Penetration Testing mailing list archives
RE: Odd Pen-test: Security Camera
From: "Drew Copley" <dcopley () eeye com>
Date: Thu, 6 May 2004 10:33:36 -0700
Yeah, got an icom r3... ;) http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=icom+r3+priva te+detective I believe there are better devices for automating the scanning and the antenna that comes with it sucks... but, it's cheap and sweet.
-----Original Message----- From: R. DuFresne [mailto:dufresne () sysinfo com] Sent: Thursday, May 06, 2004 7:52 AM To: Drew Copley Cc: Yvan Boily; pen-test () securityfocus com Subject: RE: Odd Pen-test: Security Camera The low end cameras that are not hard wired to the controlling stations and play wireless are keen to allow snooping of the images in a "war-viewing" scenario as well. thanks, Ron DuFresne On Wed, 5 May 2004, Drew Copley wrote:Make a fuzzer to give it wrong input... go for overflows, format issues, etc... but also go for genuine randomness.In the code,first try to find any strings in it. There may be backdoors left in for maintenance. There should also be a lot of clues about its' weaknesses. See what other features are available within it. Often, embedded devices have embedded OS's... and they leave completely unnecessary services left running. Cameras are no good if they can be turned off, so you may want to note any such weakness in this manner. Examine the range of it, to see if there are blatant blindspots. If it is motiondetected,certain motions may cause it to malfunction. They probably wouldn't want that. If the camera is more low dollar, then it will have minimal software on it and everything will be done at the system which controls it... which would make your task a lot easier as you can just load it up in IDA. Such software is guaranteed to have a ton of security holes in it... nobody could afford a large enough QA to properly check it and the userbase is likely to be small enough to have not found their own issues with it.-----Original Message----- From: Yvan Boily [mailto:yboily () seccuris com] Sent: Tuesday, May 04, 2004 5:45 PM To: pen-test () securityfocus com Subject: Odd Pen-test: Security Camera I was recently given an odd project. Given a configured security camera in which the hardware configuration is password protected, break the password and modify the configuration. I am completely unfamiliar with this hardware, but am going to give it a try. The camera is GVI-BCDNIR, which connects to the monitoring station via a V+2001 Multi-4 PCI capture card. The software package is a suite called TotalSecure DVR 2.2 from Productive Consultants Inc. I am attempting to disassemle the software to identify the authentication mechanisms as a starting point, but any further suggestions? Yvan Boily Information Security Analyst Seccuris -------------------------------------------------------------- ---------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at:http://www.infosecinstitute.com/courses/ethical_hacking_training.html-------------------------------------------------------------- ------------------------------------------------------------------------------- ----------------Ethical Hacking at the InfoSec Institute. Mention this adand get $545 offany course! All of our class sizes are guaranteed to be 10students or lessto facilitate one-on-one interaction with one of our expertinstructors.Attend a course taught by an expert instructor with yearsof in-the-fieldpen testing experience in our state of the art hacking lab.Master the skillsof an Ethical Hacker to better assess the security of yourorganization.Visit us at:http://www.infosecinstitute.com/courses/ethical_hacking_training.html-------------------------------------------------------------- ------------------- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too!
------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
Current thread:
- Odd Pen-test: Security Camera Yvan Boily (May 05)
- <Possible follow-ups>
- Re: Odd Pen-test: Security Camera clarke (May 05)
- RE: Odd Pen-test: Security Camera Drew Copley (May 05)
- RE: Odd Pen-test: Security Camera Alvin (May 06)
- RE: Odd Pen-test: Security Camera R. DuFresne (May 06)
- RE: Odd Pen-test: Security Camera Drew Copley (May 06)