也试网络摄像机的奥秘

其实这个所谓的奥秘已经不能再称之为奥秘了，早在05年的时候网上就已经暴出了这个问题。就是通过google，我们能找出很多网络摄像机，查看并操作。甚至很多需要密码的，可以绕过密码的连接查看并控制。原理十分简单，利用google hack——通过特定关键词，让google返回我们想要的结果 。具体操作如下：

打开google，输入下面的任意一行，从返回的结果中，打开就行了。其中命中率比较高的几个关系词为：

nurl:ViewerFrame?Mode=（摄像头由Panasonic公司生产）
intitle:"Live View / - AXIS" | inurl:view/view.shtml
inurl:indexFrame.shtml Axis（摄像头由瑞典Axis Communications公司制造）
intext:"MOBOTIX M1" intext:"Open Menu"（其他品牌的摄像头）
intitle:"WJ-NT104 Main Page（其他品牌的摄像头）
intitle:"Live View / - AXIS" | inurl:view/view.shtml
inurl:indexFrame.shtml Axis
intitle:"Live View / - AXIS"
intext:"MOBOTIX M1" intext:"Open Menu"
inurl:"ViewerFrame?Mode="
intitle:"WJ-NT104 Main Page"
intitle:snc-rz30 inurl:home/ 

注：上面括号中的内容不要输入。

另外网上还流传一个所谓的完全版，内容如下：

intitle:"my webcamXP server!" inurl:":8080"
inurl:"view/indexFrame.shtml"
inurl:"view/index.shtml"
intitle:axis camera
intitle:"snc-rz30 home"
inurl:"ViewerFrame?Mode=Motion"
inurl:LvAppl intitle:liveapplet
intitle:"Live View / - AXIS"
"Powered by webcamXP"
inurl:indexFrame.shtml "Axis Video Server"
MOBOTIX M1" and "open menu"
intitle:flexwatch
intext:"Copyright by Seyeon TECHCo"
intitle:"WJ-NT104 Main"
inurl:"axis-cgi/mjpg"
sample/LvAppl/
inurl:home/homeJ.html
inurl:main/flashLogin.html
inurl:next_file=main_fs.htm
inurl:/login.ml
intitle:User
"Webthru User Login"
"Please enter username and password to log in to system"
inurl:Ctl/index.htm?Cus
Configuration "Pop-up Live Image"
inurl:"*.viewnetcam.com"
inurl:Remote/index.php3
intitle:"supervisioncam protocol"
inurl:CgiStart?page=Single
inurl:indexFrame.shtml?newstyle=Quad
intitle:liveapplet inurl:LvAppl
inurl:/showcam.php?camid
inurl:video.cgi?resolution=
inurl:image?cachebust=
intitle:"Live View / - AXIS"
inurl:view/view.shtml
intext:"MOBOTIX M1"
intext:"Open Menu"
intitle:snc-rz30
inurl:home/
inurl:"MultiCameraFrame?Mode="
intitle:"EvoCam" inurl:"webcam.html"
intitle:"Live NetSnap Cam-Server feed"
intitle:"Live View / - AXIS 206M"
intitle:"Live View / - AXIS 206W"
intitle:"Live View / - AXIS 210"
inurl:indexFrame.shtml Axis
inurl:"ViewerFrame?Mode="
inurl:"MultiCameraFrame?Mode=Motion"
intitle:start inurl:cgistart
intitle:"WJ-NT104 Main Page"
intext:"MOBOTIX M1" intext:"Open Menu"
intext:"MOBOTIX M10" intext:"Open Menu"
intext:"MOBOTIX D10" intext:"Open Menu"
intitle:snc-z20 inurl:home/
intitle:snc-cs3 inurl:home/
intitle:snc-rz30 inurl:home/
intitle:"sony network camera snc-p1"
intitle:"sony network camera snc-m1"
site:.viewnetcam.com -www.viewnetcam.com   (需用户名密码)
intitle:"Toshiba Network Camera" user login  (挺清晰)改为下面的更好intitle:"Toshiba Network Camera" user_view_S.htm
intitle:"netcam live image"
intitle:"i-Catcher Console - Web Monitor"
inurl:/home/home
intitle:flexwatch intext:"Copyright by Seyeon TECH Co"
intitle:"snc-rz30 home"

经过测试利用，随手找了几个链接如下，可以试下效果：

纽约州立大学
http://128.205.54.65/view/index.shtml
http://130.191.227.248/view/index.shtml
私人飞机
http://63.226.59.176/view/index.shtml
东京时间塔
http://221.255.120.171/view/index.shtml
国外某网吧
http://212.42.54.137:8008/view/index.shtml
某小区
http://77.79.211.12:3131/view/index.shtml
http://205.167.90.185/view/viewer_index.shtml?id=9359
加拿大某隧道口
http://216.8.159.21/view/index.shtml
摩天轮
http://90.145.4.49:8080/view/index.shtml
某机房
http://web.tpa.it/view/index.shtml
http://62.117.68.199:8055/ViewerFrame?Mode=Motion
海港
http://152.3.114.18/view/index.shtml
http://206.140.121.226/view/viewer_index.shtml?id=5541
街道
http://94.86.192.168/view/index.shtml
http://148.61.63.218/view/viewer_index.shtml?id=216
http://80.19.143.197/view/viewer_index.shtml?id=26
http://198.82.159.134/view/index.shtml
http://82.147.33.166/view/index.shtml
http://217.152.196.254/CgiStart?page=Single&Language=0
办公
http://blazercam.vinu.edu/view/index.shtml
http://134.129.32.194/view/index.shtml
http://193.138.213.169/CgiStart?page=Single
http://213.120.123.128:5000/CgiStart?page=Single&Language=0
http://71.248.101.58:50001/CgiStart?page=Single&Language=0
http://202.61.19.114/CgiStart?page=Single
教堂
http://74.142.49.38:8000/view/viewer_index.shtml?id=1382
庙
http://60.33.230.11/CgiStart?page=Single&Language=12
雪山
http://220.254.50.173:60001/CgiStart?page=Single&Language=1

而通过对关键词搜索得出的结果来看，之前网上流传的所谓这样的“无主摄像机”有几万个的说法并不夸张。其中axis公司的占比最多，日本的几家数码的公司点比次之。不过大多为一些老旧的设备。清晰度上并十分高。像目前一些新兴的网络摄像机，安全保护做的都十分好，一般不会存在这样的问题。如webcam和产品结合的较好的dlink的mydlink 网络摄像机等需要通过用户和密码认证才行，而另外一些其网络摄相机产品不支持web直接访问，需要客户端软件才行。

最后不得不说下，也许我们真的从未了解过google的强大。