也试网络摄像机的奥秘

2012年12月19日 发表评论 阅读评论

其实这个所谓的奥秘已经不能再称之为奥秘了,早在05年的时候网上就已经暴出了这个问题。就是通过google,我们能找出很多网络摄像机,查看并操作。甚至很多需要密码的,可以绕过密码的连接查看并控制。原理十分简单,利用google hack——通过特定关键词,让google返回我们想要的结果 。具体操作如下:

打开google,输入下面的任意一行,从返回的结果中,打开就行了。其中命中率比较高的几个关系词为:

nurl:ViewerFrame?Mode=(摄像头由Panasonic公司生产)
intitle:"Live View / - AXIS" | inurl:view/view.shtml
inurl:indexFrame.shtml Axis(摄像头由瑞典Axis Communications公司制造)
intext:"MOBOTIX M1" intext:"Open Menu"(其他品牌的摄像头)
intitle:"WJ-NT104 Main Page(其他品牌的摄像头)
intitle:"Live View / - AXIS" | inurl:view/view.shtml
inurl:indexFrame.shtml Axis
intitle:"Live View / - AXIS"
intext:"MOBOTIX M1" intext:"Open Menu"
inurl:"ViewerFrame?Mode="
intitle:"WJ-NT104 Main Page"
intitle:snc-rz30 inurl:home/ 

注:上面括号中的内容不要输入

另外网上还流传一个所谓的完全版,内容如下:

intitle:"my webcamXP server!" inurl:":8080"
inurl:"view/indexFrame.shtml"
inurl:"view/index.shtml"
intitle:axis camera
intitle:"snc-rz30 home"
inurl:"ViewerFrame?Mode=Motion"
inurl:LvAppl intitle:liveapplet
intitle:"Live View / - AXIS"
"Powered by webcamXP"
inurl:indexFrame.shtml "Axis Video Server"
MOBOTIX M1" and "open menu"
intitle:flexwatch
intext:"Copyright by Seyeon TECHCo"
intitle:"WJ-NT104 Main"
inurl:"axis-cgi/mjpg"
sample/LvAppl/
inurl:home/homeJ.html
inurl:main/flashLogin.html
inurl:next_file=main_fs.htm
inurl:/login.ml
intitle:User
"Webthru User Login"
"Please enter username and password to log in to system"
inurl:Ctl/index.htm?Cus
Configuration "Pop-up Live Image"
inurl:"*.viewnetcam.com"
inurl:Remote/index.php3
intitle:"supervisioncam protocol"
inurl:CgiStart?page=Single
inurl:indexFrame.shtml?newstyle=Quad
intitle:liveapplet inurl:LvAppl
inurl:/showcam.php?camid
inurl:video.cgi?resolution=
inurl:image?cachebust=
intitle:"Live View / - AXIS"
inurl:view/view.shtml
intext:"MOBOTIX M1"
intext:"Open Menu"
intitle:snc-rz30
inurl:home/
inurl:"MultiCameraFrame?Mode="
intitle:"EvoCam" inurl:"webcam.html"
intitle:"Live NetSnap Cam-Server feed"
intitle:"Live View / - AXIS 206M"
intitle:"Live View / - AXIS 206W"
intitle:"Live View / - AXIS 210"
inurl:indexFrame.shtml Axis
inurl:"ViewerFrame?Mode="
inurl:"MultiCameraFrame?Mode=Motion"
intitle:start inurl:cgistart
intitle:"WJ-NT104 Main Page"
intext:"MOBOTIX M1" intext:"Open Menu"
intext:"MOBOTIX M10" intext:"Open Menu"
intext:"MOBOTIX D10" intext:"Open Menu"
intitle:snc-z20 inurl:home/
intitle:snc-cs3 inurl:home/
intitle:snc-rz30 inurl:home/
intitle:"sony network camera snc-p1"
intitle:"sony network camera snc-m1"
site:.viewnetcam.com -www.viewnetcam.com   (需用户名密码)
intitle:"Toshiba Network Camera" user login  (挺清晰)改为下面的更好intitle:"Toshiba Network Camera" user_view_S.htm
intitle:"netcam live image"
intitle:"i-Catcher Console - Web Monitor"
inurl:/home/home
intitle:flexwatch intext:"Copyright by Seyeon TECH Co"
intitle:"snc-rz30 home"

经过测试利用,随手找了几个链接如下,可以试下效果:

纽约州立大学
http://128.205.54.65/view/index.shtml
http://130.191.227.248/view/index.shtml
私人飞机
http://63.226.59.176/view/index.shtml
东京时间塔
http://221.255.120.171/view/index.shtml
国外某网吧
http://212.42.54.137:8008/view/index.shtml
某小区
http://77.79.211.12:3131/view/index.shtml
http://205.167.90.185/view/viewer_index.shtml?id=9359
加拿大某隧道口
http://216.8.159.21/view/index.shtml
摩天轮
http://90.145.4.49:8080/view/index.shtml
某机房
http://web.tpa.it/view/index.shtml
http://62.117.68.199:8055/ViewerFrame?Mode=Motion
海港
http://152.3.114.18/view/index.shtml
http://206.140.121.226/view/viewer_index.shtml?id=5541
街道
http://94.86.192.168/view/index.shtml
http://148.61.63.218/view/viewer_index.shtml?id=216
http://80.19.143.197/view/viewer_index.shtml?id=26
http://198.82.159.134/view/index.shtml
http://82.147.33.166/view/index.shtml
http://217.152.196.254/CgiStart?page=Single&Language=0
办公
http://blazercam.vinu.edu/view/index.shtml
http://134.129.32.194/view/index.shtml
http://193.138.213.169/CgiStart?page=Single
http://213.120.123.128:5000/CgiStart?page=Single&Language=0
http://71.248.101.58:50001/CgiStart?page=Single&Language=0
http://202.61.19.114/CgiStart?page=Single
教堂
http://74.142.49.38:8000/view/viewer_index.shtml?id=1382
庙
http://60.33.230.11/CgiStart?page=Single&Language=12
雪山
http://220.254.50.173:60001/CgiStart?page=Single&Language=1

而通过对关键词搜索得出的结果来看,之前网上流传的所谓这样的“无主摄像机”有几万个的说法并不夸张。其中axis公司的占比最多,日本的几家数码的公司点比次之。不过大多为一些老旧的设备。清晰度上并十分高。像目前一些新兴的网络摄像机,安全保护做的都十分好,一般不会存在这样的问题。如webcam和产品结合的较好的dlink的mydlink 网络摄像机等需要通过用户和密码认证才行,而另外一些其网络摄相机产品不支持web直接访问,需要客户端软件才行。

最后不得不说下,也许我们真的从未了解过google的强大。




本站的发展离不开您的资助,金额随意,欢迎来赏!

You can donate through PayPal.
My paypal id: itybku@139.com
Paypal page: https://www.paypal.me/361way

分类: 安全/漏洞 标签: ,
  1. 本文目前尚无任何评论.