WEBVTT

0
00:00.680 --> 00:07.690
When people think about finding vulnerable devices on the Internet they may think about shadan.

1
00:07.880 --> 00:15.650
While shodan does great at finding a lot of IoT devices that have been accidently connected to the 


2
00:15.650 --> 00:21.340
Internet and leak too much information, we can use Google dorking as well. 

3
00:22.390 --> 00:27.440
Camera login and viewing pages are usually HTTP.

4
00:27.670 --> 00:32.610
That means that Google will index them and provide them for viewing, 

5
00:32.680 --> 00:34.690
if you know the right search string.

6
00:35.170 --> 00:43.120
My advice is to use a vpn or a tor connection and not to expose your real IP address when connecting

7
00:43.330 --> 00:45.540
to these devices.

8
00:45.550 --> 00:54.040
One common format for a webcam strings is searching for "top.htm" in the URL with the string 

9
00:54.100 --> 00:56.430
current time included.

10
00:56.590 --> 01:07.460
You'll find a lot of results of this way inurl:top.htm and inurl:currenttime

11
01:11.460 --> 01:18.480
Once again you are not allowed to log into a device if it's asking for a password even though the password

12
01:18.570 --> 01:20.850
is written in clear text.

13
01:21.000 --> 01:31.100
This is unauthorized access and is illegal in most countries.

14
01:31.130 --> 01:32.590
This is the first camera.

15
01:34.530 --> 01:48.110
Let's try other dorks to find public accessible webcams:
inurl:”CgiStart?page


16
01:48.260 --> 01:48.800
=”

17
01:58.010 --> 01:58.340
Wow!

18
01:58.350 --> 01:59.700
Very interesting!

19
01:59.700 --> 02:00.870
There is a lot of us snow!

20
02:05.320 --> 02:14.500
And another one intitle:”live view” and intitle:


21
02:25.450 --> 02:26.050
axis

22
02:26.050 --> 02:27.340
It's not working well.

23
02:27.670 --> 02:28.740
Let's try another one.

24
02:31.590 --> 02:37.360
This one! There is a very nice lake in a mountain area.

25
02:38.780 --> 02:45.310
In fact all you have to know is the content of the default page of a specific webcam brand.

26
02:48.260 --> 02:59.630
intitle:"IP CAMERA Viewer" intext:"setting | Client setting"


27
03:04.820 --> 03:07.040
And we found a lot of cameras!

28
03:13.510 --> 03:22.090
This vertical bar is the " or " logical operator and will show you all sites that contain setting or

29
03:22.090 --> 03:27.400
client setting. At the end of this lecture

30
03:27.490 --> 03:33.030
I want to show you a website called the Google Hacking Database.

31
03:33.040 --> 03:42.790
This website! It contains an index of thousands of search queries or darks used to find publicly available

32
03:42.790 --> 03:48.130
information intended for pen testers and security researchers.