Makes D-Link joke. *laughs* *nervously realize I also have D-Link products*
@butteredtoast86665 жыл бұрын
some places that make cameras, expensive and inexpensive, use the same stuff it doesn't matter.
@57thorns5 жыл бұрын
I have a router, I am powned. Simple as that. Mode, make etc makes no difference. But the only webcam I have is connected through USB when used and otherwise physically disconnected.
@nogo72775 жыл бұрын
@@MrDoboz would work for blackmail purposes
@MrDoboz5 жыл бұрын
@@nogo7277 unless the hacker can automate the blackmailing (which is not an easy thing to do), it's probably not worth their time. They could work on some ransomware instead which brings some shitton of money, or just get a real job at some security testing team. You see those are the big money, not individual person's wallet. Those are not big, and many would still refuse to pay.
@stormchaser84725 жыл бұрын
the toaster laughs!
@DeeWeext9 жыл бұрын
The speakers should always repeat the questions asked.
@micicubere7 жыл бұрын
I regularly speak every year, and I always forget to do this! You're at the end, the tough part is over (only questions left), and it's so easy to miss it. (I've written this so I engrave it into my brain)
@xl0007 жыл бұрын
you can infer the question from the answer
@maze42d6 жыл бұрын
xl Not if the answer is something like "yes" "no or "maybe"
@omardude396 жыл бұрын
Good speaking practice, but to be fair, I really liked this speaker's mannerisms, his talk presence and clarity so I let it pass because his talk was extremely interesting and very entertaining.
@GoogleUsedToLetThisNameBeLong6 жыл бұрын
Or you could just ascertain the questions by listening to the answer. Lemme help you out. (and yes I know this was commented 3 years ago) First person asked if these were the only cameras he had looked at for his research, or if he had an opportunity to look at some other more secure vendors. And second question asked if it was possible to replace the .cgi with something other than a still image, such as a video file. Luckily, there were no questions that were simply answered with a "Yes' or "No", but that's just offering half ass answers anyways, which most presenters are going to try their best not to do. Alrighty then!
@renakunisaki7 жыл бұрын
Some of these are so blatant, you have to wonder if they're on purpose. Oops, the one script we forgot to password-protect happens to have a trivial root command injection exploit...
@omardude396 жыл бұрын
I think the vast majority of these backdoors rely on complacency - "we know way more than the average user, and that makes this device secure" - or security through obscurity - "let's make it difficult to defeat this security by throwing a few things in there they can't possibly know already". Lamentably, as a manufacturer it's far easier to deliberately write a backdoor into every device you produce than to try and provide the customer service to all of those who actually manage to lock themselves out of their own devices. This talk serves to demonstrate that if you (accidentally or deliberately) make your design vulnerable to attack, somebody will attack it. Because if they can attack it with the right reasons in mind, anybody can attack it for any purpose they want to.
@GoogleUsedToLetThisNameBeLong6 жыл бұрын
@@omardude39 Ahh yes, the classic "We know more than you and our customers are bound to be ignorant. Let us accommodate easy troubleshooting solutions that don't ask too much of our privileged position!" No idea why anyone thinks this is good logic, as something that is only secure to the ignorant masses isn't actually secure from any threat that matters.
@mikepark58845 жыл бұрын
A bugdoor, as we like to call it
@cyberchef83445 жыл бұрын
@imdahG What does this have to do with the talk? It doesn't take a government to take advantage of these types of vulnerabilities. Anyone with a decent undestanding of RE and exploitation can utilize them, and anyone that watches a talk like this and has a basic understanding of computers can follow along and utilize the bugs that security researchers publish. Furthemore, going back to your actual point, what makes you think the government even takes advantage of these? The employees have more important things to do than watch random video feeds. The speaker also made a note to say that he discovered these on his own - this wasn't work he was doing for the government.
@butteredtoast86665 жыл бұрын
Mr. Patato head! Mr. Patato head! A bug door is not a secret!!!!
@olfmombach2608 жыл бұрын
This is better than comedy.
@HelloKittyFanMan.5 жыл бұрын
That's fine, Olf, it's OK to like tech stuff more than comedy.
@MrDoboz5 жыл бұрын
true, but it's actually sad too, now what the fuck am I gonna do? I can't buy a fucking camera that can't be exploited by anybody who has a brain and some free time to work out the exploits
@WordlyAnkit5 жыл бұрын
exactly my thoughts.....I swicthed stand-ups with blackhat videos :D
@jojolafrite905 жыл бұрын
This is some form of comedy, to my eyes.
