![]() Attackers can send commands to these systems and use these cameras as CnC. To replicate the real-world attack scenario, we placed a backdoor in the camera which can further penetrate the network to scan for other accessible or vulnerable systems and exploit them. We observed that ftpget is available in the camera and an attacker can use it to download and install any malware, or place a backdoor after having telnet access. Penetrating and Exploiting other systems in the network using the camera We tried to access the telnet session by a brute-force attack through a Metasploit module against the custom user-password list and we successfully managed to login to the telnet session with root privileges. We observe that telnet, HTTP and RTSP services are running. ![]() In order to see which services are being run in the device, we use nmap (i.e nmap -sV ). Importer Address: PIEDRABUENA,4,4B, MADRID,28026 Spain Exploiting the telnet service Manufacturer Mailing Address: G-4 Zone 5/F, No.1 Exchange Square, Huanan City, Pinghu Town Longgang District, Shenzhen, Guangdong, China Manufacture: Shenzhen TOMTOP Technology Co., Ltd.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
January 2023
Categories |