How to geolocate a Wireless IP Camera (P2P) WIFICAM

Yesterday I read about how to access in a remote Wireless IP Camera (P2P) WIFICAM (this is the link https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html)
Fortunately, I had one to test it and validate the bug.

This camera has telnet, but I could never find the password.
If you try the bug, yo can replace telnet by a bash terminal, using and exploit in C or throught the webpage:















Now, when you try access to your camera throught telnet, you will have root access.





















Also, if you exploit this vulnerability in a random camera, you could know where is it in the world, just with the wireless information.






With this information, you can search it in Wigle databases to get the latitude and longitude.
PyGLE is a wrapper for the WiGLE WiFi mapping API (https://github.com/jamiebull1/pygle) and you can use it to get the geolocation information just with the bssid.

Install pygle just with the following command:

pip instal pygle

I used a Pygle example in http://oco-carbon.com/coding/wigle-pygle-wifi-geolocation/ and I modified it to search by an bssid as argument:

from pygle import network
import sys

def geolocate(bssid):
    """geolocate a bssid    """    lats = []
    longs = []
    lat, lng = geolocate_wigle(bssid)
    if lat and lng:
        lats.append(lat)
        longs.append(lng)
    if lats and longs:
        lat = sum(lats) / len(lats)
        lng = sum(longs) / len(longs)
        return lat, lng
    else:
        return "No geolocation possible"

def geolocate_wigle(bssid):
    """Search WiGLE for a BSSID and return lat/lng.    """    res = network.search(netid=bssid)
    if res['success'] and res['resultCount']:
        lat = res['results'][0]['trilat']
        lng = res['results'][0]['trilong']
    else:
        print(res)
        lat, lng = None, None    return lat, lng

if __name__ == "__main__":
    print(geolocate(sys.argv[1]))


Enjoy it!

Comments

Popular posts from this blog

Exception: Could not find a default OpenFlow controller in Mininet

How to fix Android when developer options are not available for this user

v4l2: open /dev/video0: Permission denied