Search the Community

[Hidden Content]

.Mov [hide][Hidden Content]]

What is CamPhish? CamPhish is techniques to take cam shots of target's phone fornt camera or PC webcam. CamPhish Hosts a fake website on in built PHP server and uses ngrok & serveo to generate a link which we will forward to the target, which can be used on over internet. website asks for camera permission and if the target allows it, this tool grab camshots of target's device Features In this tool I added two automatic webpage templates for engaged target on webpage to get more picture of cam Festival Wishing Live YouTube TV simply enter festival name or youtube's video ID This Tool Tested On : Kali Linux Termux MacOS Ubuntu Perrot Sec OS [hide][Hidden Content]]

HOW TO DETECT A HIDDEN CAMERA IN A ROOM. When you stay in a hotel, how do you know there is no room secret pinhole camera? When you travel to an unfamiliar destination or take a business trip, you stay at a hotel, but what you do not know is that you could unknowingly be photographed or be secretly recorded. In this age of smart recording devices and pinhole sized drones, always remember when staying in a hotel, that you can use this method to check your room : 1.When you have entered into your room, turn off the lights, and close the curtains,open your phone camera, do not turn the flash light on. 2.Turn around the room with your cell phone. When a red dot is found on your screen, that means that a hidden web camera is installed. # If no red dots, then the room is okay. Please forward this message to your friends who travel a lot. And those that make a lot of business trips. My dear friends and sisters kindly note and be aware. ‼️Don't be a victim of a nude picture.‼️

Deauthenticating specifically the IP camera (only one client) aireplay-ng --deauth [number of deauth packets] -a [AP MAC address] -c [IP camera MAC address] [interface] Ex: aireplay-ng --deauth 1000 -a 11:22:33:44:55:66 -c 00:AA:11:22:33:44 mon0 You can possibly find the MAC address of the IP camera if you know the device’s brand since the first 6-digits of a MAC address identify the manufacturer ([Hidden Content]). You can also try to speculate which is the AP’s MAC address by the name of the SSID. Otherwise, you can use a more wide attack with the code below. Deauthenticating all clients in a specific network aireplay-ng --deauth [number of packets] -a [AP MAC address] [interface] Ex: aireplay-ng --deauth 1000 -a 11:22:33:44:55:66 mon0 That wouldn't be the case of course if the camera app was programmed to periodically check the connection with the router/device and report a lost connection by sending an email to the user for example. It is also important to point out, that if the IP camera had a wired connection and not a wireless one, this attack would not be possible. When using wireless communication we should always keep in mind that the medium is air and air is accessible to all (thus more “hackable”).

Hisilicon Hi3518 HD camera remote configuration disclosure exploit. View the full article

FOSCAM FI8608W Camera remote configuration disclosure exploit. View the full article

Digitus DN-16048 Camera remote configuration disclosure exploit. View the full article

ACTi ACM-5611 video camera remote command execution exploit. View the full article

ACTi ACM-3100 Camera remote command execution exploit. View the full article

Multiple Bugs in Canon DSLR Camera Let Hackers Infect with Ransomware Over a Rouge WiFi Access Point * Researchers discovered multiple critical vulnerabilities in Picture Transfer Protocol (PTP) that allows attackers to infect the Canon DSLR camera with ransomware to encrypt the pictures and demand the ransom. * An attacker who is very close with the victim’s WiFi or already hijacked computers with the USB access could propagate them to infect the cameras with deadly malware and ransomware.

Clever Dog Smart Camera types DOG-2W and DOG-2W-V4 suffer from file disclosure, default telnet backdoor credential, and insecure transit vulnerabilities. View the full article

Starry Router Camera suffers from vulnerabilities where the PIN can be brute-forced and the HTML5 CORS ORIGIN is set with a wildcard. View the full article

BEWARD N100 H.264 VGA IP Camera version M2.1.6 suffers from two authenticated command injection vulnerabilities. The issues can be triggered when calling ServerName or TimeZone GET parameters via the servertest page. This can be exploited to inject arbitrary system commands and gain root remote code execution. View the full article

BEWARD N100 H.264 VGA IP Camera version M2.1.6 suffers from an authenticated file disclosure vulnerability. Input passed via the 'READ.filePath' parameter in fileread script is not properly verified before being used to read files. This can be exploited to disclose the contents of arbitrary files via absolute path or via the SendCGICMD API. View the full article

BEWARD N100 H.264 VGA IP Camera version M2.1.6 suffers from a cross site request forgery vulnerability. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. View the full article

BEWARD N100 H.264 VGA IP Camera M2.1.6 suffers from an unauthenticated and unauthorized live RTSP video stream access. View the full article

FLIR AX8 thermal sensor camera devices version 1.32.16 utilize hard-coded credentials within its Linux distribution image. These sets of credentials (SSH) are never exposed to the end-user and cannot be changed through any normal operation of the camera. Attacker could exploit this vulnerability by logging in using the default credentials for the web panel or gain shell access. View the full article

The FLIR AX8 thermal sensor camera version 1.32.16 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed via the 'file' parameter in download.php is not properly verified before being used to download config files. This can be exploited to disclose the contents of arbitrary files via absolute path. View the full article

The FLIR AX8 thermal sensor camera version 1.32.16 suffers an unauthenticated and unauthorized live RTSP video stream access. View the full article

The FLIR AX8 thermal sensor camera version 1.32.16 suffers from two unauthenticated command injection vulnerabilities. The issues can be triggered when calling multiple unsanitized HTTP GET/POST parameters within the shell_exec function in res.php and palette.php file. This can be exploited to inject arbitrary system commands and gain root remote code execution. View the full article

LG Smart IP Camera versions 1310250 through 1508190 suffer from a backup file download vulnerability. View the full article

Code : hydra -l user -P wordlist -e ns -f -V ip camera http-get /