Coder Social home page Coder Social logo

cve-2018-9995's Introduction

CVE-2018-9995 Exploit Tool for Python3

This Python script is designed to exploit CVE-2018-9995.

TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response.

Please note that this script is provided for educational purposes only. The security flaw was discovered in 2018, and while many devices have been patched, a significant number of vulnerable devices may still be in circulation.

Shodan has identified approximately 14,000 potentially affected devices. However, it's essential to note that most of these viewers no longer work with modern search engines, possibly due to the removal of NAPI support.

This script has been tested with various viewers. However, even if you get access, in many cases you won't be able to view these cameras.

To solve this problem, I used the N9plugin.exe found on a server where the viewer was set up, along with the IE Tab chrome extension. It's possible that viewing will work without IE Tab.

I'm making N9plugin.exe available in this repository. I'd like to stress that I've used this exe in a closed environment and that it's important that you do the same. On Virus Total this one is flag 2/71:

CrowdStrike Falcon -> Win/grayware_confidence_60% (D)
SecureAge -> Malicious

Even if these could be false positives, it's important to be careful. You may be able to find other N9plugins that are safer online. It's up to you to do your research.

Quick start for the tool

git clone https://github.com/pab450/CVE-2018-9995
cd CVE-2018-9995
pip3 install requests argparse
python3 exploit.py 127.0.0.1

If the CVE works, it will return:

usernameA, passwordA
usernameB, passwordB
...

Otherwise, a python error.

Arguments

  • host: Specify the target host or IP address.
  • --port (-p): Specify an optional port (default is an empty string). Example:
python3 exploit.py 127.0.0.1 --port 9000

python3 exploit.py 127.0.0.1 -p 9000

python3 exploit.py 127.0.0.1

Few Dorks to find devices with potential vulnerabilities

Google:

inurl:device.rsp -in
intitle:"AHD Login"
intitle:"DVR Login"
intitle:"NVR Login"
intitle:"XVR Login"

Shodan:

html:login.rsp
login.rsp

Plus

It is also possible to completely rewrite the firmware of these devices.

cve-2018-9995's People

Contributors

pab450 avatar

Stargazers

Ngoc Tran avatar avatar Ibrahim.ohb avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.