Hi all,
I spent an eye-watering £19
on this cheap "Spy Cam" to allow me to keep an eye on the dogs whilst I am at work:
https://www.amazon.co.uk/dp/B072J7TCQ3/
For what it is, it works great, out of the box it creates its own WiFi network, which you connect to via phone app, into that you put your own router's WiFi details and you can then use the app to connect to the device.
So it is definitely sending a stream of data across my WiFi network, I just can't seem to access it.
Using nmap, I scanned the ports on the device, and came up with this:
So as you can see, three ports open (21, 23 for telnet, and 6789 possibly for video stream?).
Any advice appreciated!
Thanks,
Gareth
I spent an eye-watering £19
on this cheap "Spy Cam" to allow me to keep an eye on the dogs whilst I am at work:https://www.amazon.co.uk/dp/B072J7TCQ3/
For what it is, it works great, out of the box it creates its own WiFi network, which you connect to via phone app, into that you put your own router's WiFi details and you can then use the app to connect to the device.
So it is definitely sending a stream of data across my WiFi network, I just can't seem to access it.
Using nmap, I scanned the ports on the device, and came up with this:
Starting Nmap 7.60 ( Nmap: the Network Mapper - Free Security Scanner ) at 2017-11-21 16:39 GMT Standard Time
NSE: Loaded 146 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 16:39
Completed NSE at 16:39, 0.00s elapsed
Initiating NSE at 16:39
Completed NSE at 16:39, 0.00s elapsed
Initiating ARP Ping Scan at 16:39
Scanning 192.168.0.1 [1 port]
Completed ARP Ping Scan at 16:39, 0.38s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 16:39
Completed Parallel DNS resolution of 1 host. at 16:40, 16.52s elapsed
Initiating SYN Stealth Scan at 16:40
Scanning 192.168.0.1 [1000 ports]
Discovered open port 21/tcp on 192.168.0.1
Discovered open port 23/tcp on 192.168.0.1
Discovered open port 6789/tcp on 192.168.0.1
Completed SYN Stealth Scan at 16:40, 0.85s elapsed (1000 total ports)
Initiating Service scan at 16:40
Scanning 3 services on 192.168.0.1
Completed Service scan at 16:42, 146.21s elapsed (3 services on 1 host)
Initiating OS detection (try #1) against 192.168.0.1
NSE: Script scanning 192.168.0.1.
Initiating NSE at 16:42
NSE: [ftp-bounce] Couldn't resolve scanme.nmap.org, scanning 10.0.0.1 instead.
Completed NSE at 16:42, 12.53s elapsed
Initiating NSE at 16:42
Completed NSE at 16:42, 1.02s elapsed
Nmap scan report for 192.168.0.1
Host is up (0.014s latency).
Not shown: 997 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp BusyBox ftpd (D-Link DCS-932L IP-Cam camera)
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
| total 0
| drwxr-xr-x 2 root root 1029 Apr 28 2017 bin
| drwxr-xr-x 4 root root 0 Nov 22 00:37 dev
| drwxr-xr-x 5 root root 325 Apr 28 2017 etc
| lrwxrwxrwx 1 root root 11 Jun 19 03:00 init -> bin/busybox
| drwxr-xr-x 3 root root 1038 Apr 28 2017 lib
| drwxr-xr-x 4 root root 37 Mar 5 2013 mnt
| dr-xr-xr-x 53 root root 0 Jan 1 1970 proc
| drwxr-xr-x 2 root root 736 May 8 2017 sbin
| dr-xr-xr-x 13 root root 0 Nov 22 00:37 sys
| drwxr-xr-x 2 root root 0 Nov 22 00:37 tmp
| drwxr-xr-x 8 root root 102 Apr 28 2017 usr
|_drwxr-xr-x 6 root root 0 Nov 22 00:37 var
| ftp-syst:
| STAT:
| Server status:
| TYPE: BINARY
|_Ok
23/tcp open telnet BusyBox telnetd
6789/tcp open ibm-db2-admin?
