Closed sahilofficial97 closed 1 week ago
Ullaakut
commented
1 month ago Please make sure that your issue is not fixed by the solution mentioned in https://github.com/Ullaakut/cameradar/issues/287
But since I saw lots of reports of the file dictionary loading failing, it could be that there is indeed a bug. I don't have time to look into it at the moment though unfortunately :(
vishprat18
commented
4 weeks ago Hi Ullaakut. first of all thanks for creating such an application and consistent support.
Here I'm facing the issue with custom credentials got from seclists. Below is the error.
econd image is the output which I usually get while accessed 50 IP addresses showcased on Shodan. No idea whether it's a usual output.
Kindly help. Thanks in advance.
Ullaakut
commented
3 weeks ago Can you show me the output of running ls -l on the folder which contains your credentials?
It could be a permission issue, where the container doesn't have the permission to access the file, even though you have access to it on your host machine. Or it could be a typo? Not sure, without seeing the original files.
vishprat18
commented
3 weeks ago Thanks Ullaakut for the response. Below is the screenshot of the said command. Also like to know whether this command is correct "sudo docker run ullaakut/cameradar -t -v /usr/share/seclists/Passwords/Common-Credentials:/tmp/dictionaries -c "tmp/dictionaries/1000000.json"-t 222.153.50.143" I just followed the instruction as per the article "https://www.hackers-arise.com/post/ip-camera-hacking-hacking-ip-cameras-with-cameradar" . Also I manually created the dictionaries folder in tmp but i noticed it's getting deleted every time. sorry, I may sound weird here as I'm just a beginner in linux. Kindly help me to execute the cameradar with custom credentials.
Ullaakut
commented
3 weeks ago No need to apologize :)
The issue might lie in the use of sudo since I could see how it might mount the files as still owned by root only and therefore not accessible in the container, but if the article used it this way and it works for them I don't see why it wouldn't for you.
Could you try to run Cameradar with the -v flag, to enable verbose logs, and -d to enable debug mode? It should print something like Loading credentials dictionary from path <path>
vishprat18
commented
3 weeks ago Thanks Ullaakut. Here is the required print.
Is there any way to replace my custom credentials with the "/app/dictionaries/credentials.json". Since I'm a Windows OS user such weird thoughts are coming in mind.
BTW, After an numerous attempt on various IP's I finally got the success command to a particular IP "✔ Successful attack: one device was accessed" 👍 , that means the cameradar tool is working fine on my PC. Now I just want your help to add custom credentials instead of default credentials.
Thanks in advance
Ullaakut
commented
2 weeks ago Ah, sorry I wasnt clear enough, please do the same thing but while trying to load your dictionaries :)
So just like before, use the -v /path/on/your/machine:/tmp/dictionaries flag in the docker command, but then also use the -v -d in the cameradar command. This way it should tell us why it's not loading the dictionaries
vishprat18
commented
2 weeks ago Thanks Ullaakut.
I did it, since for such command is like climbing mountain's, I took a help from a friend who knew linux. Here is the outcome.
Unfortunately, even with million pass I cannot access any of the IP Camera :( tried tons of them
Ullaakut
commented
1 week ago You forgot to include -v -d after ullaakut/cameradar 😄 If you do it, it will show more logs and explain what is going on exactly :)
Change your command to
sudo docker run -v ~/Downloads:/tmp/config -t ullaakut/cameradar -c /tmp/config/pass10.json -t 77.121.4.86 -v -dAnd then please paste the output in here :) Thank you!
vishprat18
commented
1 week ago Oh yeah, apologies for my mistakes. here is the outcome post putting the command you suggested.
My observation: 1) While trying with 1K passwords, the program takes more than 1hr for each IP's. Hope this is an usual sign. 2) I get lots of timeout (irrespective of credentials I pick). hope this is usual sign too
Shall wait for your feedback.
Ullaakut
commented
1 week ago Ah, so the loading of custom credentials does work 😄
With that amount of credentials in the list, it may get very slow yes, however the timeouts are not expected.
The default list provided with Cameradar is default constructor credentials, so it should work for most of the cameras if they havent been secured. If they have been secured, it's usually done with passwords that are common to the security system's installer or the customer's company name, so it's also unlikely that the credentials would be found in a password list like the one you're using.
For the timeout issue, it could be due to multiple factors, most common of them being:
The only case you can do something about is network latency, which you can deal with by adding a new argument at the end of your command line: --timeout=5000ms if i recall correctly should do the job.
Another option, if the camera is rate limited, is to simply not use a custom dictionary, and hopefully the default one makes little enough amounts of requests that the rate limiter does not kick in.
Unfortunately though, since the original issue which was the credentials not being found, turns out to have been a user mistake, I'll close this issue since it has been fixed.
Feel free to open another issue if you encounter a bug, and make sure to read the README file which likely would answer a lot of your potential questions :)
Thanks again and have a nice day!
vishprat18
commented
1 week ago Thanks Buddy. You are a genius and a very humble person. God bless you.
Context
Please select one:
ullaakut/cameradarPlease select one:
Environment
My operating system:
Logs
Custom json file not found. File exist in mi directory but program can not find it. Any help please?