I had the pleasure of working at LaunchPad LA because of Triptrotting. In case you’re unfamiliar with Launchpad LA, it is a startup accelerator and mentorship program founded by Mark Suster.
One day, while I was at Launchpad…
I was staring at code too long, so I leaned back in my chair to rest my eyes. I zoned out for a moment and focused on a wireless DLink IP security cam that Kyle Taylor had set up.
Hmmm…. I wonder if I can hack into that thing.
I glanced over at Shawn Faison and said, “Hey Shawn, wanna race to see who can hack into that security camera first?”
Shawn is a fun guy and he loves a challenge, so naturally, he accepted. I later extended the challenge to Philip Hayes (a talented young programmer). Why am I so fascinated with security cameras at incubators? Lol.
First, I had to find the IP of this camera.
I started with a ‘ping -b’ to the broadcast IP followed by an ‘arp -a’. Yup… this router started listing out all the names of all the devices connected to the network along with the associated IP address. I saw names of peoples’ computers, iphones, ipads…. but no security camera.
Next, I ran a ‘nmap -sP 192.168.1.*’ to see a list of IP’s. With the help of nmap I narrowed down my search to just the IP’s with port 80 or 8080 open.
I tried entering each of these IP’s in my browser to see what showed up…. and there it was. A HTTP AUTH protected webpage that was titled “DLink DCS-932L”. But wait, there were 2 different IP’s that had DLink HTTP AUTH protected pages. I started looking around and noticed a second IP security cam! I never noticed that 2nd one before.
Okay, found the cameras. If by any chance the cameras kept the default passwords, all I would need to do is search online for a manual and try the default credentials. Nope. Didn’t work.
Now, I could technically perform a man-in-the-middle attack on Sam Teller or Kyle Taylor and wait for one of them to log into the camera feed and simply intercept the password…. But that is just plain wrong and against the spirit of this friendly competition. So I wrote a HTTP AUTH brute force cracker script. Believe it or not, I couldn’t actually find one online besides dictionary attack scripts. So here is my contribution to the script kiddies of the world:
Download from github
I let my script run for just a little while before I stopped it. It would take too long and I’m pretty certain Kyle picked a crazy long upper/lowercase alphanumeric + symbol password which I really didn’t want to bother cracking. The whole point of this exercise was to learn and have fun.
So in the end, while I got closest, none of us actually hacked into the Launchpad LA security cams. Important lesson for you readers: USE crazy long upper/lowercase alphanumeric + symbol passwords!
Good job Kyle Taylor. You win this one… you win this one… *evil grin.