其实这个所谓的奥秘已经不能再称之为奥秘了,早在05年的时候网上就已经暴出了这个问题。就是通过google,我们能找出很多网络摄像机,查看并操作。甚至很多需要密码的,可以绕过密码的连接查看并控制。原理十分简单,利用google hack——通过特定关键词,让google返回我们想要的结果 。具体操作如下:
打开google,输入下面的任意一行,从返回的结果中,打开就行了。其中命中率比较高的几个关系词为:
nurl:ViewerFrame?Mode=(摄像头由Panasonic公司生产) intitle:"Live View / - AXIS" | inurl:view/view.shtml inurl:indexFrame.shtml Axis(摄像头由瑞典Axis Communications公司制造) intext:"MOBOTIX M1" intext:"Open Menu"(其他品牌的摄像头) intitle:"WJ-NT104 Main Page(其他品牌的摄像头) intitle:"Live View / - AXIS" | inurl:view/view.shtml inurl:indexFrame.shtml Axis intitle:"Live View / - AXIS" intext:"MOBOTIX M1" intext:"Open Menu" inurl:"ViewerFrame?Mode=" intitle:"WJ-NT104 Main Page" intitle:snc-rz30 inurl:home/
注:上面括号中的内容不要输入。
另外网上还流传一个所谓的完全版,内容如下:
intitle:"my webcamXP server!" inurl:":8080" inurl:"view/indexFrame.shtml" inurl:"view/index.shtml" intitle:axis camera intitle:"snc-rz30 home" inurl:"ViewerFrame?Mode=Motion" inurl:LvAppl intitle:liveapplet intitle:"Live View / - AXIS" "Powered by webcamXP" inurl:indexFrame.shtml "Axis Video Server" MOBOTIX M1" and "open menu" intitle:flexwatch intext:"Copyright by Seyeon TECHCo" intitle:"WJ-NT104 Main" inurl:"axis-cgi/mjpg" sample/LvAppl/ inurl:home/homeJ.html inurl:main/flashLogin.html inurl:next_file=main_fs.htm inurl:/login.ml intitle:User "Webthru User Login" "Please enter username and password to log in to system" inurl:Ctl/index.htm?Cus Configuration "Pop-up Live Image" inurl:"*.viewnetcam.com" inurl:Remote/index.php3 intitle:"supervisioncam protocol" inurl:CgiStart?page=Single inurl:indexFrame.shtml?newstyle=Quad intitle:liveapplet inurl:LvAppl inurl:/showcam.php?camid inurl:video.cgi?resolution= inurl:image?cachebust= intitle:"Live View / - AXIS" inurl:view/view.shtml intext:"MOBOTIX M1" intext:"Open Menu" intitle:snc-rz30 inurl:home/ inurl:"MultiCameraFrame?Mode=" intitle:"EvoCam" inurl:"webcam.html" intitle:"Live NetSnap Cam-Server feed" intitle:"Live View / - AXIS 206M" intitle:"Live View / - AXIS 206W" intitle:"Live View / - AXIS 210" inurl:indexFrame.shtml Axis inurl:"ViewerFrame?Mode=" inurl:"MultiCameraFrame?Mode=Motion" intitle:start inurl:cgistart intitle:"WJ-NT104 Main Page" intext:"MOBOTIX M1" intext:"Open Menu" intext:"MOBOTIX M10" intext:"Open Menu" intext:"MOBOTIX D10" intext:"Open Menu" intitle:snc-z20 inurl:home/ intitle:snc-cs3 inurl:home/ intitle:snc-rz30 inurl:home/ intitle:"sony network camera snc-p1" intitle:"sony network camera snc-m1" site:.viewnetcam.com -www.viewnetcam.com (需用户名密码) intitle:"Toshiba Network Camera" user login (挺清晰)改为下面的更好intitle:"Toshiba Network Camera" user_view_S.htm intitle:"netcam live image" intitle:"i-Catcher Console - Web Monitor" inurl:/home/home intitle:flexwatch intext:"Copyright by Seyeon TECH Co" intitle:"snc-rz30 home"
经过测试利用,随手找了几个链接如下,可以试下效果:
纽约州立大学 http://128.205.54.65/view/index.shtml http://130.191.227.248/view/index.shtml 私人飞机 http://63.226.59.176/view/index.shtml 东京时间塔 http://221.255.120.171/view/index.shtml 国外某网吧 http://212.42.54.137:8008/view/index.shtml 某小区 http://77.79.211.12:3131/view/index.shtml http://205.167.90.185/view/viewer_index.shtml?id=9359 加拿大某隧道口 http://216.8.159.21/view/index.shtml 摩天轮 http://90.145.4.49:8080/view/index.shtml 某机房 http://web.tpa.it/view/index.shtml http://62.117.68.199:8055/ViewerFrame?Mode=Motion 海港 http://152.3.114.18/view/index.shtml http://206.140.121.226/view/viewer_index.shtml?id=5541 街道 http://94.86.192.168/view/index.shtml http://148.61.63.218/view/viewer_index.shtml?id=216 http://80.19.143.197/view/viewer_index.shtml?id=26 http://198.82.159.134/view/index.shtml http://82.147.33.166/view/index.shtml http://217.152.196.254/CgiStart?page=Single&Language=0 办公 http://blazercam.vinu.edu/view/index.shtml http://134.129.32.194/view/index.shtml http://193.138.213.169/CgiStart?page=Single http://213.120.123.128:5000/CgiStart?page=Single&Language=0 http://71.248.101.58:50001/CgiStart?page=Single&Language=0 http://202.61.19.114/CgiStart?page=Single 教堂 http://74.142.49.38:8000/view/viewer_index.shtml?id=1382 庙 http://60.33.230.11/CgiStart?page=Single&Language=12 雪山 http://220.254.50.173:60001/CgiStart?page=Single&Language=1
而通过对关键词搜索得出的结果来看,之前网上流传的所谓这样的“无主摄像机”有几万个的说法并不夸张。其中axis公司的占比最多,日本的几家数码的公司点比次之。不过大多为一些老旧的设备。清晰度上并十分高。像目前一些新兴的网络摄像机,安全保护做的都十分好,一般不会存在这样的问题。如webcam和产品结合的较好的dlink的mydlink 网络摄像机等需要通过用户和密码认证才行,而另外一些其网络摄相机产品不支持web直接访问,需要客户端软件才行。
最后不得不说下,也许我们真的从未了解过google的强大。