How to bulk get users lists from all local cameras DAHUA <getUserInfoAll> to text file?

[TIGOS1]

Hello, everyone!

I have many cameras in my local network that are hacked - pirate users have been added to them.

Downloaded the DAHUA API file. Read it.
Found this command:

http://<ip>/cgi-bin/sysService.cgi?action=getUserInfoAll

If I run this in Internet Explorer for one my camera (192.168.1.85) the camera asks me for login and password.
I enter this and get a response in the form of a web page.
I see all users of this camera.
And all Ok!

http://192.168.1.85/cgi-bin/sysService.cgi?action=getUserInfoAll

For example, I found a user "config"
Use:
Config Tool - CGI Protocol
Select all cameras in the network by marking them

Them use:
Batch CGI Commands
And use this command to delete the user "config":
http://<ip>/cgi-bin/userManager.cgi?action=deleteUser&name=config

But.. many, many cameras..
And find many different bad users in different cameras

How to bulk get users lists from all local cameras to text file?

In "Config Tool - CGI Protocol" found "Table Config"
It uses an Excel file in which the rows are filled in according to a template.
Fill it with a command:
IP_Address Port Username Password /cgi-bin/userManager.cgi?action=getUserInfoAll 0

Start execution and get "SUCCESSED" in result row

Maybe someone knows how to get a list of all the names of all the cameras on my local network?

 

[looney2ns]

How to Secure Your Network (Don't Get Hacked!)

Many camera networks are unsecure, even those installed by professionals. This guide gives basic instruction in how to secure a camera network from the most common types of attacks. Perhaps the most important rule of securing a computer network is to not forward ports to unsecure services...

ipcamtalk.com

 

[Mike A.]

Deleting the users isn't going to do you any good. They'll just be hacked again and the exploits go around user credentials/authorization. You need to lock down your network and do a hard assessment of what all's been compromised and wipe things. They likely have bot-ware installed.

 

[TIGOS1]

Deleting the users isn't going to do you any good. They'll just be hacked again and the exploits go around user credentials/authorization. You need to lock down your network and do a hard assessment of what all's been compromised and wipe things. They likely have bot-ware installed.

I responded to a similar suggestion in another post:
Maybe yes.
But how then to use access to the NVR from the phone?
Hire a security guard for every home?
Not use video surveillance?

If everything is so terrible, then why do you need to update the firmware of the cameras?
After all, someday a new exploit will be released for this update.
You can just turn them off. ))

 

[Mike A.]

And I replied... VPN.

 

[TIGOS1]

And I replied... VPN.

As I answered there - then the cameras will be hacked through VPN.
Or are you 100% sure that your VPN will be impenetrable?

 

[wittaj]

As I answered there - then the cameras will be hacked through VPN.
Or are you 100% sure that your VPN will be impenetrable?

Any system on the internet can be hacked.

Hackers don't care about your camera feed. Hackers use a vulnerable device (NVR or camera or any other IoT) that has ZERO protection on it to get into your LAN and either scrape it for bank info or use your ISP as a bot for DDoS attacks. Your antivirus software and router firewall do not block this crap because you gave an open door directly to your system to bypass these measures.

That is why many of us don't have the Alexa, don't connect smart TVs to our internet, etc.

But many that do have those types of things VLAN them off so they cannot talk to other stuff on the LAN. Doesn't prevent a bot from taking over that specific device to DDoS, but at least it prevents them from scraping your data.

The only way to completely prevent it is to not allow the device to connect to anything and truly be a CCTV system.

But that is unrealistic to most.

Most here will agree that port forwarding directly to your NVR is the least safe. Although the great internet has many articles that state it is OK lol.

Then there is a debate as to if P2P or OpenVPN or something like ZeroTier is the next safer option.

Arguments are made both ways.

P2P you are relying on the NVR manufacturer's servers to not be hacked. You have zero control over those. Dahua has recently been shutting down the older P2P servers that were more easily hacked.

Same with ZeroTier. You are relying on someone else's servers to make that connection. Anytime you are relying on someone else, it can be hacked.

OpenVPN is hosted locally, either native to the router or installed on a computer.

In theory you have the most control over this since it is all in your house.

But it relies on opensource coding that can be hacked as well.

You are relying on your computer and router to be up to date and not allow bad actors in. But that is the same regardless of the solution you are using.

So you take extra steps like the firewall device @bigredfish has that allows you to monitor everything.

Take steps to further minimize access to stuff.

Regardless of which platform you use to access your stuff remotely, have it be isolated from the rest of the system so that the entire system isn't compromised.

Set up procedures that lets you know whenever something connects or logs in to your device. Doesn't necessarily prevent the backdoor exploit, but take any steps possible to eliminate those risks.

Or just say F it and use port forward or P2P blindly like most of society. At the end of the day, most don't get hacked. It just sucks if you are one of them that do.

 

[Mike A.]

As I answered there - then the cameras will be hacked through VPN.
Or are you 100% sure that your VPN will be impenetrable?

Possible but not likely. But do whatever you want, you're the one with hacked cams.