@dementionalpotato4 жыл бұрын
6 6 better than douchery and pretentiousness.
@katrinal3537 жыл бұрын
Every single time that I worry that technology is moving too fast for us security types, there's a million dollar company to prove me wrong. Every, single, goddamn time. I love it.
@killslay8 жыл бұрын
is that podium comically large or is he comically small
@AreroniumPlaysL8 жыл бұрын
both
@jonotwist6 жыл бұрын
Schrodinger's poduim
@carloharryman6 жыл бұрын
Could be neither, camera might just be really low and close
@DanielRivera-pb9zs6 жыл бұрын
Comical camera angle !
@Shazzkid5 жыл бұрын
He's just comically far away from it
@freedfighter9610 жыл бұрын
I barely know how to script, but I actually understood a good amount of that. This guy is great :D
@omardude396 жыл бұрын
I agree. He's fantastically good at explaining things in understandable terms.
@butteredtoast86665 жыл бұрын
You're AWESOME! dont give up
@realm20905 жыл бұрын
omg same!
@simplekindofman88675 жыл бұрын
Can someone tell me what he uses to read the firmware code?
@adarshsingh7645 жыл бұрын
@@simplekindofman8867 binwalk. He said it at 31:22
@aeonlong830310 жыл бұрын
Very good presentation. The presenter is also very good with public speaking, and knew this subject very well. Also was experienced with good audience eye contact, and body language. As a former instructor/trainer myself, public speaking is not for everyone. Interesting subject, I didn't understand a lot about the coding and software values, but nonetheless it was fun/scarey to listen to what can be done. Job well done.
@pgibsonorg4 жыл бұрын
He failed to guard his corona now there’s an outbreak.
@mikhailoldskool89554 жыл бұрын
haha i just realised that and its now 2020 woah
@maycodes4 жыл бұрын
lol
@Rico-iz8mb4 жыл бұрын
Dude you know it doesn't come from the beer right? also this talk was from 7 years ago...
@princeray42473 жыл бұрын
@@Rico-iz8mb joke went miles over your head huh?
@YaBoiiiNikki9 жыл бұрын
Simplicity is key: Want to be safe? Just get a camera physically connected to a hard drive. Almost 10x cheaper and definitely more secure.
@ConstantlyDamaged9 жыл бұрын
+NikkiDiamond Or put your IP cameras on a locked down vlan with no internet access.
@YaBoiiiNikki9 жыл бұрын
Darthane I'm too flinstone for that shit
@ConstantlyDamaged9 жыл бұрын
NikkiDiamond Damn you, now I have that theme song in my head.
@YaBoiiiNikki9 жыл бұрын
Darthane That was all part of my evil plan
@endoscopisis9 жыл бұрын
+NikkiDiamond hahaha too flintstone for that shit hahaha
@thefudderation4445 жыл бұрын
Six years later, and this shit is still happening... CVE-2019-15498
@burgerlx88715 жыл бұрын
OMFG LOOOOL
@57thorns5 жыл бұрын
Of course. No one cares about these things. NSA want these backdoors. Russian equivalent want them. Customers (even when running nuclear plants) does not know enough about these thing. I as an professional programmer with more than a few decades worth of experience and enough interest to see a few of these videos do not know _enough_ about these things. And most people, programmers and customers alike, can't be bothered.
@andrew1717xx5 жыл бұрын
I'd even argue there are two reasons. Innovation and profit. Flaws=room to improve=Selling "Better" equipment with different flaws. After all, the media basically suffers from the same security through "obscurity" bias.
@icarusswitkes9865 жыл бұрын
Wtf still?
@H33t3Speaks10 жыл бұрын
For anybody wondering whether or not the byte code is x86, it is ARM. (now things make sense lol)
@hgbugalou5 жыл бұрын
This is why I drop all traffic to and from my IP cameras at my edge firewall. If I want to view them remotely I will VPN into my network. It's old school but I don't trust any hardware running embedded Linux on my network. To many companies have no idea what they are doing code wise and these cameras are essentially computers to be abused.
@fss17045 жыл бұрын
yeah i don't run anything other than openwrt, the main router can be whatever the fuck but i won't connect without a good router.
@paulx27778 жыл бұрын
Moral of the story: don't put your surveillance system on the Internet. And if that is impossible for you, put it behind a firewall that has been beefed up to eliminate such exploits (I'm not sure this is even realistically possible, but I'm just suggesting a possible way to deal with insecure devices of which we have no shortage).
