Firmware vendor site scan

[mishaturnbull]

Scan firmware vendor site, www.p2plivecam.com, to see if there are any interesting finds to be found.

The test I would like to be run is:

nmap -sS -T4 -vvv -p 1-65535 www.p2plivecam.com
nmap -F -T5 -A -vvv --script all www.p2plivecam.com

This will require root privileges and the installation of nmap.
Is there any chance that this will cause damage/in some way alter the code executing on the camera?
No.

Does this test prelude/follow up on others? If so, what? Depends.

[mishaturnbull]

Result of first scan:

Port	Proto	State	Service
80	TCP	Open	Microsoft HTTPAPI httpd 2.0 SSDP/UPnP
10220	TCP	Open	Unknown
45342	TCP	Open	SSL/Unknown

[mishaturnbull]

Interesting results from test 2:

• Didn't find any CSRF vulnerabilities
• Vulnerable to IIS Short name brute guessing:

| http-iis-short-name-brute: 
|   VULNERABLE:
|   Microsoft IIS tilde character "~" short name disclosure and denial of service
|     State: VULNERABLE (Exploitable)
|       Vulnerable IIS servers disclose folder and file names with a Windows 8.3 naming scheme inside the root folder.
|       Shortnames can be used to guess or brute force sensitive filenames. Attackers can exploit this vulnerability to
|       cause a denial of service condition.
|           

• HTTP TRACE enabled, potential risk
• Likely vulnerable to SlowLoris
• OS: Microsoft Windows 2012 or Microsoft Server 2012 R2