with it and let me show you. 109 00:07:28,410 --> 00:07:32,940 There's some more details, so in this case, it's, again, working their. 110 00:07:35,010 --> 00:07:42,000 Let me open this, this seems to be anybody you see this, so even if you try to be aware that it might 111 00:07:42,000 --> 00:07:47,600 be a tracking device, might be tracking devices, and there are multiple vulnerabilities with that. 112 00:07:47,610 --> 00:07:47,870 Right. 113 00:07:48,180 --> 00:07:52,430 So it might be intentionally vulnerable devices. 114 00:07:52,890 --> 00:07:55,830 And this is giving you a lot of other results as well. 115 00:07:55,860 --> 00:07:56,100 Right. 116 00:07:56,910 --> 00:08:00,270 So that's how you can look for results. 117 00:08:00,660 --> 00:08:09,900 Now, what if you just want to be specific about remember it just that we are we are trying accessing 118 00:08:09,900 --> 00:08:12,120 the devices at a different moment. 119 00:08:12,420 --> 00:08:18,720 When you look at it, you will you might find more vulnerable devices even there like captions as well. 120 00:08:18,730 --> 00:08:19,040 Right. 121 00:08:19,380 --> 00:08:20,520 So let's do something. 122 00:08:21,000 --> 00:08:27,090 If you want to be specific about just one single country, maybe I just want to get the result of United 123 00:08:27,090 --> 00:08:27,660 States. 124 00:08:28,050 --> 00:08:33,650 OK, so we can be specific about this with this country. 125 00:08:33,750 --> 00:08:38,460 I can be specific about let's say I just want to result from United States. 126 00:08:38,730 --> 00:08:46,500 So I type that Afghan country, US Country Club and us and I only see the results from United States. 127 00:08:46,790 --> 00:08:49,470 You see this on this location, right? 128 00:08:49,890 --> 00:08:51,920 So this is what I get. 129 00:08:51,930 --> 00:08:56,840 But this doesn't seem to be blowing directly to the webcam. 130 00:08:56,850 --> 00:08:59,190 I can even try for some other countries. 131 00:08:59,190 --> 00:09:06,330 Maybe you can be is searching for some other location, some other countries as well, with the same 132 00:09:06,330 --> 00:09:06,660 idea. 133 00:09:06,660 --> 00:09:08,400 And you can even drive it to India. 134 00:09:09,070 --> 00:09:10,730 And yeah. 135 00:09:10,740 --> 00:09:14,190 So this is how you getting the results as well 136 00:09:17,070 --> 00:09:17,610 to. 137 00:09:19,820 --> 00:09:23,440 Oh, this, again, looks like an all out war. 138 00:09:23,720 --> 00:09:27,120 There are a lot of ports open and this seems to be honeypot for sure. 139 00:09:27,740 --> 00:09:33,010 And so this is how you can be specific related to country. 140 00:09:33,410 --> 00:09:39,920 So let's say we going to go in more details about the cities as well so we can even search for Biggin, 141 00:09:39,920 --> 00:09:45,620 make it even more specific with the city, so you can make it the keyword. 142 00:09:45,620 --> 00:09:50,640 And let's say we would like to go for Myanmar and there we go. 143 00:09:51,980 --> 00:10:02,360 Oh, so this seems like there's no results for for me at this moment of we have. 144 00:10:02,810 --> 00:10:03,470 We do have. 145 00:10:03,500 --> 00:10:03,740 Right. 146 00:10:04,070 --> 00:10:06,290 So there was missing space in between. 147 00:10:07,950 --> 00:10:19,150 And we only see the webcam belongs to the United States and in Miami location. 148 00:10:19,160 --> 00:10:19,430 Right. 149 00:10:19,880 --> 00:10:26,380 So if you look at it closely, you find multiple ports open. 150 00:10:26,390 --> 00:10:26,660 Right. 151 00:10:27,060 --> 00:10:33,990 25, which is usually for sending e-mails with S&P 80s again. 152 00:10:34,460 --> 00:10:36,980 Sudeep, there are many other ports open as well. 153 00:10:37,730 --> 00:10:38,930 This might work. 154 00:10:38,940 --> 00:10:42,500 You can try to see what this device belongs to. 155 00:10:43,070 --> 00:10:46,780 And this doesn't look like a good one for sure. 156 00:10:46,790 --> 00:10:47,570 You can remove that. 157 00:10:48,140 --> 00:10:50,330 And there are similar to this. 158 00:10:50,330 --> 00:10:52,040 There are many devices. 159 00:10:52,070 --> 00:10:55,880 This seems like media casts to live streaming and everything. 160 00:10:55,920 --> 00:10:56,240 Right. 161 00:10:56,610 --> 00:10:58,570 That's all it's about. 