@quelorepario8 жыл бұрын
I don't think a firewall will protect you, unless you are blocking all traffic to the camera. If there is a firewall rule allowing incoming http traffic to the camera, to the camera it will be the same to have video feed streaming out from strings coming in or out, and those strings can be malformed urls or command injections.
@paulx27778 жыл бұрын
Yeah. So again, don't put your system on the internet. What little having an internet-connected system buys you (a bit of convenience), is not worth the risk of easy exploits.
@satibel7 жыл бұрын
the easiest way to block from the firewall is to use port knocking. that means trying for example to connect on port 30506, then 18365, then 28435, then the firewall allow http packets to the webcam from your IP only, if you don't connect in this exact sequence, it blocks you for 5 seconds. if you wanted to brute force a 3 port port knocking pattern with a 5 sec timeout, you'd have to wait about 21 990 232 555 520 seconds or about 696 828 years. Still doable, but if you change the pattern every 2 months, that might be almost impossible (you'd need a 4 million ip botnet working on it, and it should probably rise a huge flag on the firewall.) also if you lock definitely an ip after 50 or 100 fails, it would be impossible to brute force unless you are lucky.
@dylanh3336 жыл бұрын
Better still, set up a personal VPN to your home network and only make it accessible from that and the LAN, or alternatively, use SSH port forwarding to get to it. Don't make it accessible directly from the Internet - even with port knocking
@jx42196 жыл бұрын
Or you just put a second password between the camera and the internet. The backdoor doesn't work anymore then.
@lostcause70725 жыл бұрын
Get this man a glass of water.
@garybarbourii82744 жыл бұрын
He was saving room for Corona
@nahrafe4 жыл бұрын
11:58
@davecarter41293 жыл бұрын
hell no, take his water... his loud ass gulping
@aqueouscomputing81538 жыл бұрын
Isn't this the same guy that developed Reaver, the tool built into Kali Linux/Parrot Sec used for recovering WPS PIN Registrars?
@mandisaplaylist5 жыл бұрын
13:28 Well, they use "high security" as one of their marketing points. Additionally, their main business focus is networking infrastructure hardware. So this networked camera insecurity fiasco is pretty relevant and pretty embarrassing for them even when "they are not a camera company".
@themanyone10 жыл бұрын
This guy hacks into security cameras for fun. It looks simple, but it took some brain power to figure out. Although some of these exploits are patched by now, hardly anybody updates their firmware, and someone could conceivably download new firmware and find more of these exploits in a debugger, without even having to buy the camera.
@fss17045 жыл бұрын
they're almost all gone by now, you have to remember that ipv4 is rather small and that people fuck up the hosts or a white hat comes and plant a flag, fixing the cve.
@JasonSpiffy9 жыл бұрын
This is great! Scary but great. Ive read about several companies doing half assed jobs doing these kinds of things. This man just showed how easy it is (for the people with the technical skill).
@Dorngela10 жыл бұрын
Why in the world would someone possibly do Javascript Authentication? They write firmware for camera's but they don't know how to write PHP?
@MazeFrame5 жыл бұрын
Why not have the firmware available and pay bounties?
@MrDoboz5 жыл бұрын
@@MazeFrame You answered it with the question. "pay"
@DeannaEarley6 жыл бұрын
I used to work for a CCTV software company and the vast majority of cameras had default passwords still in use (I still have a list, and a map of all the camera clones) We always stood be the "we don't have a default/backdoor password" when people called us after getting locked out.
@jozjr884 жыл бұрын
Share the list
@elduderino74564 жыл бұрын
Every camera manufacturer ceo face rn: PIKACHU FACE
@mitchblackmore52304 жыл бұрын
Even though this was miles above my nerd level, it was still interesting to watch.
@kd1s6 жыл бұрын
Well a good nmap scan is pretty valuable too.
@Slash270155 жыл бұрын
It's almost 2020 and these days I see automated scans on my router from all kinds of national IP's that scan automatically on every port available and try default FTP passwords etc, with access denied errors hence how i found out about this. This video is great security motivation for anybody, especially with the new generation of minecraft kids setting their routers DMZ to their local PC so their servers run easily consistent, but also opening a whole world of AI scanners that will get into much worse once they've found local admin / root.
@57thorns5 жыл бұрын
26:26 In this case I believe the answer to "who is vulnerable" is "everyone"?
@ChillerDragon5 жыл бұрын
This was fun. Also funny was when he said 0day and I realized that the video was uploaded years ago haha
@devnull797010 жыл бұрын
Actually rofling at the "Ron Burgundy" exploit.
@icarusswitkes9865 жыл бұрын
It’s been 6 years... are these patched yet?
