Ukraine needs your help!
From a source inside Ukraine, I have received a list of IP addresses with cameras within the Russian occupied areas of Ukraine. We need the camera credentials so that we can identify the Russian soldiers committing the atrocities and record them for prosecution. If each person simply took one IP address and worked on cracking it, we should be able to get them all. In this way, we can hold the Russian soldiers responsible.
Remember, start with the default credentials and work from there. Very often, the default username is left in place and only the password changed.
Ukraine thanks you. With all of us working together, we can end this war!
If you are unfamiliar with online password cracking, here are the steps I would take:
Check Shodan or other OSINT sites to determine the manufacturer of the online web cam. You can also do a banner grab to determine the manufacturer.
Find the default passwords. Many people do not change the username and password. Simply Google the manufacturer’s name and “default passwords” such as “webcamXP default passwords”.
Check out my tutorials on online password cracking here. and here. Initially, simply use the default username with a password list as most people do not change the username.
When using password lists, use my lists here first. These are the most commonly used passwords. There is no sense trying millions of passwords if the user has changed the password to “iloveyou”.
Update!
At least some of the IP cameras in Ukraine appear to be made by Dhua with a default username of “admin” and a numerical password. This should make cracking must easier.