Cameradar is not giving result properly

[Huan2gao]

Im using Cameradar from past 6 months it working fine but now i thing its having some issues with it. Im testing with RTSP IP having open port and also having default credentials which are present in dictionary Folder but it shows "Unable to attack empty list of targets " and when i open my rtsp link with default credentials in VLC it's working. so, i think there have some problem Cameradar. Please help me out.

Please select one:

• [* ] I use the docker image ullaakut/cameradar **
• I use my own build of the docker image
• I use the pre-compiled binary
• I use my own build of the binary
• None of the above / I don't know

Environment

My operating system:

• Windows
• OSX
• [* ] Linux
• Other

OS version: <ubuntu 16.04 >
OS architecture: <64 bit>

[Ullaakut]

Hi @Huan2gao!

Could you please run an nmap scan on your network and show me the results? nmap -A -p 554,8554 <your_target>

In the meantime, you can add a tag to your cameradar image when running cameradar, like such:

sudo docker run --net=host -t ullaakut/cameradar:3.0.2 -p 554,8554 -t <your_target>

This will make you use the previous version which you were using before. If it still doesn't work, it must be an issue with the network and to help you find a solution I would need to see the output of the nmap scan.

[Ullaakut]

Hey @Huan2gao any update on this?

[Huan2gao]

no Bro , it still not working. Default username password is in the list of password file but it still don't work for me i dont why and that camera is working in VLC Media player.

Here is screenshot of both nmap And Cameradar Scan.

[Ullaakut]

Mh it's really strange that even in 3.0.2 it didn't work, since you told me it used to work. You might have been using a really old version 🤔

Could you try to run docker pull ullaakut/cameradar and run your cameradar again with the latest command? If it still doesn't work, we'll figure out another solution, no worries :)

• docker pull ullaakut/cameradar
• sudo docker run --net=host -t ullaakut/cameradar:latest -p 554,8554 -t <your_target>

[Huan2gao]

No, bro its not working. can you please tell me whole process of installation of latest cameradar may be i had done mistake with installation . i will try it on new Ubuntu Machine or if possible pls give me latest repository of cameradar.

[Ullaakut]

You shouldn't need to install it, just running docker pull and using the latest tag should ensure you have the up-to-date version.

Basically what is happening apparently is that cameradar's internal nmap scan is either not working properly or isn't being parsed correctly. I'll do some tests on my end and let you know if I manage to reproduce it 👍

[Huan2gao]

Now its giving Username and password and rtsp link is working but still shows stream not found. i don't know whats wrong with this.

[Ullaakut]

Ah actually I know what's wrong. Fixing it in 10 minutes, it's a quick one!

Nevermind, I thought I forgot one thing but turns out I didn't 🤔

Could you run cameradar with the -v flag and show me the full logs?

[Huan2gao]

this is my log file
log_file.txt

[Ullaakut]

Mh these aren't Cameradar logs at all, these are the logs of docker crashing 😅 Running a CTRL+F cameradar doesn't even give anything. Are you sure you sent the right file?

[Huan2gao]

Mh these aren't Cameradar logs at all, these are the logs of docker crashing sweat_smile Running a CTRL+F cameradar doesn't even give anything. Are you sure you sent the right file?

whats the command to get cameradar log?

[Ullaakut]

Just run your usual docker run ullaakut/cameradar command, with the -v option, and redirect the logs to a file, like docker run [...] ullaakut/cameradar:latest [...] -v > logs.txt

[Huan2gao]

there is LOG file, i got ip from shodan
log1.txt

[Ullaakut]

As you can see, the device you are trying to access is timing out, since the network is too unstable or slow. You can improve this by specifying the --timeout option and increasing from the default value of 2000ms (I suggest 10000 milliseconds if it's a really unstable network) but this will also make the scan SIGNIFICANTLY slower. It might take 30mns or so to finish if each attempt takes 10 seconds.

Also as a side note, attacking devices found via Shodan.io is illegal. Cameradar is a pentesting tool and should not be used on exposed cameras unless you own them or are given permission to access them by their owners.

I'm closing this issue since it's not a bug with Cameradar but simply due to a remote attack on a very slow/unstable/distant network, and could have been resolved by following the documentation in the first place.

Feel free to open another issue if you think the documentation or logging could be improved to show that timeouts are occurring.

[Huan2gao]

thanks for giving me solution. im using Shodan just to test cameradar my intention was not bad.

[jepunband]

Hi if port 8554 states as filtered will cameradar still able to work?

I keep getting rttvar getting to over... during scan.

Thanks.

[Ullaakut]

The output from Nmap is a list of scanned targets, with supplemental information on each depending on the options used. Key among that information is the “interesting ports table”. That table lists the port number and protocol, service name, and state. The state is either open, filtered, closed, or unfiltered.
Open means that an application on the target machine is listening for connections/packets on that port.
Filtered means that a firewall, filter, or other network obstacle is blocking the port so that Nmap cannot tell whether it is open or closed.
Closed ports have no application listening on them, though they could open up at any time. Ports are classified as unfiltered when they are responsive to Nmap's probes, but Nmap cannot determine whether they are open or closed. Nmap reports the state combinations open|filtered and closed|filtered when it cannot determine which of the two states describes a port.

Because of this, Cameradar does not attempt to access filtered ports, as 99% of the time it means they are closed. It could make sense to add an option to force the scan of filtered hosts however. If you'd like this option, please create a new issue especially for this feature.