@KangJangkrik4 жыл бұрын
Not for D-Link, good luck!
@tim22215 жыл бұрын
What's that B64 non-standard key string encryption he's talking about? I have no clue what this is nor was I able to google it successfully.
@msven11 жыл бұрын
Thanks for the post. I love watching Craig's stuff. Very well explained and makes me actually want to look through firmware
@iangraham67305 жыл бұрын
Excellent demonstration 👌 Anything nice for 'hikvision' lately?
@entee1235 жыл бұрын
It's 2019 and my friend told me that there are still cameras out there with version 1.4.13 that can be easily searched for and yet none of these exploits work. Strange...he said.
@Jump-n-smash5 жыл бұрын
I've seen them behind WAFs.
@Shazzkid5 жыл бұрын
I. AM. ROOT
@MrSaemichlaus5 жыл бұрын
Somebody needs to make a shirt of that.
@MrDoboz5 жыл бұрын
I am Groot
@colosalkompakt5 жыл бұрын
Winner of KZbin 2019!
@SymplyAmazingJD3 жыл бұрын
i really didn't understand a word, but somehow I still found it to be quite interesting to hearing him explain all this fancy stuff. I am highly confused yet entertained
@deanvangreunen6457 Жыл бұрын
only issue is that if it had low video quality , when pausing or freezing the image, you will notice that from the user side that there are no artifacts, meaning that the user could detect that the image has been paused, such things which would add noise to a basic low video quality camera are nearby computers, other machines, maybe cleaning machines, or noise from the outside...
@JoeCnNd3 жыл бұрын
10:40 I think the crowd didn't get the war games picture. lol
@TimmyTarget2 жыл бұрын
Would've been swell if he swigged the beer instead of the water at the end of that haha.
@simplekindofman88675 жыл бұрын
I am new to the cyber world and I have to say this video is amazing. What great presentation and knowledge. Thank you.
@PeterMaddison24835 жыл бұрын
Have you got Kali Linux? If not, get it.
@simplekindofman88675 жыл бұрын
Peter Maddison I’ve got it. Using it on Virtual Box. This security stuff is so complicated. I had no idea how traffic could be manipulated.
@haveaniceday79504 жыл бұрын
Simplekind Ofman any update for a fellow absolute beginner?
@simplekindofman88674 жыл бұрын
@@haveaniceday7950 Well, I use Virtual Box for loading the virtual machines. However, lately, Hack the Box is a great site for practicing pen testing. You learn a lot and see some real material. If you really want to learn, go to Udemy, they have classes really cheap and some of those folks are very detailed.
@HelloKittyFanMan.5 жыл бұрын
And let me guess: the panel that covers the SD card slot on those cameras that have them is held in place by a lock that has "CH-751" or "C0106" stamped on it! Right?
@MrDoboz5 жыл бұрын
no, it has MasterLock stamped on it
@thegazillionmask6 жыл бұрын
18:47 how do i view the source code of a password field such as that one thats using java script, or anything else like php or whatever. Is it as easy as using inspect element in a web browser?
@wasdasoos65525 жыл бұрын
yeah you can just rightclick -> inspect to see the code, if they use js. you cant see any php code since its executed by the webserver but in this case the js evaluates if you authenticated successfully and redirects to the firmware dl page.. so you can just go there manually since you can see the needed GET param :)
@fake123964 жыл бұрын
they have a new site now, with a new security scheme for the firmware. instead of a password, they want the name of your sales person. brute force attack worked pretty well here, 2 guesses and i found out that 'Mike' gets you in. it's amazing how they can even come up with such password authentication and login systems.
@cellarseer6 жыл бұрын
I realize he's 1000x as brilliant as I am, so is it wrong it bugs me when he says "oh-day" instead of zero day?
@GoogleUsedToLetThisNameBeLong6 жыл бұрын
I think your confusing his nerdy colloquialisms (which he let show multiple times in his presentation) with ignorance of the letter "O" not being the same thing as the number "0". But to be fair, your not wrong still lol.
@GoogleUsedToLetThisNameBeLong6 жыл бұрын
@Joe Blow Yeah this is true. And while i do think he was doing it on purpose to some degree, I was thinking about another example where it's considered the norm. I live here in Denver, Colorado and if you ask almost ANYONE what our area code is, they will tell you its "3-Oh-3" or 303. Almost nobody will ever say "3-Zero-3", and i've never really given it much thought as to why until now...... Conclusion: People are weird.
