Skip to content

itwizardo/Exploit1

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits

CVE-2019-12550.py

CVE-2019-12550.py

 
 

README.md

README.md

 
 

Repository files navigation

Title: PoC: Detecting Hardcoded Credentials (Default Password) in DCS-953L Firmware of Dlink (Novi Hogeschool Assessment)

Purpose: This Python script provides a foundational demonstration of how to automate the initial steps of searching for hardcoded credentials within the Dlink DCS-935L Firmware. It's designed as an educational Proof of Concept (PoC) for a Novi Hogeschool assessment.

Usage: To use the provided script, follow these steps:

  1. Install Python: Ensure Python is installed on your system.

Linux Install Python:

sudo apt install python3

Mac Install Python:

brew install python

  1. Install Required Modules: You need to install the requests module if it's not already installed. You can do this using pip, Python's package manager, by running the following command in your terminal or command prompt:

    pip install requests

  2. Run the Script: Open a terminal or command prompt, navigate to the directory containing the CVE-2019-12550.py file, and run the script using the following command:

    python3 CVE-2019-12550.py

  3. Check Output: After running the script, it will download the DCS935L Firmware, extract its contents, locate the /etc/passwd_default file, read its content, and write it to a new file named done.txt. You can find the done.txt file in the same directory where you ran the script.

  4. Review Output: Open the done.txt file to review the contents of the /etc/passwd_default file, which was retrieved.

How it Works

Downloads a Repository: The script downloads a specified GitHub repository as a ZIP file. Extracts the Archive: It extracts the contents of the downloaded ZIP file. Locates a Target File: The script navigates the extracted file structure to locate a specific file (in this example, 'etc/passwd_default'). Copies File Content: The contents of the target file are copied to a new file ('done.txt') for further manual inspection.

Important Notes

Ensure you have the requests and zipfile libraries installed (pip install requests zipfile). Disclaimer: This script is intended for educational use within the scope of a Novi Hogeschool assessment. Always use code responsibly and ethically when interacting with GitHub repositories.

Author Georgio T

About

Proof Of Concept

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages