Professional Documents
Culture Documents
Hack CCTV
Hack CCTV
Want to learn how to hack CCTV cameras? You are in the right place, but be
aware that I'm writing this article to let you know what is possible to do and how
you must protect your IP cameras to avoid them to be hacked.
DISCLAIMER: I'm not responsible for any of your acts. You don't suppose to
hack CCTV cameras that don't belong to you. You've been warned.
OK, after this disclaimer, let's dive in into the information about IP cameras, and
how they are hacked by malicious people on the Internet.
In this article I will explain step-by-step what are the methods used by hackers to
get into in the IP cameras and recorders such as DVRs and NVRs.
To have extra information about how to hack CCTV camera and how to protect
yourself you can also read the following articles:
How to hack CCTV cameras (10 hacker secrets)
Hacked CCTV cameras used on DDoS attack
Is your CCTV system safe from hackers ?
Your CCTV system is about to hacked
The methods to hack CCTV camera
There are di erent ways to hack CCTV camera, some of them are easy, others
are a little bit more technical and some others are not even hacking.
This is not really hacking, but it's the easiest method. You just visit a website that
list a lot of hacked CCTV cameras and you just need to watch them.
Those website are created by hackers that get into IP CCTV cameras or DVRs
(Digital Video Recorders) and let the information available for you for free.
So, in the end of the day you are not hacking anything but just watching CCTV
camera that have been hacked by somebody else.
See below an example of a website that show such hacked CCTV cameras:
The website lists CCTV hacked cameras around the world and organize them by
manufacturers, countries, places, cities and timezone.
According to a message in the main page, the CCTV camera can be removed
from the site when somebody send an email asking for it.
Click here to visit the page and check the hacked cameras
That's also not really a hacking but it works. You just need to nd the CCTV
camera online and try to use the default password, a lot of devices on the
Internet are still using the same original password from the factory.
The idea is to look at the IP camera manual and look for the default password, so
you can use it to hack the CCTV camera (or recorder).
In this article I will teach you how to use the Angry IP Scanner to scan the
Internet and look for IP cameras and recorders (DVRs and NVRs)
Click here to download the Angry IP scanner for your Operational System:
Windows, Mac or Linux.
See below the Angry IP Scanner website. Make sure you have Java installed and
download the correct version for your computer.
The installation is very simple, you just need to run the setup le and follow the
instructions as shown in the images below: (click to enlarge)
Click Next
Click Install
Click Finish
Con gure the ports 80, 23, 8080, 8081 and 8082 that are the most one used by
people that install the IP cameras and let them available on the Internet.
Con gure the fetchers to display the Web Detect information that will show
some device information that is useful to nd out who is the manufacturer.
Select the Web detect fetcher on the right side and click the arrow to move it to
the left side so it can be displayed in the software main page.
STEP 4 - Choose the IP port range to scan
For privacy reasons the rst part of the IP is not shown, after only few scans it's
possible to nd two Hikvision DVRs that are online on the Internet. I know that
because of the Web detect information that shows DNVRS-Webs.
The scan can be done for thousand of IP addresses, so it's quite common to nd
a lot of IP cameras, DVRs and NVRs that are connected to the Internet.
After nd an IP camera or DVR online you just need to right click and choose to
open it on a Web Browser. Just like shown in the picture below.
In this case the device is a Hikvision DVR and you can just try to use the default
user and password: "admin/12345" found on Hikvision manual.
Did you get the idea? To hack CCTV camera you just need to use a tool to scan
the Internet, nd an online device and try the default password you can get from
the manufacturer manual or from a IP camera default password list.
Below the image from the DVR after login with the admin/12345 credentials.
Hikvision hacked DVR (click to enlarge)
It's easier to show an example with this manufacturer (Hikvison) because there a
lot of their devices around the world, but the process also works with other
brands as long as you can see the Web Detect information and try to use the
default admin/password credentials to hack the CCTV camera.
If you want to have extra information about how the CCTV camera hacking
works just keep reading, it's important to understand the process so you can
protect yourself against hackers trying to get into your IP security camera.
How CCTV camera hacking work diagram (click to enlarge)
The network scanner (Angry IP scanner) is used to retrieve information from the
router that is on Internet, Just like shown in the picture below:
Be aware that this process is something natural, the router don't need to hide
the information and will respond what are the services available.
We can compare the process with a regular store, the owner don't hide where is
the location and what services are available, so people can come and use them.
The owner just will not have the key store available for the public.
Shodan is a service in a website that shows Internet devices around the world
and that includes security IP cameras, DVRs and NVRs.
It's necessary just to type the brand of an IP camera or the manufacturer name
and Shodan will you show a lot of information, which includes the number of
devices around the world, the location, IP and open ports.
Take a look at the picture below and see how much information is available
If you create a Free account on the site, Shodan let you to lter the information,
see below an example where the information is ltered by country (Brazil) and
take a look at the details which includes the number of cameras per city (São
Paulo) and even the ISP provider (Vivo).
Shodan shows the details about the IP device
To see the IP device details just click in the details link and new windows will
open to show all the information about the CCTV camera you want to hack.
The details windows show the device IP and even the organization name
As we saw before, each IP device on the Internet has an IP and also some
services available by using speci c ports. Shodan can show these information
very clearly as shown in the picture below.
After see the details, you just need to use a Web Browser to type the IP device
IP and port and try to use the default user and password just as described earlier
in this article. See the picture below.
For this camera I just typed the IP and port like this: XX.226.219.250:88
If you are lucky and the IP camera (or DVR) password has never been changed,
you will be able to login by typing the default device password.
So you want to hack CCTV camera but the default username and password was
changed by somebody, so you can use a CCTV camera exploit tool.
When an IP device has some security problem, hackers can create exploit tools
to automate the hacking process. That happens also with IP cameras.
Just as an example I will talk about a software created to exploit the security
vulnerability on Hikvision IP cameras which are using old speci c rmware.
So, the Hikvision IP camera exploit is very easy to use, as show in the diagram
above, you just need to run it on a computer or laptop to explorer and hack
CCTV camera that is online on the Internet or in your local network.
Click the link below to download the Hikvision Backdoor exploit tool
Download the Hikvision Backdoor exploit tool
Obviously, you need the IP camera information to be able to con gure the
software properly, and I strongly recommend that you use this tool on the
Hikvision IP cameras you own or have authorization to run security tests.