RTSP - Port 554, 8554
Become VeryLazyTech member! π
Follow us on:
β Twitter @VeryLazyTech.
πΎ Github @VeryLazyTech.
π Medium @VeryLazyTech.
πΊ YouTube @VeryLazyTech.
π© Telegram @VeryLazyTech.
π΅οΈββοΈ My Site @VeryLazyTech.
Visit our shop for e-books and courses. π
Basic info
The Real-Time Streaming Protocol (RTSP) is a network control protocol designed for establishing and managing media sessions between endpoints. Predominantly utilized in entertainment and communication systems, RTSP enables clients to issue commands such as play, pause, and record to control media streaming from servers. While RTSP itself does not handle the transmission of streaming data, it often works in conjunction with protocols like the Real-time Transport Protocol (RTP) and Real-time Control Protocol (RTCP) to facilitate media stream delivery.β
Default Ports: RTSP typically operates over ports 554 and 8554.β
Enumerating RTSP Services
Effective enumeration is a critical step in assessing RTSP services. The following methodologies and tools are instrumental in this process:β
Nmap Scripting Engine (NSE)
Nmap offers specialized scripts tailored for RTSP enumeration:β
nmap -sV --script "rtsp-*" -p <PORT> <TARGET-IP>This command probes the specified port on the target IP, utilizing RTSP-specific scripts to gather pertinent information about the RTSP service.β
Manual Interaction with RTSP Services
Direct interaction with RTSP services can yield valuable insights:β
Sending a DESCRIBE Request: The
DESCRIBEmethod retrieves the media description of the requested resource.DESCRIBE rtsp://<TARGET-IP>:<PORT>/ RTSP/1.0 CSeq: 2A successful response provides details about the media stream, including codec information and available control methods.
Handling Authentication Challenges: If the server requires authentication, it will respond with a
401 Unauthorizedstatus, indicating the authentication scheme (e.g., Basic or Digest).Basic Authentication: Credentials are encoded in Base64.β
DESCRIBE rtsp://<TARGET-IP>:<PORT>/ RTSP/1.0 CSeq: 2 Authorization: Basic <BASE64_ENCODED_CREDENTIALS>Replace
<BASE64_ENCODED_CREDENTIALS>with the Base64-encoded string ofusername:password.Digest Authentication: Involves a challenge-response mechanism where the client must compute a response based on the server's nonce value.β
Automated Enumeration Tools
Several tools facilitate automated enumeration and assessment of RTSP services:β
Cameradar: An RTSP surveillance camera access tool that detects open RTSP hosts, retrieves public information, and attempts to access their streams.β
Features include:β
Detection of open RTSP hosts on accessible targets.β
Retrieval of host information such as hostname, port, and camera model.β
Automated dictionary attacks to discover stream routes and credentials.β
Generation of thumbnails for quick content previews.β
Vulnerability Assessment and Exploitation
Assessing RTSP services for vulnerabilities involves several key considerations:β
Brute-Force Attacks on Authentication
RTSP services that require authentication may be susceptible to brute-force attacks:β
rtsp_authgrinder: A tool designed to perform brute-force attacks against RTSP authentication mechanisms.β
Cameradar: In addition to enumeration, Cameradar can execute dictionary attacks to uncover valid credentials.β
hydra -l root -P passwords.txt <IP> rtspLearn & practice For the Bug Bounty
Last updated
Was this helpful?