Difference between revisions of "IOT Security: Pentesting on IP Cameras"
Line 54: | Line 54: | ||
Target Specification | Target Specification | ||
$sudo nmap 192.168.8.103 | $sudo nmap 192.168.8.103 Scan a single IP | ||
Enables OS detection, version detection, script scanning, and traceroute | Enables OS detection, version detection, script scanning, and traceroute | ||
Line 65: | Line 65: | ||
Host Discovery and Port Scan | Host Discovery and Port Scan | ||
$sudo nmap 192.168.8.1/24 -sn Disable port scanning. Host discovery only. | $sudo nmap 192.168.8.1/24 -sn Disable port scanning. Host discovery only. | ||
$sudo nmap 192.168.8.1-254 -Pn | $sudo nmap 192.168.8.1-254 -Pn Disable host discovery. Port scan only. (If the host is down) | ||
Port Specification | |||
$sudo nmap 192.168.8.103 -p Port scan all ports | |||
=== Step 2 === | === Step 2 === |
Revision as of 20:16, 12 June 2022
Summary
This is a documentation on pentesting (information gathering and vulnerability scans) performed on TP-link Kasa Cam Smart Home Camera KC120, Ezviz CS-C1C and Abus PPIC32020.
Requirements
Operating System
- Kali Linux 2022.2
Hardware
- TP-link Kasa Cam Smart Home Camera KC120
Encryption: 128-Bit-AES, WPA/WPA2-PSK
Storage: Amazon Web Services (AWS) Cloud
- Ezviz CS-C1C
Encryption: 64/128-bit WEP, WPA/WPA2, WPA-PSK/WPA2-PSK
Storage: EZVIZ cloud or/and MicroSD
- Abus PPIC32020
Encryption: AES 128bit, WPA/WPA2-PSK
Storage: MicroSD
Apps
- Kasa Smartphone application (IOS or Android)
- Ezviz Smartphone application (IOS or Android)
- ABUS App2Cam Plus Smartphone application (IOS or Android)
Description
A penetration test can be divided into several stages:
- Planning
Working with a costumer to absolutely outline and report evaluation objectives, scope, and policies of engagement.
- Gathering Information
Collecting and examing key data approximately the software and its infrastructure.
- Discovering Vulnerabilities
Find current vulnerabilities and identify any potential security weaknesses that could allow an outside attacker to gain access to the environment.
- Exploitation
The pentester tries to establish a connection with the target and exploit the vulnerabilities found in the previous phase.
- Reporting
Providing a complete file with deep evaluation and suggestions on the way to mitigate the found vulnerabilities.
Planning
You need to set up the camera at home together with your phone app and allow it to connect with the identical WiFi that your smartphone uses. To find out the IP Address of the camera you need to install scanning tools, that can gain access to devices in your subnet.
Scanning
Target Specification
$sudo nmap 192.168.8.103 Scan a single IP
Enables OS detection, version detection, script scanning, and traceroute
$sudo nmap -sV -A 192.168.8.103
Scan TCP/UDP Ports
$sudo nmap 192.168.8.103 -sT TCP connect port scan (Default without root privilege) $sudo nmap 192.168.8.103 -sU UDP port scan
Host Discovery and Port Scan
$sudo nmap 192.168.8.1/24 -sn Disable port scanning. Host discovery only. $sudo nmap 192.168.8.1-254 -Pn Disable host discovery. Port scan only. (If the host is down)
Port Specification $sudo nmap 192.168.8.103 -p Port scan all ports