162 00:10:59,240 --> 00:11:03,800 Now, you can be very specific about an organizations as well. 163 00:11:04,120 --> 00:11:06,320 So let me show you. 164 00:11:10,380 --> 00:11:18,430 You can even copy certain organization to let's say there is this one, OK? 165 00:11:18,840 --> 00:11:21,600 And in this case, there seems to be. 166 00:11:22,530 --> 00:11:24,030 This seems to be. 167 00:11:27,380 --> 00:11:30,330 But let's try and just to show you how that could work. 168 00:11:30,740 --> 00:11:36,940 You can make use of organization as a key word and specify that we here and here we go. 169 00:11:36,980 --> 00:11:41,720 You can just be straight and you will only see the results specific to that organization. 170 00:11:41,810 --> 00:11:42,100 Right. 171 00:11:42,590 --> 00:11:48,620 So you see everything on the webcam results with that organization only. 172 00:11:49,100 --> 00:11:49,540 All right. 173 00:11:49,880 --> 00:11:53,210 So and you even see the keywords related to this. 174 00:11:53,480 --> 00:11:56,660 And most of them are honeypots to be made with this. 175 00:11:57,400 --> 00:11:59,610 Now, let me show you something different. 176 00:12:00,320 --> 00:12:07,240 Once you click on Explorer, you will find a downloaded results and recently share, right. 177 00:12:07,370 --> 00:12:09,290 So you can see a webcam. 178 00:12:09,290 --> 00:12:14,030 Is the widely used keywords very much popular, right. 179 00:12:14,420 --> 00:12:22,880 So then if you are looking to, you know, capture some webcam images or something, webcam as highly 180 00:12:22,880 --> 00:12:26,290 effective depends on the day you are looking for. 181 00:12:26,330 --> 00:12:29,510 So a webcam is the one then you can try for Kamps as well. 182 00:12:29,810 --> 00:12:31,310 Not Gamma's one. 183 00:12:31,490 --> 00:12:32,300 Many other. 184 00:12:32,330 --> 00:12:33,500 Let's see if this works. 185 00:12:33,950 --> 00:12:34,330 Wonderful. 186 00:12:34,910 --> 00:12:38,170 We just tried with Cam and you could see. 187 00:12:40,370 --> 00:12:40,950 All right. 188 00:12:40,970 --> 00:12:50,180 So this seems to be have working with many bored straight when you do usually goes for a search, then 189 00:12:50,180 --> 00:12:52,880 you can possibly go for many of the reports. 190 00:12:52,880 --> 00:12:57,180 DCP Oh yeah, there is some polls open in two four eight zero as well. 191 00:12:57,200 --> 00:13:00,620 This seems to be a step because that's the header, it seems. 192 00:13:01,280 --> 00:13:03,290 So you can even try that. 193 00:13:05,480 --> 00:13:15,860 I'm sure you different probability so that once you get into it, you will you do for it, too, and 194 00:13:15,860 --> 00:13:20,690 you might find or walk one foot, so you get to see the access to the back. 195 00:13:20,830 --> 00:13:24,320 Now, what you need is you always need the right credentials. 196 00:13:24,620 --> 00:13:29,350 Of course, what I'm really talking about is the hacking line. 197 00:13:29,750 --> 00:13:34,130 And this is what we really have to work on being in Hacker. 198 00:13:34,130 --> 00:13:34,500 Right. 199 00:13:34,520 --> 00:13:38,150 We need to see how effectively we can crack the password. 200 00:13:38,150 --> 00:13:38,380 Right. 201 00:13:38,780 --> 00:13:42,380 And this is what the real challenges comes. 202 00:13:42,380 --> 00:13:45,110 You know, this is where the real creativity comes in as well. 203 00:13:45,140 --> 00:13:45,370 Right. 204 00:13:45,890 --> 00:13:51,740 So you got the idea about the default boats and the non default ports making use of it, how to get 205 00:13:51,740 --> 00:13:52,400 access to it. 206 00:13:52,400 --> 00:13:52,600 Right. 207 00:13:53,450 --> 00:14:00,970 And this is where you will get access to all the top voted recently, shared keyboards as well. 208 00:14:01,400 --> 00:14:12,140 And I hope you got the idea about how to get get access or how to possibly get to see about the IP cameras 209 00:14:12,140 --> 00:14:13,550 over the shoulder as well. 210 00:14:13,580 --> 00:14:13,920 Right. 211 00:14:14,270 --> 00:14:20,450 So we'll keep making use of SHODAN information for scanning many of the devices as well. 212 00:14:20,550 --> 00:14:21,500 Then keep learning. 213 00:14:21,830 --> 00:14:22,550 We'll see you then. 214 00:14:22,790 --> 00:14:23,240 Thank you.