Penetration Testing mailing list archives
RE: Webcams
From: "Holstein, Robert - BLS CTR" <Holstein.Robert () bls gov>
Date: Fri, 24 Aug 2007 09:15:16 -0400
The guys over on the nessus list had some pretty good input as well. Nessus has a plug-in or two that may help. It looks like at the end of the day this will need to be a WMI query or a manual examination of a registry dump to sift for drivers or webcam support software. I was hoping for a quick turn around, but alas I'll have to use a baseball bat instead of a scalpel. I have a pretty good idea which type of camera they are using. I know it's not wireless and I'm just about 100% certain they are all USB so that narrows down the scope somewhat from what I had yesterday. Thanks for all the help everyone! -----Original Message----- From: p1g [mailto:killfactory () gmail com] Sent: Thursday, August 23, 2007 11:51 PM To: Holstein, Robert - BLS CTR Cc: pen-test () securityfocus com Subject: Re: Webcams You could maybe query WMI via vbs, perl, WMI, nessus, etc. You could query the filesystem or registry for installed camera software. query registery for usb devices. If you knew what model of camera was being used, it would ne easier :) , yea, i know... FYI.. The nessus-users list would be a good place to ask. Sometimes this list(pen-test) reacts differently to the 'I want to search my network for stuff' questions. On 8/23/07, Holstein, Robert - BLS CTR <Holstein.Robert () bls gov> wrote:
Does anyone have a method for remotely detecting webcams installed on Windows hosts? I have the need to conduct an audit to find out if certain staff are using webcams. I may have administrative rights to the targets remotely, but no physical, or console access. Any input would be appreciated. Thank you, Robert C. Holstein IT Security Analyst Bureau of Labor Statistics (202)-691-7611 ---------------------------------------------------------------------- -- This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ---------------------------------------------------------------------- --
-- -p1g SnortCP ,,__ o" )~ oink oink ' ' ' ' If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- former White House cybersecurity czar Richard Clarke ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Webcams Holstein, Robert - BLS CTR (Aug 23)
- Re: Webcams p1g (Aug 23)
- Re: Webcams ManInWhite (Aug 24)
- RE: Webcams Holstein, Robert - BLS CTR (Aug 24)
- Re: Webcams Luca Carettoni (Aug 24)
- RE: Webcams Richard Lane (Aug 25)
- Re: Webcams Jan Heisterkamp (Aug 26)
- Re: Webcams rajat swarup (Aug 28)
- Re: Webcams Jan Heisterkamp (Aug 26)
- <Possible follow-ups>
- Re: Webcams anastasiosm (Aug 24)
- Re: Webcams p1g (Aug 23)