[plug] Dodgy tcp proxy

Brad Campbell brad at fnarfbargle.com
Mon Aug 21 14:42:48 AWST 2017


G'day all,

Just putting this out there as I looked for solutions and didn't find 
anything workable.

I'm doing some remote configuration on a system I have no physical 
access to in order to help someone out.

This is a cheap Chinese Hikvision NVR. I need to get access to one of 
the cameras behind it. The NVR is on a 192.168.0.0/24 network and the 
cameras are on a 192.0.0.0/24 network on the NVRs PoE switch. I can get 
access to the network via a Linux machine and OpenVPN.

If the cameras are using a native protocol the NVR provides a dodgy 
internal port map that allows you to get access to the cameras web 
interface. Unfortunately the camera in question uses another protocol 
and thus the NVR won't let me near it.

I have access to a telnet shell on the NVR, but the internal version of 
Busybox doesn't really have anything useful (except tftp!).

So, tftp a pre-compiled busybox binary (found on the busybox site to 
same me the effort) to /tmp. Now use the busybox tcpdsvd to set up a 
listening port, and run netcat on connection.

./busybox-armv6l tcpsvd 192.168.0.220 8080 ./busybox-armv6l nc 192.0.0.13 80

Boom. Connect to the NVR on port 8080 and it gets redirected to the 
camera on port 80. Win.

Alternatives gratefully solicited. Oddly enough this is something that 
comes up from time to time and I seem to find a different method every time.



More information about the plug mailing list