@edogg56906 жыл бұрын
@@GoogleUsedToLetThisNameBeLong that's pretty common around me also. Somewhere along the line someone subbed Oh for Zero and it's been like that ever since. In fact the only time i ever say zero as opposed to oh is when I'm on the phone confirming some type of number or code.
@andrewferguson69015 жыл бұрын
yeah I fucking hate when people say four oh four error too /s
@andrewmcswain94525 жыл бұрын
"OH" is one syllable and is arguably the second easiest, after "AH." compare that to zero, which has two difficult consonants as well as vowels that vibrate at very different tones and in different parts of the oral cavity. in other words, it's just easier
@chriskaprys9 жыл бұрын
would anyone be so kind as to explain the grep command in terms of the command injection during 16:00 when he's talking about the IQinvision cameras? i think i understand the actual command injection appended to the end of the string entered into the URL (apart from the addition of "$IFS"), but how does the next command, "grep -i ...." come into play after that? it seems /oidtable.cgi and /oidtable.html give the same results in terms of the info they pull and list. thanks for any leads.
@chriskaprys9 жыл бұрын
+chris kaprys oh nevermind. i missed that very quick slide that shows it's the camera's code itself that creates that line
@HelloKittyFanMan.5 жыл бұрын
Huh, this reuse of code across several brands of networked cameras reminds me of keyed-alike locks as described by "Deviant" Ollam! So even though this code isn't exactly keys (public, private, SHA, hash, etc.), it seems similar.
@lyfeninja72649 жыл бұрын
With how much money these companies make, why do they not invest in the security of their products? It's sad to think people are able to tap into schools, hospitals, financial institutions, government agencies, etc and see anything that want; not to mention having access to the local network. Maybe instead of being so tight with their money, they should hire people such as the speaker to find vulnerabilities for them. I know there are companies that do such work, but there are more skilled individuals than what any company has. Put a bounty out for vulnerabilities... Awesome presentation.
@Polygonlin2 жыл бұрын
"This Camera has a list price of *CONTACT US* Which is how i KNOW i can't afford it" LOL THAT SHIT HIT HOME *HARD!*
@the_average_canadian10 жыл бұрын
XD 3SVISION hasn't patched that yet
@pokemocestlediable9 жыл бұрын
chuck norrisonefivesix now it is ^^
@Lino12596 жыл бұрын
There are still cameras accessible tho
@TheMrKeksLp5 жыл бұрын
Don't forget that absolute nobody on this planet updates surveillance camera firmware
@mikenichols0xcf42a64d6 жыл бұрын
Any updates to this talk? Have you looked at Ubiquiti's cameras?
@olfmombach2608 жыл бұрын
*So there is one big problem: Even if you can break through all these pseudo-walls and stuff, HOW THE HECK CAN YOU FIND OUT THE IP ADDRESS OF THE CAMERA?*
@Landoaeon8 жыл бұрын
every vendor has programs that will scan for cameras on the network. it will even allow you to change the ip... without autentication... there are some models that lock this out though after a period of time after start up
@olfmombach2608 жыл бұрын
Landan Hughes Now that is surprisingly (in a scary way) easy.
@m3n4lyf6 жыл бұрын
*ahem* github.com/robertdavidgraham/masscan
@2arx9926 жыл бұрын
shodan
@SirCommoner10 жыл бұрын
Playing Watch_Dogs and seeing this afterwards is really mindblowing...
@matejcerman449410 жыл бұрын
I have just finished the campaign and then discovered this video :)
@SirCommoner10 жыл бұрын
Me too!
@jian206910 жыл бұрын
watch dogs is literally the worst game of this year.
@SirCommoner10 жыл бұрын
Josh Kelly I agree
@scionboy10010 жыл бұрын
Josh Kelly You're opinion, but it is basically the modern AC
@dot_lexg6 жыл бұрын
I love the Bob Evans product placement of the podium
@PashaDefragzor5 жыл бұрын
cracking the old way, I wonder about the creators of an IP cameras, what did they wanted to get at the end of a result, the next conference of a Black noob 2013 ? ^^
@ElunesMoonLight6 жыл бұрын
I have one question, all the admin pages IP adresses was accessed through google search i think right? How i can find out what IP adress is on one specific camera for example? Imagine this: I have camera on my house, i can see exact model of camera, how i can determine IP. Just interested how can be this done, in movies they know IP of everything imediately somehow :D
@ElunesMoonLight6 жыл бұрын
@Marvin blue i would like to know how to find IP address. I just want to know how it is done. I dont need to hack something. i am interested in IT security. i never saw this concept on intermet somewhere of how to find IP of one specific hardware.
