In my last post, I showed you how to find specific routers at a specific location, at a specific IP. In this tutorial, we will look to find Webcams that are either unprotected or will allow us to log in with the default credentials, so come along a ride in voyeurism via the World Wide Web!Step 1Log in to Shodan
First, we need to log in to shodanhq.com. Although you can use Shodan without logging in, Shodan restricts some of its capabilities to only logged-in users.
Image via wonderhowto.com
Step 2Search for Webcams
There are many ways to find web cams on Shodan. Usually, using the name of the manufacturer of the webcam is a good start. Remember, Shodan indexes the information in the banner, not the content. This means that if the manufacturer puts their name in the banner, we can search by it. If it doesn't, then the search will be fruitless.One of my favorites is webcamxp, and when we type this into the Shodan search engine, it pulls up links to hundreds, if not thousands, of web-enabled webcams around the world!
Here is one from a rooftop in the Norway.
Here's another from a small shop in South Korea.
Image via wonderhowto.com
Although this can be fun and interesting to peek in—unbeknownst to these people around the world—we probably want to be more specific in our search for webcams.
Image via wonderhowto.com
Although this can be fun and interesting to peek in—unbeknownst to these people around the world—we probably want to be more specific in our search for webcams.
Step 3Default Webcam Username & Passwords
Although some of these webcams are unprotected, many of them will require authentication. The first step is to try the default username and password. I have compiled a short list of the default username and passwords of some of the most widely used webcams below.- ACTi: admin/123456 or Admin/123456
- Axis (traditional): root/pass,
- Axis (new): requires password creation during first login
- Cisco: No default password, requires creation during first login
- Grandstream: admin/admin
- IQinVision: root/system
- Mobotix: admin/meinsm
- Panasonic: admin/12345
- Samsung Electronics: root/root or admin/4321
- Samsung Techwin (old): admin/1111111
- Samsung Techwin (new): admin/4321
- Sony: admin/admin
- TRENDnet: admin/admin
- Toshiba: root/ikwd
- Vivotek: root/
- WebcamXP: admin/
Search for Webcams by Geography
Now that we know how to find webcams and potentially log-in using the default username and passwords, let's get more specific and try to find webcams in a specific location. If we were interested in webcams by the manufacturer WebcamXP in Australia, we could find them by typing:- webcamxp country:AU
Step 5Narrow Your Search to a City
- webcamxp city:sydney