Recently I’ve bought some cheap IP CCTV cameras. This post tries to summarize what ports are available on such devices as the docs on the internet are really weak:
- standard telnet port – you can login as root with password xmhdipc. Yes, the password seems to be the same on all devices
- 8899 – ONVIF W/S protocol
<SOAP-ENV:Envelope> <SOAP-ENV:Body> <SOAP-ENV:Fault> <faultcode>SOAP-ENV:Client</faultcode> <faultstring>HTTP GET method not implemented</faultstring> </SOAP-ENV:Fault> </SOAP-ENV:Body> </SOAP-ENV:Envelope>
- 34567 – what is it
- 554 – is supposed to be RTSP protocol
However, the tested device opens more ports, you can see them when you login to shell:
# netstat -a Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:34561 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:8899 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:34599 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:34567 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:554 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:www 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:9527 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:telnet 0.0.0.0:* LISTEN tcp 0 139 192.168.1.11:telnet 192.168.1.29:33700 ESTABLISHED tcp 0 0 192.168.1.11:8899 192.168.1.74:34803 ESTABLISHED tcp 0 0 192.168.1.11:34567 192.168.1.29:26664 ESTABLISHED tcp 0 0 192.168.1.11:9527 192.168.1.29:34079 ESTABLISHED
The port 9527 seemed interesting – here is what can be observed on that port:
1], s_NatRunStatus[2]OnNatProbe: 52.29.246.211 : 8000 username:password:login(Host: 192.168.1.11:9527, ******, Console, address:) user:Host: 192.168.1.11:9527 account invalid User not valid! user name:password:login(Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8, ******, Console, address:) user:Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 account invalid User not valid! user name:password:login(Accept-Encoding: gzip, deflate, ******, Console, address:) user:Accept-Encoding: gzip, deflate account invalid User not valid! user name:password:login(Connection: keep-alive, ******, Console, address:) user:Connection: keep-alive account invalid User not valid! user name:password:OnNatProbe: run Status[1], s_NatRunStatus[2]OnNatProbe: 52.29.246.211 : 8000 Transport: Client ID[3] ---> SetDeadFlag to 1 Transport: SetDeadFlag --->Enter Transport: SetDeadFlag --->Exit Transprot: New Client ID[3] ___!!!___ @@@FILE -> ../..//Source/TransportClient.cpp, LINE -> 399Transport: client connect error @@@FILE -> ../..//Source/TransportClient.cpp, LINE -> 214Treansport: ConnectSocket Failed _______DAS Connct IP[192.168.1.67] Port [9400] Failed!______ OnNatProbe: run Status[1], s_NatRunStatus[2]OnNatProbe: 52.29.246.211 : 8000 Transport: Client ID[3] ---> SetDeadFlag to 1 Transport: SetDeadFlag --->Enter Transport: SetDeadFlag --->Exit Transprot: New Client ID[3] ___!!!___