How to Find Vulnerable Webcams Across the Globe Using Shodan

How to Find Vulnerable Webcams Across the Globe Using Shodan

Welcome back, my fledgling hackers!

I have already introduced you to Shodan, the world's most dangerous search engine. As you remember, Shodan indexes the information from the banners it pulls from web-enabled devices. These include routers, switches, webcams, traffic lights, SCADA systems, and even home security systems.

In my last post, I showed you how to find specific routers at a specific location, at a specific IP. In this tutorial, we will look to find webcams that are either unprotected or will allow us to log in with the default credentials, so come along a ride in voyeurism via the World Wide Web!

Step 1: Log in to Shodan

First, we need to log in to shodanhq.com. Although you can use Shodan without logging in, Shodan restricts some of its capabilities to only logged-in users.

Step 2: Search for Webcams

There are many ways to find web cams on Shodan. Usually, using the name of the manufacturer of the webcam is a good start. Remember, Shodan indexes the information in the banner, not the content. This means that if the manufacturer puts their name in the banner, we can search by it. If it doesn't, then the search will be fruitless.

One of my favorites is webcamxp, and when we type this into the Shodan search engine, it pulls up links to hundreds, if not thousands, of web-enabled webcams around the world!

Here is one from a rooftop in the Norway.

Here's another from a small shop in South Korea.

Although this can be fun and interesting to peek in—unbeknownst to these people around the world—we probably want to be more specific in our search for webcams.

Step 3: Default Webcam Username & Passwords

Although some of these webcams are unprotected, many of them will require authentication. The first step is to try the default username and password. I have compiled a short list of the default username and passwords of some of the most widely used webcams below.

·   ACTi: admin/123456 or Admin/123456

·   Axis (traditional): root/pass,

·   Axis (new): requires password creation during first login

·   Cisco: No default password, requires creation during first login

·   Grandstream: admin/admin

·   IQinVision: root/system

·   Mobotix: admin/meinsm

·   Panasonic: admin/12345

·   Samsung Electronics: root/root or admin/4321

·   Samsung Techwin (old): admin/1111111

·   Samsung Techwin (new): admin/4321

·   Sony: admin/admin

·   TRENDnet: admin/admin

·   Toshiba: root/ikwd

·   Vivotek: root/<blank>

·   WebcamXP: admin/ <blank>

There is no guarantee that these will work, but many inattentive and lazy administrators and individuals simply leave the default settings, and in those cases, these username and passwords will give you access to confidential and private webcams around the world!

Step 4: Search for Webcams by Geography

Now that we know how to find webcams and potentially log-in using the default username and passwords, let's get more specific and try to find webcams in a specific location. If we were interested in webcams by the manufacturer WebcamXP in Australia, we could find them by typing:

·webcamxp country:AU

This will pull up a list of every WebcamXP in Australia that is web-enabled in Shodan's index as shown below.

Step 5: Narrow Your Search to a City

To be even more specific, we can narrow our search down to an individual city. Let's see what we can find in Sydney, Australia. We can find those webcams by typing:

·   webcamxp city:sydney

This search yields the results below.

When we click on one of these links, we find ourselves in someone's backyard in Sydney, Australia!

Step 6: Find Webcams by Longitude & Latitude

Shodan even enables us to be very specific in searching for web-enabled devices. In some cases, we can specify the longitude and latitude of the devices we want to find.

In this case, we will be looking for WebcamXP cameras at the longitude and latitude (-37.81, 144.96) of the city of Melbourne, Australia. When we search, we get a list of every WebcamXP at those coordinates on the globe. We must use the keyword geo followed by the longitude and latitude.

·         webcamxp geo: -37.81,144.96

When we get that specific, Shodan only finds four (4) WebcamXP cameras as shown below.

When we click on one, we can find that once again we have a private webcam view of someone's camera in their backyard in Melbourne, Australia.

I hope this short demonstration of the power Shodan gets your imagination stimulated for inventive ways you can find private webcams anywhere on the globe! Don't limit yourself to WebcamXP, but instead try each of the webcam manufacturers at a specific location and who knows what you will find!