I'm a keen voyeur and a massive fan of the dull minutiae of people's lives, see

someones desk etc then the security guard tries to move it back then you remove it..

have already introduced you to Shodan, the world's most dangerous search engine. As you remember, Shodan indexes the information from the banners it pulls from web-enabled devices. These include routers, switches, webcams, traffic lights, SCADA systems, and even home security systems.

In my last post, I showed you how to find specific routers at a specific location, at a specific IP. In this tutorial, we will look to find webcams that are either unprotected or will allow us to log in with the default credentials, so come along a ride in voyeurism via the World Wide Web!
Step 1: Log in to Shodan

First, we need to log in to shodanhq.com. Although you can use Shodan without logging in, Shodan restricts some of its capabilities to only logged-in users.
Image via wonderhowto.com
Step 2: Search for Webcams

There are many ways to find web cams on Shodan. Usually, using the name of the manufacturer of the webcam is a good start. Remember, Shodan indexes the information in the banner, not the content. This means that if the manufacturer puts their name in the banner, we can search by it. If it doesn't, then the search will be fruitless.

One of my favorites is webcamxp, and when we type this into the Shodan search engine, it pulls up links to hundreds, if not thousands, of web-enabled webcams around the world!

Here is one from a rooftop in the Norway.

Here's another from a small shop in South Korea.
Image via wonderhowto.com

Although this can be fun and interesting to peek in—unbeknownst to these people around the world—we probably want to be more specific in our search for webcams.
Step 3: Default Webcam Username & Passwords

Although some of these webcams are unprotected, many of them will require authentication. The first step is to try the default username and password. I have compiled a short list of the default username and passwords of some of the most widely used webcams below.

ACTi: admin/123456 or Admin/123456
Axis (traditional): root/pass,
Axis (new): requires password creation during first login
Cisco: No default password, requires creation during first login
Grandstream: admin/admin
IQinVision: root/system
Mobotix: admin/meinsm
Panasonic: admin/12345
Samsung Electronics: root/root or admin/4321
Samsung Techwin (old): admin/1111111
Samsung Techwin (new): admin/4321
Sony: admin/admin
TRENDnet: admin/admin
Toshiba: root/ikwd
Vivotek: root/<blank>
WebcamXP: admin/ <blank>

There is no guarantee that these will work, but many inattentive and lazy administrators and individuals simply leave the default settings, and in those cases, these username and passwords will give you access to confidential and private webcams around the world!
Step 4: Search for Webcams by Geography

Now that we know how to find webcams and potentially log-in using the default username and passwords, let's get more specific and try to find webcams in a specific location. If we were interested in webcams by the manufacturer WebcamXP in Australia, we could find them by typing:

webcamxp country:AU

This will pull up a list of every WebcamXP in Australia that is web-enabled in Shodan's index as shown below.
Step 5: Narrow Your Search to a City

To be even more specific, we can narrow our search down to an individual city. Let's see what we can find in Sydney, Australia. We can find those webcams by typing:

webcamxp city:sydney

This search yields the results below.

When we click on one of these links, we find ourselves in someone's backyard in Sydney, Australia!
Step 6: Find Webcams by Longitude & Latitude

Shodan even enables us to be very specific in searching for web-enabled devices. In some cases, we can specify the longitude and latitude of the devices we want to find.

In this case, we will be looking for WebcamXP cameras at the longitude and latitude (-37.81, 144.96) of the city of Melbourne, Australia. When we search, we get a list of every WebcamXP at those coordinates on the globe. We must use the keyword geo followed by the longitude and latitude.

webcamxp geo: -37.81,144.96

When we get that specific, Shodan only finds four (4) WebcamXP cameras as shown below.

When we click on one, we can find that once again we have a private webcam view of someone's camera in their backyard in Melbourne, Australia.

I hope this short demonstration of the power Shodan gets your imagination stimulated for inventive ways you can find private webcams anywhere on the globe! Don't limit yourself to WebcamXP, but instead try each of the webcam manufacturers at a specific location and who knows what you will find!

:wave:

http://www.shodanhq.com/search?q=Server%3A+SQ-WEBCAM

IDEO WEB SERVER ---
79.129.7.234
OTEnet S.A.
Added on 16.11.2014
Greece Piraeus
Details

ikteop.static.otenet.gr

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache
Server: SQ-WEBCAM
CONTENT-LENGTH:2936

--- VIDEO WEB SERVER ---
81.182.248.161
Magyar Telekom plc.
Added on 16.11.2014
Hungary
Details

dsl51B6F8A1.fixip.t-online.hu

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache
Server: SQ-WEBCAM
CONTENT-LENGTH:2936

82.226.34.151
Free SAS
Added on 16.11.2014
France Paris
Details

vol75-5-82-226-34-151.fbx.proxad.net

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache
Server: SQ-WEBCAM
CONTENT-LENGTH:518

71.51.52.208
CenturyLink
Added on 16.11.2014
United States Humble
Details

tx-71-51-52-208.dhcp.embarqhsd.net

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache
Server: SQ-WEBCAM
CONTENT-LENGTH:1002

--- VIDEO WEB SERVER ---
114.33.228.68
CHTD, Chunghwa Telecom Co., Ltd.
Added on 16.11.2014
Taiwan Taipei
Details

114-33-228-68.HINET-IP.hinet.net

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache
Server: SQ-WEBCAM
CONTENT-LENGTH:2936

--- VIDEO WEB SERVER ---
175.140.115.36
TM Net
Added on 16.11.2014
Malaysia Melaka
Details

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache
Server: SQ-WEBCAM
CONTENT-LENGTH:2936

--- VIDEO WEB SERVER ---
87.22.147.53
Telecom Italia
Added on 16.11.2014
Italy
Details

host53-147-static.22-87-b.business.telecomitalia.it

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache
Server: SQ-WEBCAM
CONTENT-LENGTH:2936

--- VIDEO WEB SERVER ---
88.101.251.197
Telefonica Czech Republic, a.s.
Added on 15.11.2014
Czech Republic
Details

197.251.broadband6.iol.cz

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache
Server: SQ-WEBCAM
CONTENT-LENGTH:2936

77.255.192.12
Netia SA
Added on 15.11.2014
Poland
Details

77-255-192-12.adsl.inetia.pl

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache
Server: SQ-WEBCAM
CONTENT-LENGTH:434



1 2 3 next >

(it has a built-in webcam)?

Actually, it turns me on a bit.

www.insecam.cc/ (http://www.insecam.cc/)
It was first thing I did on hearing the news. :hehe: