9/23/2019 0 Comments Iptv Brute-force How To Use
Is a known weak authentication system and isn’t often used in web apps anymore. However it is used quite frequently in our home network devices like routers and webcams. To complicate matters, these devices don’t have any lockout mechanisms in place to prevent password guessing attacks like dictionary or brute-force attacks.I’m going to demonstrate just how easy it is to break into such a device by running an attack on my home webcam using Hydra. Step 1 - Gather Tools THC-Hydra - Our dictionary attack tool of choice. Comes preinstalled with security distros of Linux (e.g. Kali).
OSX Install via Homebrew - brew install hydra. I had to use the -with-libssh option. Debian - sudo apt-get install hydra hydra-gtkWordlist - A list of passwords to testI’ve created wordlists using data from.Disclaimer: People commonly use passwords with NSFW language.
Expect it in these lists.There are more conclusive lists out there (hint google ‘rockyou wordlist’), but these should be enough to get you started. Optional Username List - A list of usernames to testFor this demo, I’m not using a username list and am just going by the commonly used default username adminIf you have username list you’d like to use, then go for it.
Step 2 - Scanning the TargetIf you’ve ever used an IP camera or similar networked device, the above image is probably rather familiar.A basic form and buttons that look like they came straight from geocities, what more could we want from hardwaremanufacturers? If I click on the Server Push mode Login button, I am presented with a basic auth login form.Sure, basic auth should be totally fine to protect this remotely controllable window into my home.To execute the attack,I need the following information:.
IP Address of device. Listening port. Where to submit guesses (e.g. /login.html). Request type used to submitSince this is on my network, I already know the IP address of this device.
To conduct a brute-force attack, an attacker may use a tool to attempt every combination of letters and numbers, expecting to eventually guess the password. Be safe and AES and similar algorithms used within IPTV can last a few decades. Time and resources required to break the keys using a brute-force approach.
If I didn’t know it offhand, it couldbe found rather easily by scanning the network with a tool such as nmap.So, I’ve got its local ip address 192.168.1.4 and the port it’s listening on is 8090I still need to know where to point the attack, though. Perhaps the Chrome dev tools can give me some insight.Submitting garbage data to the form and checking out the network panel gives me a pretty clear indicationof where the data is going. Getcameraparams.cgi is the only request with a status of 401. Turns out I’m not very good at guessingpasswords by flapping my hand across the keyboard.
By clicking on the request, I can see that it was submittedwith a GET request. With that, I have enough information to craft an attack.
This script leverage the fact the a lot of those sites use the same CMS to create the web application and sharing the service, behind a CMS there's always some exploits.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |