Penetration Testing mailing list archives
Re: Webcams
From: "rajat swarup" <rajats () gmail com>
Date: Mon, 27 Aug 2007 06:44:35 -0700
On 8/25/07, Jan Heisterkamp <janheisterkamp () web de> wrote:
Why don't you query the webcamserver or for webcamserverfiles? You can find, only for example, webcams in the internet with a simple googling for example with inurl:/view/index.shtml or inurl:"ViewerFrame?Mode="...this won't help you in your case, but you have admin rights, you should be able to find them..you don't need a scanner for this job. Richard Lane schrieb:You could try GFi LANGuard's Network Security Scanner - http://www.gfi.com/lannetscan/ . IT allows you to remotely query the machine's to determine a wide range of info - including installed software, registry settings, USB devices (currently and previously connected). I've just used it to audit our infrastructure (around 700 devices) and a client (around 3000 devices), and it highlighted a number of people running webcams (amongst other unauthorised stuff, which NSS is great for identifying). -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Holstein, Robert - BLS CTR Sent: 24 August 2007 06:27 To: pen-test () securityfocus com Subject: Webcams Does anyone have a method for remotely detecting webcams installed on Windows hosts? I have the need to conduct an audit to find out if certain staff are using webcams. I may have administrative rights to the targets remotely, but no physical, or console access. Any input would be appreciated. Robert C. Holstein
Hi Robert, I'm not an expert on WMI but maybe this might be of some help to you. http://packages.debian.org/unstable/python/wmi-client Are you sure that all webcams would be definitely using WMI interface only? I've seen that some scanners don't use it. May be it's worth researching. Just my 2 cents. HTH, -- Rajat Swarup http://rajatswarup.blogspot.com/ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Webcams Holstein, Robert - BLS CTR (Aug 23)
- Re: Webcams p1g (Aug 23)
- Re: Webcams ManInWhite (Aug 24)
- RE: Webcams Holstein, Robert - BLS CTR (Aug 24)
- Re: Webcams Luca Carettoni (Aug 24)
- RE: Webcams Richard Lane (Aug 25)
- Re: Webcams Jan Heisterkamp (Aug 26)
- Re: Webcams rajat swarup (Aug 28)
- Re: Webcams Jan Heisterkamp (Aug 26)
- <Possible follow-ups>
- Re: Webcams anastasiosm (Aug 24)
- Re: Webcams p1g (Aug 23)