Firmware vendor site scan

UND-ARC / IPCam

Everything we know about the DigiHero IPCam.

The Unlicense

20 stars 8 forks source link

Firmware vendor site scan #5

Open mishaturnbull opened 5 years ago

mishaturnbull commented 5 years ago

Scan firmware vendor site, www.p2plivecam.com, to see if there are any interesting finds to be found.

The test I would like to be run is:

nmap -sS -T4 -vvv -p 1-65535 www.p2plivecam.com
nmap -F -T5 -A -vvv --script all www.p2plivecam.com

This will require root privileges and the installation of nmap. Is there any chance that this will cause damage/in some way alter the code executing on the camera? No.

Does this test prelude/follow up on others? If so, what? Depends.

mishaturnbull commented 5 years ago

Result of first scan:

Port	Proto	State	Service
80	TCP	Open	Microsoft HTTPAPI httpd 2.0 SSDP/UPnP
10220	TCP	Open	Unknown
45342	TCP	Open	SSL/Unknown

mishaturnbull commented 5 years ago

Interesting results from test 2:

Didn't find any CSRF vulnerabilities

Vulnerable to IIS Short name brute guessing:

| http-iis-short-name-brute: 
|   VULNERABLE:
|   Microsoft IIS tilde character "~" short name disclosure and denial of service
|     State: VULNERABLE (Exploitable)
|       Vulnerable IIS servers disclose folder and file names with a Windows 8.3 naming scheme inside the root folder.
|       Shortnames can be used to guess or brute force sensitive filenames. Attackers can exploit this vulnerability to
|       cause a denial of service condition.
|

HTTP TRACE enabled, potential risk
Likely vulnerable to SlowLoris
OS: Microsoft Windows 2012 or Microsoft Server 2012 R2