How Hackers use Metasploit to Hack Live Cameras

Introduction: SHODAN SEARCH ENGINE

Sometimes, we are looking for a specific target and try harder to get access to it. By remotely or physical access. We just forget everything and just try to get access and control that system that’s the only target we made. But, we rather see some very simple target is present on the surrounding which is vulnerable and easy-to-hack targets anywhere on the planet. Would if we just search on google and it shows the result of how easy it is? But, google never tell the answer, when I search it.

Is there any resource from where we can access it, and it is legal to searching? So, let me introduce a SHODAN search engine for Hackers and have even called it “The world’s most dangerous search engine”. It was developed by John Matherly in 2009, and unlike other search engines, it looks for specific information that can be invaluable to hackers.

 What can Shodan show us?

Since almost every new device now has a web interface (even refrigerator, AC, Cars, etc.) to ease remote management, we can access web-enabled servers, network devices, home security systems, etc.

Shodan can find us webcams, traffic signals, video projectors, routers, home heating systems, and SCADA systems that, for instance, control nuclear power plants and electrical grids. If it has a web interface, Shodan can find it!

Although many of these systems communicate over port 80, 443, 21, 22, etc. many use telnet for direct connections. Keep that in your mind when trying to connect to them. For more info, you can check here.

Now, let’s come to the Metasploit Framework;

It is not a tool, it is a full Framework which has hundreds of Exploit and Payloads. Through which we exploit the vulnerability to get access.

So, we access it from KALI LINUX OS used for Penetration Testing, used by Security researchers, ethical Hackers and many more. For more info, you can check here.

How we found vulnerable Live Camera on the planet anywhere in the world?

Process:

STEP 1: Create an account and Login in Shodan Search engine;

           After login, Click on My Account -> to see the API KEY and copy that Key.

STEP 2: Now, open Kali Linux, then open Metasploit Tool frameworks

           Write the below command to start Metasploit

# msfconsole 

STEP 3: Now, search Shodan module is present in the Metasploit framework or not.

           Write the below command to search

msf > search shodan

STEP 4: Now, we get some result from the database, if we can find anything then first update and upgrade your Kali Machine to run efficiently.

After, that use auxiliary search to check if any search for devices is available or not.

 # use auxiliary/gather/shodan_search

 # show options

STEP 5: Now, go to your Shodan Logged in the page and copy your API KEY

# set shodan_apikey jGXpyGEBOW**********AngkDCoGtSXX

STEP 6: Now, we use “set query” command to find the vulnerable cameras produces by “webcamxp” Product Company.

# set query “webcamxp”

STEP 7: Now run, we got some list of live IP addresses with Port number, now open the IP address on your browsers to see the live actions.

# run

Now, here we see some Live Address, copy anyone and paste it on the browser and see the magic.

Let’s see I choose: 50.127.222.43:8081

Another one is, 146.120.104.56:8090 

Here you can see in the above figure, that I got access to some live camera where employees are working there, at the same time in my country it was night here.

So, that is the process of how you can access the live cameras, traffic system sees live in any country, or any device information which is connected to the Internet Live at that particular time.

Don’t use this above activity for any illegal means, it is only for educational and research purposes for those who are interested in Cybersecurity and Ethical Hacking as a career.