Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2025-02-16 22:18:27 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/network-services-pentesting/554-8554-pentesting-rtsp.md

101 lines
6.5 KiB
Markdown
Raw Normal View History

Translated ['generic-methodologies-and-resources/external-recon-methodol
2024-02-23 16:48:14 +00:00
# 554,8554 - Kupima Usalama wa RTSP
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
<details>
Translated ['generic-methodologies-and-resources/external-recon-methodol
2024-02-23 16:48:14 +00:00
<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated to Swahili
2024-02-11 02:13:58 +00:00
Njia nyingine za kusaidia HackTricks:
arte
2024-01-03 11:42:55 +01:00
Translated ['generic-methodologies-and-resources/external-recon-methodol
2024-02-23 16:48:14 +00:00
* Ikiwa unataka kuona **kampuni yako ikionekana kwenye HackTricks** au **kupakua HackTricks kwa PDF** Angalia [**MIPANGO YA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Pata [**bidhaa rasmi za PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) za kipekee
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
</details>
Translated to Swahili
2024-02-11 02:13:58 +00:00
## Taarifa Msingi
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated to Swahili
2024-02-11 02:13:58 +00:00
Kutoka [wikipedia](https://en.wikipedia.org/wiki/Real\_Time\_Streaming\_Protocol):
a
2024-02-08 22:36:35 +01:00
Translated ['generic-methodologies-and-resources/external-recon-methodol
2024-02-23 16:48:14 +00:00
> **Itifaki ya Uchezaji wa Moja kwa Moja** (**RTSP**) ni itifaki ya kudhibiti mtandao iliyoundwa kwa matumizi katika mifumo ya burudani na mawasiliano kudhibiti seva za media za uchezaji. Itifaki hutumiwa kuanzisha na kudhibiti vikao vya media kati ya mwisho. Wateja wa seva za media hutolea amri za mtindo wa VHS, kama vile kucheza, kurekodi na kusitisha, kurahisisha kudhibiti halisi wa uchezaji wa media kutoka kwa seva kwenda kwa mteja (Video On Demand) au kutoka kwa mteja kwenda kwa seva (Kurekodi Sauti).
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
>
Translated ['generic-methodologies-and-resources/external-recon-methodol
2024-02-23 16:48:14 +00:00
> Uhamishaji wa data ya uchezaji wenyewe sio jukumu la RTSP. Seva nyingi za RTSP hutumia Itifaki ya Usafirishaji wa Moja kwa Moja (RTP) pamoja na Itifaki ya Kudhibiti ya Moja kwa Moja (RTCP) kwa utoaji wa mtiririko wa media. Walakini, baadhi ya wauzaji hutekeleza itifaki za usafirishaji za kipekee. Programu ya seva ya RTSP kutoka RealNetworks, kwa mfano, pia ilikuwa inatumia Usafirishaji wa Data wa Kipekee wa RealNetworks (RDT).
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['generic-methodologies-and-resources/external-recon-methodol
2024-02-23 16:48:14 +00:00
**Bandari za Ubadilishaji:** 554, 8554
GitBook: [#2777] gitbookissooooo slow I cannot write
2021-10-18 11:21:18 +00:00
```
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
PORT STATE SERVICE
554/tcp open rtsp
```
Translated to Swahili
2024-02-11 02:13:58 +00:00
## Maelezo Muhimu
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['generic-methodologies-and-resources/external-recon-methodol
2024-02-23 16:48:14 +00:00
**RTSP** ni sawa na HTTP lakini imeundwa mahsusi kwa ajili ya utiririshaji wa media. Imeelezwa katika maelezo rahisi yanayopatikana hapa:
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['generic-methodologies-and-resources/external-recon-methodol
2024-02-23 16:48:14 +00:00
[RTSP RFC2326](https://tools.ietf.org/html/rfc2326)
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['generic-methodologies-and-resources/external-recon-methodol
2024-02-23 16:48:14 +00:00
Vifaa vinaweza kuruhusu ufikiaji **bila uthibitisho** au **uliothibitishwa**. Ili kuchunguza hili, ombi la "DESCRIBE" hutumwa. Mfano wa msingi umewekwa hapa chini:
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['generic-methodologies-and-resources/external-recon-methodol
2024-02-23 16:48:14 +00:00
`DESCRIBE rtsp://<ip>:<port> RTSP/1.0\r\nCSeq: 2\r`
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['generic-methodologies-and-resources/external-recon-methodol
2024-02-23 16:48:14 +00:00
Kumbuka, muundo sahihi unajumuisha "\r\n" mara mbili kwa jibu la kawaida. Jibu la "200 OK" linaashiria ufikiaji **bila uthibitisho**, wakati "401 Unauthorized" inaashiria hitaji la uthibitisho, ikifichua ikiwa unahitaji **uthibitisho wa Msingi** au **uthibitisho wa Digest**.