@DilanGilluly5 жыл бұрын
What beats me is the admins throwing their security cameras out in the wild right on the internet. It's common and best practice to firewall them and hide them behind a secure VPN. Also VPN software gets patched and evaluated for vulnerabilities more than embedded firmware does. But these guys are like "nope, just throw that shit right on the open internet."
@KatorNia4 жыл бұрын
Funny, I always thought it was "0-day (zero-day)" instead of "O-day (oh-day)".
@howlingwolven4 жыл бұрын
Both are right.
@Nerd2k78 жыл бұрын
How does he managed to get to the download page at 18:58. What did he entered?
@IVIasterIVIind8 жыл бұрын
Having checked it, their page still has the following bit in their source code: else if(par == 2) location.href = "prod_info.php?pid=" + pid + "&tab=4";That's a bad sign.
@Nerd2k78 жыл бұрын
ye i saw that too. But the question was what i have to enter to access?
@quelorepario8 жыл бұрын
prod_info.php?pid=productid&tab=4
@astrionn61828 жыл бұрын
to make it a little easier for you: you can get the pid by brwosing to the product (in this case in the url it says :"prod_info.php?pid=11") so you already know half of the code ^^ just copy that and add "&tab=4" and there ya go
@knezivan16 жыл бұрын
you tried any Bosch cameras? in my country they are the most expensive cameras sold and they sell a tone of them.
@anglerandy57366 жыл бұрын
Made in China, china has access.
@deoxysdanderson91498 жыл бұрын
3:30 How did he get into the webserver of the camera? and these directories at 4:07 ?
@dardosordi8 жыл бұрын
He says it later, he downloaded the firmware upgrades from the vendor's site and decompressed them.
@deoxysdanderson91498 жыл бұрын
How would he then access it in an actual camera?
@dardosordi8 жыл бұрын
+Deoxys Danderson (DjOxys) go to tour vendor's website, download the firmware upgrade and use binwalk.
@deoxysdanderson91498 жыл бұрын
I mean, if there was a camera on the network and he wanted to explore it, how would he do that?
@quelorepario8 жыл бұрын
He finds out the model, gets the firmware, find vulnerabilities, exploit them. Then take what he learned and exploits the target camera.
@bornfree22375 жыл бұрын
Isn't 100% of this avoided by separating your DVR IP network from the client? I use more Wisecom, but have used others the same.
@fss17045 жыл бұрын
nop, as long as you have a public address you can hack the camera and use the camera as a relay to hack the router or mess up with the network.
@LashyYT5 жыл бұрын
Are there parts in the video that you don’t understand ?
@opiniondiscarded66503 жыл бұрын
I'd love to see a walkthrough of how he ran his Qemu. I wonder if he's just emulating the programs individually or if he's booting the full system with a kernel in a VM. I'd assume it's the former, but would love to see it regardless.
@n3rdy1110 жыл бұрын
Can somebody please explain this whole "tab=4" thing again? I'm not a coder, but literate enough to understand most of these talks. But bypassing that java login page, I did not understand what happened there or what's so funny about "tab=4"? Is it some kind of known trope? Or something he simply read out of the java code of the page? And what did it actually enable him to do? Hit tab 4 times on the password field to get a login? Not that i want to break into anything, i just don't understand the joke, when i usually do, so i feel kind of bummed out :(
@NicholasRizzio10 жыл бұрын
(18:00) The JavaScript code does two things: Check if the password is correct by asking the website, and If the password is correct, navigate to the same exact page, except at the end of the URL, add "?&tab=4" which means the entire login mechanism can be bypassed just by adding "?&tab=4" to the end of the URL in the address bar. Showing that they are truly incompetent at security, or that they don't care about it at all.
@n3rdy1110 жыл бұрын
Nicholas Rizzio Aahh now i get it! Thank you so much for taking your time to explain that again :)
@NicholasRizzio10 жыл бұрын
No problem.
@redactedllc.18647 жыл бұрын
It doesn't work anymore..
@Johnwww077 жыл бұрын
Everyone knows tab actually = 8
@fsecofficial2 жыл бұрын
Those cameras are all on the WAN and behind the WAP and firewall. If you’re already on the network you can just use Wireshark to watch existing feeds.
@GoldCaesar6 жыл бұрын
What a stupidily large podium, really the adverse of what a podium is for🤦
@KyrstOak4 жыл бұрын
He makes that tisking sound a lot.
@Pippymint5 ай бұрын
So?
@antoinecompagnie66408 жыл бұрын
I don't understand what did Craig said at 4:47, I don't understand the joke, can one help me?