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at Nmap Fingerprint Submitter 2.0 :
SF-Port6789-TCP:V=7.60%I=7%D=11/21%Time=5A1456F7%P=i686-pc-windows-windows
SF:%r(JavaRMI,B,"\x0b\0\x02\x01\0\0\x01\x0004\0");
MAC Address: 02:E0:4C:B0:5C:00 (Unknown)
Device type: general purpose
Running: Linux 2.6.X|3.X
OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3
OS details: Linux 2.6.32 - 3.10
Uptime guess: 0.001 days (since Tue Nov 21 16:41:55 2017)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=258 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: Host: anyka; Device: webcam; CPE: cpe:/h:dlink:dcs-932l
TRACEROUTE
HOP RTT ADDRESS
1 13.50 ms 192.168.0.1
NSE: Loaded 146 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 16:39
Completed NSE at 16:39, 0.00s elapsed
Initiating NSE at 16:39
Completed NSE at 16:39, 0.00s elapsed
Initiating ARP Ping Scan at 16:39
Scanning 192.168.0.1 [1 port]
Completed ARP Ping Scan at 16:39, 0.38s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 16:39
Completed Parallel DNS resolution of 1 host. at 16:40, 16.52s elapsed
Initiating SYN Stealth Scan at 16:40
Scanning 192.168.0.1 [1000 ports]
Discovered open port 21/tcp on 192.168.0.1
Discovered open port 23/tcp on 192.168.0.1
Discovered open port 6789/tcp on 192.168.0.1
Completed SYN Stealth Scan at 16:40, 0.85s elapsed (1000 total ports)
Initiating Service scan at 16:40
Scanning 3 services on 192.168.0.1
Completed Service scan at 16:42, 146.21s elapsed (3 services on 1 host)
Initiating OS detection (try #1) against 192.168.0.1
NSE: Script scanning 192.168.0.1.
Initiating NSE at 16:42
NSE: [ftp-bounce] Couldn't resolve scanme.nmap.org, scanning 10.0.0.1 instead.
Completed NSE at 16:42, 12.53s elapsed
Initiating NSE at 16:42
Completed NSE at 16:42, 1.02s elapsed
Nmap scan report for 192.168.0.1
Host is up (0.014s latency).
Not shown: 997 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp BusyBox ftpd (D-Link DCS-932L IP-Cam camera)
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
| total 0
| drwxr-xr-x 2 root root 1029 Apr 28 2017 bin
| drwxr-xr-x 4 root root 0 Nov 22 00:37 dev
| drwxr-xr-x 5 root root 325 Apr 28 2017 etc
| lrwxrwxrwx 1 root root 11 Jun 19 03:00 init -> bin/busybox
| drwxr-xr-x 3 root root 1038 Apr 28 2017 lib
| drwxr-xr-x 4 root root 37 Mar 5 2013 mnt
| dr-xr-xr-x 53 root root 0 Jan 1 1970 proc
| drwxr-xr-x 2 root root 736 May 8 2017 sbin
| dr-xr-xr-x 13 root root 0 Nov 22 00:37 sys
| drwxr-xr-x 2 root root 0 Nov 22 00:37 tmp
| drwxr-xr-x 8 root root 102 Apr 28 2017 usr
|_drwxr-xr-x 6 root root 0 Nov 22 00:37 var
| ftp-syst:
| STAT:
| Server status:
| TYPE: BINARY
|_Ok
23/tcp open telnet BusyBox telnetd
6789/tcp open ibm-db2-admin?
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at Nmap Fingerprint Submitter 2.0 :
SF-Port6789-TCP:V=7.60%I=7%D=11/21%Time=5A1456F7%P=i686-pc-windows-windows
SF:%r(JavaRMI,B,"\x0b\0\x02\x01\0\0\x01\x0004\0");
MAC Address: 02:E0:4C:B0:5C:00 (Unknown)
Device type: general purpose
Running: Linux 2.6.X|3.X
OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3
OS details: Linux 2.6.32 - 3.10
Uptime guess: 0.001 days (since Tue Nov 21 16:41:55 2017)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=258 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: Host: anyka; Device: webcam; CPE: cpe:/h:dlink:dcs-932l
TRACEROUTE
HOP RTT ADDRESS
1 13.50 ms 192.168.0.1
So as you can see, three ports open (21, 23 for telnet, and 6789 possibly for video stream?).
Any advice appreciated!
Thanks,
Gareth