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['generic-methodologies-and-resources/external-recon-methodol
2024-02-23 16:48:14 +00:00
Kwa **uthibitisho wa Msingi**, unakodisha jina la mtumiaji na nywila kwa base64 na kuliweka katika ombi kama ifuatavyo:
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['generic-methodologies-and-resources/external-recon-methodol
2024-02-23 16:48:14 +00:00
`DESCRIBE rtsp://<ip>:<port> RTSP/1.0\r\nCSeq: 2\r\nAuthorization: Basic YWRtaW46MTIzNA==\r`
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['generic-methodologies-and-resources/external-recon-methodol
2024-02-23 16:48:14 +00:00
Mfano huu unatumia "admin" na "1234" kama sifa. Hapa kuna **skripti ya Python** ya kutuma ombi kama hilo:
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
```python
import socket
req = "DESCRIBE rtsp://<ip>:<port> RTSP/1.0\r\nCSeq: 2\r\nAuthorization: Basic YWRtaW46MTIzNA==\r\n\r\n"
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(("192.168.1.1", 554))
s.sendall(req)
GitBook: [#3004] No subject
2022-02-10 12:30:58 +00:00
data = s.recv(1024)
GitBook: [#3003] No subject
2022-02-09 20:30:05 +00:00
print(data)
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
```
Translated ['generic-methodologies-and-resources/external-recon-methodol
2024-02-23 16:48:14 +00:00
**Uthibitisho wa msingi** ni rahisi na unapendelewa. **Uthibitisho wa kuchimba** unahitaji kushughulikia kwa uangalifu maelezo ya uthibitisho yaliyotolewa katika jibu la "401 Unauthorized".
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['generic-methodologies-and-resources/external-recon-methodol
2024-02-23 16:48:14 +00:00
Hii muhtasari unafanya iwe rahisi kufikia mitiririko ya RTSP, ikilenga **uthibitisho wa msingi** kwa urahisi wake na matumizi katika jaribio la kwanza.
a
2024-02-08 22:36:35 +01:00
Translated ['generic-methodologies-and-resources/external-recon-methodol
2024-02-23 16:48:14 +00:00
## Urambazaji
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['generic-methodologies-and-resources/external-recon-methodol
2024-02-23 16:48:14 +00:00
Tupate habari kuhusu njia halali na URL zinazoungwa mkono na jaribu kufanya upenyezi wa ufikiaji (ikiwa inahitajika) ili kupata ufikiaji wa yaliyomo.
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
```bash
Update 554-8554-pentesting-rtsp.md
2022-01-13 21:45:25 +03:00
nmap -sV --script "rtsp-*" -p <PORT> <IP>
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
```
Translated ['generic-methodologies-and-resources/external-recon-methodol
2024-02-23 16:48:14 +00:00
### [Kuvunja Kwa Nguvu](../generic-methodologies-and-resources/brute-force.md#rtsp)
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['generic-methodologies-and-resources/external-recon-methodol
2024-02-23 16:48:14 +00:00
### **Programu Nyingine Zenye Manufaa**
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['generic-methodologies-and-resources/external-recon-methodol
2024-02-23 16:48:14 +00:00
Kwa kuvunja kwa nguvu: [https://github.com/Tek-Security-Group/rtsp\_authgrinder](https://github.com/Tek-Security-Group/rtsp\_authgrinder)
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
a
2024-02-08 22:36:35 +01:00
[**Cameradar**](https://github.com/Ullaakut/cameradar)
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['generic-methodologies-and-resources/external-recon-methodol
2024-02-23 16:48:14 +00:00
* Kugundua seva za RTSP zilizofunguliwa kwenye lengo lolote linalopatikana
* Pata habari zao za umma (jina la mwenyeji, bandari, mfano wa kamera, n.k.)
* Anzisha mashambulizi ya maneno ya siri kiotomatiki kupata njia yao ya mtiririko (kwa mfano /live.sdp)
* Anzisha mashambulizi ya maneno ya siri kiotomatiki kupata jina la mtumiaji na nywila za kamera
* Unda picha za kidole kutoka kwao ili kuhakikisha kuwa mtiririko ni sahihi na kupata muhtasari wa haraka wa maudhui yao
* Jaribu kuunda mstari wa Gstreamer kuangalia kama wamekodishwa kwa usahihi
* Chapisha muhtasari wa habari zote ambazo Cameradar ingeweza kupata
a
2024-02-08 22:36:35 +01:00
Translated to Swahili
2024-02-11 02:13:58 +00:00
## Marejeo
Translated ['generic-methodologies-and-resources/external-recon-methodol
2024-02-23 16:48:14 +00:00
a
2024-02-08 22:36:35 +01:00
* [https://en.wikipedia.org/wiki/Real\_Time\_Streaming\_Protocol](https://en.wikipedia.org/wiki/Real\_Time\_Streaming\_Protocol)
* [http://badguyfu.net/rtsp-brute-forcing-for-fun-and-naked-pictures/](http://badguyfu.net/rtsp-brute-forcing-for-fun-and-naked-pictures/)
GitBook: [#3195] No subject
2022-05-08 23:13:03 +00:00
* [https://github.com/Ullaakut/cameradar](https://github.com/Ullaakut/cameradar)
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
<details>
Translated ['generic-methodologies-and-resources/external-recon-methodol
2024-02-23 16:48:14 +00:00
<summary><strong>Jifunze kuhusu kuvamia AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated to Swahili
2024-02-11 02:13:58 +00:00
Njia nyingine za kusaidia HackTricks:
arte
2024-01-03 11:42:55 +01:00
Translated ['generic-methodologies-and-resources/external-recon-methodol
2024-02-23 16:48:14 +00:00
* Ikiwa unataka kuona **kampuni yako ikitangazwa kwenye HackTricks** au **kupakua HackTricks kwa PDF** Angalia [**MIPANGO YA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Pata [**bidhaa rasmi za PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) ya kipekee
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au kikundi cha [**telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Shiriki mbinu zako za kuvamia kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
</details>
Reference in a new issue Copy permalink