@TheZakkattackk8 жыл бұрын
+coloc antoine It's not really a joke, people are chuckling because the exploit was so prolific. It's kind of funny because the only directory not protected by a password happened to be a vector through which you could issue any command to the system. He didn't really have to do anything that special, just edit the query, and as you saw, was able to get full admin access to the web server.
@erikecoologic5 жыл бұрын
Great talk. Impressive that products not designed to receive updates are shipped in this conditions. We need better ethic in the industry.
@RileyNRV5 жыл бұрын
I hope to know as much as this guy does one day.
@emsicz6 жыл бұрын
I get his point, but in order to do that, you have to access the same network the camera is on. Can someone point me in the direction why that would be the case? How do you get access to these? Even if the camera is accessible from the internet, how would you find it?
@sheriffoftiltover6 жыл бұрын
Google.
@G14N14RI126 жыл бұрын
That's what the Shodan stuff was for. You can find internet connected devices using it.
@jonhille3 жыл бұрын
Is he using ubuntu? and what specific chromium did he use as his "hacker browser"? what made it a "hacker browser"?
@Flqmmable4 жыл бұрын
What makes me happy is when someone laughs at his jokes that normal people wouldn't understand. We smart!
@Maximise076 жыл бұрын
I found this fascinating, but have absolutely zero experience in coding or scripting or whatever, and am a total newb when it comes to computer use in general. It seems like I need to learn a new language to do this, and I've always wanted to be bilingual.... If I wanted to be able to understand more to do things like this myself, where do I start? What resources do I use? are there specific training courses I can sign up to to learn this stuff? How long would it take to go from knowing nothing, to understanding how to do something like this?
@XTheDentist6 жыл бұрын
First step I recommend is dont learn ANY coding, put that aside for now. First, read up on linux & find like 3 different distrubutions & learn how to install them & setup a multiboot setup, understand the boot process, the file system & the structure of linux. Learn how to get comfortable at the command line, basically just have a command line reference for your distribution & start playing around getting comfortable. Learn as many command line tools that u can & really try to learn how the operating system works. After you get comfortable with a linux environment, and really this doesnt take as long as u think with todays resources with books, youtube tutorials, etc, then u can begin learning some coding & I suggest learning the C programming language since that is what linux is written in & dont be afraid of learning just a little bit of assembly, at least the basic idea, sincr that will deepen your understanding of computer hardware in general & how software communicates with it. But before learning C, maybe u can learn Python first or perhaps a scripting language or shell scripting. Good luck!
@chrisg6614 жыл бұрын
what is the name of the software used to analyze the binaries?
@chrisg6614 жыл бұрын
nvm it's IDA
@27shogun587 жыл бұрын
Anybody know stuff about how to view firmware code like the lines he showed in the presentation? Can't find anything new on the internet
@27shogun587 жыл бұрын
Oh right, go to the website and download the firmware update Didn't watch the whole talk
@codesmen70683 жыл бұрын
How does he find the web servers, I know about SSH, but still tho how.
@Metruzanca5 жыл бұрын
..... What does tab=4 mean?
@ApusApus5 жыл бұрын
While watching this video, my computer's RAM was very suddenly overloaded (98%), basically everything crashed. I didn't see what it was because on Task manager I was looking for a program to close (while usually it is sorted by RAM or CPU usage). I am getting concerned...
@MrDoboz5 жыл бұрын
press Alt+F4 a few times repeatedly, then check task manager if the problem is solved yet. if not, delete system32. Check again, if still not solved, install Linux
@JimiDunlop10 жыл бұрын
Excellent talk! Thanks for uploading
@burningrax58595 жыл бұрын
Anyone able to explain what tab=4 means?
@christoffrossouw29235 жыл бұрын
When a user normally authenticates they will be taken to the firmware page specified by the tab=4 at the end of the URL. The problem was that you could completely skip the authentication and just redirect to the URL
@burningrax58595 жыл бұрын
@@christoffrossouw2923 thank you
@Dorngela10 жыл бұрын
Does anyone know which decompiler / debugger he's using btw?
@lolgetrekt22599 жыл бұрын
dumbass
@logerer56339 жыл бұрын
Dorngela He said that at 31:16
@MoonfireSeco6 жыл бұрын
It's IDA
@some______guy5 жыл бұрын
Isn't it called zero-day? Not oh-day.
