# RTSP - Port 554, 8554 {% tabs %} {% tab title="Support VeryLazyTech 🎉" %} * Become VeryLazyTech [**member**](https://shop.verylazytech.com/l/Membership)**! 🎁** * **Follow** us on: * **✖ Twitter** [**@VeryLazyTech**](https://x.com/verylazytech)**.** * **👾 Github** [**@VeryLazyTech**](https://github.com/verylazytech)**.** * **📜 Medium** [**@VeryLazyTech**](https://medium.com/@verylazytech)**.** * **📺 YouTube** [**@VeryLazyTech**](https://www.youtube.com/@VeryLazyTechOfficial)**.** * **📩 Telegram** [**@VeryLazyTech**](https://t.me/+mSGyb008VL40MmVk)**.** * **🕵️‍♂️ My Site** [**@VeryLazyTech**](https://www.verylazytech.com/)**.** * Visit our [**shop** ](https://shop.verylazytech.com/)for e-books and courses. 📚 {% endtab %} {% endtabs %} ## Basic info The Real-Time Streaming Protocol (RTSP) is a network control protocol designed for establishing and managing media sessions between endpoints. Predominantly utilized in entertainment and communication systems, RTSP enables clients to issue commands such as play, pause, and record to control media streaming from servers. While RTSP itself does not handle the transmission of streaming data, it often works in conjunction with protocols like the Real-time Transport Protocol (RTP) and Real-time Control Protocol (RTCP) to facilitate media stream delivery.​ **Default Ports:** RTSP typically operates over ports 554 and 8554.​ ## Enumerating RTSP Services Effective enumeration is a critical step in assessing RTSP services. The following methodologies and tools are instrumental in this process:​ ### Nmap Scripting Engine (NSE) Nmap offers specialized scripts tailored for RTSP enumeration:​ ```bash nmap -sV --script "rtsp-*" -p ``` This command probes the specified port on the target IP, utilizing RTSP-specific scripts to gather pertinent information about the RTSP service.​ ### Manual Interaction with RTSP Services Direct interaction with RTSP services can yield valuable insights:​ 1. **Sending a DESCRIBE Request:** The `DESCRIBE` method retrieves the media description of the requested resource. ```bash DESCRIBE rtsp://:/ RTSP/1.0 CSeq: 2 ``` A successful response provides details about the media stream, including codec information and available control methods. 2. **Handling Authentication Challenges:** If the server requires authentication, it will respond with a `401 Unauthorized` status, indicating the authentication scheme (e.g., Basic or Digest). * **Basic Authentication:** Credentials are encoded in Base64.​ ```bash DESCRIBE rtsp://:/ RTSP/1.0 CSeq: 2 Authorization: Basic ``` Replace `` with the Base64-encoded string of `username:password`. * **Digest Authentication:** Involves a challenge-response mechanism where the client must compute a response based on the server's nonce value.​ ## Automated Enumeration Tools Several tools facilitate automated enumeration and assessment of RTSP services:​ * [**Cameradar**](https://github.com/Ullaakut/cameradar)**:** An RTSP surveillance camera access tool that detects open RTSP hosts, retrieves public information, and attempts to access their streams.​ Features include:​ * Detection of open RTSP hosts on accessible targets.​ * Retrieval of host information such as hostname, port, and camera model.​ * Automated dictionary attacks to discover stream routes and credentials.​ * Generation of thumbnails for quick content previews.​ ### Vulnerability Assessment and Exploitation Assessing RTSP services for vulnerabilities involves several key considerations:​ #### Brute-Force Attacks on Authentication RTSP services that require authentication may be susceptible to brute-force attacks:​ * [**rtsp\_authgrinder**](https://github.com/tektengu/rtsp_authgrinder)**:** A tool designed to perform brute-force attacks against RTSP authentication mechanisms.​ * [**Cameradar**](https://github.com/Ullaakut/cameradar)**:** In addition to enumeration, Cameradar can execute dictionary attacks to uncover valid credentials.​ ``` hydra -l root -P passwords.txt rtsp ``` *** {% hint style="success" %} Learn & practice [**For the Bug Bounty**](https://shop.verylazytech.com)
Support VeryLazyTech 🎉 * Become VeryLazyTech [**member**](https://shop.verylazytech.com/l/Membership)**! 🎁** * **Follow** us on: * **✖ Twitter** [**@VeryLazyTech**](https://x.com/verylazytech)**.** * **👾 Github** [**@VeryLazyTech**](https://github.com/verylazytech)**.** * **📜 Medium** [**@VeryLazyTech**](https://medium.com/@verylazytech)**.** * **📺 YouTube** [**@VeryLazyTech**](https://www.youtube.com/@VeryLazyTechOfficial)**.** * **📩 Telegram** [**@VeryLazyTech**](https://t.me/+mSGyb008VL40MmVk)**.** * **🕵️‍♂️ My Site** [**@VeryLazyTech**](https://www.verylazytech.com/)**.** * Visit our [**shop** ](https://shop.verylazytech.com/)for e-books and courses. 📚
{% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://www.verylazytech.com/network-pentesting/rtsp-port-554-8554.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.