In the video, what you see is a custom exploit script that exploits a buffer overflow in the web interfaces of several D-Link webcams. The neat part is that it tunnels the exploit and callback through each successive webcam. It works basically like this:
- Exploit webcam 1.
- Webcam 1 phones home, then downloads and executes a two-stage payload.
- The payload proxies all packets destined to a certain port between the exploit host and the next webcam in the chain. It does this in both directions.
- Tunneling through webcam 1, exploit webcam 2.
- Like before, webcam 2 phones home, tunneled through webcam 1, and downloads and executes a two-stage payload.
- Again, the payload proxies packets, this time between webcam 1 and the thrid webcam.
- Exploit webcam 3, tunneling through webcams 1 and 2.
- Webcam 3 executes a traditional payload, resulting in a connect-back shell. The shell connects back through webcams 2 and 1 to the exploit host.
- Root prompt on webcam 3.
I put this together pre-Bowcaster, so it's a little raw. But it was all groundwork for that framework, so Bowcaster has much of the same capability shown in the video.
Anyway, here's the video. It has cool music.