@westernvibes12674 жыл бұрын
I never laughed this much in any comedy show. Xd
@GreenNati0n7 жыл бұрын
can someone explain how he gets root after getting admin access didn't quite understand that bit
@grayfox45515 жыл бұрын
Decoded the configuration file...then pass command new user=root......basically escalated privelges initially as default admin
@freemanguess86345 жыл бұрын
Reminds me when i gave myself root over win 10
@liukang854 жыл бұрын
Can sb explain the 'tab=4' part? I don't get it EDIT: I guess I understood he used 'tab=4' as a password, when what he really meant was just that he appended four tabs to the password-prompt-URL for the product?
@raoanjumjamil97462 жыл бұрын
The page literally directs every signed in user to the same specific website url and the cherry over the top was that url was listed in the php for the code so tab=4 was like a query after the initial url.
@MasterBasser5 жыл бұрын
I wonder if these kinds of exploits exist for Dahua Cameras. I have no fucking clue how to read firmware.
@darthstar1810 жыл бұрын
I bet police and security officials are all over this convention
@airbornejoseph9 жыл бұрын
Dude you are the man. I am still new to "security world". I really want to become a solid Penetration Tester. What would your recommendations be?
@anaselmedlaoui12779 жыл бұрын
Joseph Brownfield try first to understand the basics of network and how it's works always start with the basics so you not get confused because network world is huuuuuuuuggee bro
@airbornejoseph9 жыл бұрын
Thank you. Graduation with my dual major in networking technology and information security and still haven't scratched the surface.
@anaselmedlaoui12779 жыл бұрын
really that's weird !! you should have knowledge about networking now but no problem just start with the easy parts and if you find yourself enjoying what you do then the network world is your place just don't lose hope because that's common thing to the newbies just keep going and you will keep getting better every day. try www.cybrary.it they have an excellent vedios trainning and great teachers in every module in network from hacking to switching and routing and it's all free just create an account and start learning and if you need anything just ask me glad to help :)
@haveaniceday79504 жыл бұрын
So all of this is only possible if the model of the camera is known, correct? Then looking up the firmware sand going from there. Well in Hollywood they just do it without that😉
@mouser42906 жыл бұрын
This has inspired a lot of fun thank you.
@andhemills2 жыл бұрын
I was listening, not watching. After the exploit, I heard him take a drink. I was disappointed he wasn't swigging the beer that was being guarded. Phrase of the video: "Epicly trivial" Hoping the state of the art has improved in the last decade.
@Slash270155 жыл бұрын
Jokes to future hackers, I now have an obscure east-european router. Even I don't know how it's performing, but it's the sturdiest rock I ever owned.
@adrianalexandrov7730 Жыл бұрын
Mikrotik, I'd guess? That's pretty popular in Eastern Europe
@Slash27015 Жыл бұрын
@@adrianalexandrov7730 my secret has been compromised, roll the delete everything scene from wolf of wall street
@Stopinvadingmyhardware2 жыл бұрын
How I can tell you read my notes
@ripmeep5 жыл бұрын
What is he using to view the cgi stuff??
@bengarretson91795 жыл бұрын
How does he find/access the code he displays and analyzes?
@tactileslut5 жыл бұрын
Explained near the end:binwalk and ida are the magic sauce.
@coontzy15 жыл бұрын
What language is this stuff in?
@keyboard_toucher7 жыл бұрын
"oh-day", "daymen"
@TheMrKeksLp6 жыл бұрын
"Geoff"
@coler1545 жыл бұрын
Ehtcee
@Carsten_Hoett4 жыл бұрын
Pretty cool stuff but since one having implemented/instaled surveliance Cams, one should also install or supervise the sensors of the objects e.g. the motor of the elevator or some kind of nearfield/capacity sensor or temperature sensor to verify the picture at the scene with some eventually intruding or invading. Therefor I would recommend to install a nearing sensor at the cam to at least use the beam-coil to redundant survaile the cam's direction. But perhaps hacking this would be working the same way as showen. But this solution is cheaper than installing a IR-interface in a second Cam cause just using a filter wound't exploit IR-RAW-Data and I guess these data are much harder to fake if you haven't hacked the Cam before. In my opinion a picture must also have a different check-in sum than a live-stream but I don't know. If the check-sum would differ from the stream-sum a attack is eventually going on and you could deploit some allerd. But since got the firmware you can also read-out the expected sum and my deliver the expected data to the handler. But this is not my field of expertise therefore I am just guessing. And you all know "Invaders Must Die" :-D don't consider this to be to serious
@Nicofromtheweb5 жыл бұрын
i laugh whenever they laugh but i don't understand any of this.
@TripleForce10 жыл бұрын
omg just imagine these people want to see those people in the private chat room...lols
@ir46405 жыл бұрын
Where did he get the firmware code and all the info about it