New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

c2s dvr password disclosure #11331

Merged
merged 5 commits into from Feb 7, 2019

Conversation

Projects
None yet
4 participants
@h00die
Copy link
Contributor

h00die commented Jan 29, 2019

Simple PR with a 2016 password disclosure on a DVR system from EDB. I created a mock page to emulate the vulnerability. There are still some live ones on the internet according to shodan, not sure if they are vuln or not.

Verification

  • install the mock page, its super quick and easy.
  • Start msfconsole
  • use exploit/auxiliary/gather/c2s_dvr_password_disclosure
  • set rhosts
  • exploit
  • Verify it finds creds
@jmartin-r7

This comment has been minimized.

Copy link
Contributor

jmartin-r7 commented Jan 29, 2019

./tools/dev/msftidy.rb all the things please.

@h00die

This comment has been minimized.

Copy link
Contributor Author

h00die commented Jan 31, 2019

Thanks for the reviews and comments team, fixed!

@h00die h00die referenced this pull request Feb 3, 2019

Merged

(JVC/Vanderbuilt/Siemens) ipcamera password disclosures #11352

0 of 6 tasks complete
@bcoles

This comment has been minimized.

Copy link
Contributor

bcoles commented Feb 5, 2019

msf5 auxiliary(gather/c2s_dvr_password_disclosure) > run

[+] Found: admin:12345
[+] Found: user:56789
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf5 auxiliary(gather/c2s_dvr_password_disclosure) > creds
Credentials
===========

host            origin          service        public  private  realm  private_type
----            ------          -------        ------  -------  -----  ------------
172.16.191.188  172.16.191.188  80/tcp (http)  admin   12345           Password
172.16.191.188  172.16.191.188  80/tcp (http)  user    56789           Password
@bcoles

bcoles approved these changes Feb 5, 2019

@bcoles bcoles self-assigned this Feb 6, 2019

@bcoles bcoles merged commit 0ac3004 into rapid7:master Feb 7, 2019

3 checks passed

Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

bcoles added a commit that referenced this pull request Feb 7, 2019

@bcoles

This comment has been minimized.

Copy link
Contributor

bcoles commented Feb 7, 2019

Release Notes

Add C2S DVR Management Password Disclosure module to retrieve credentials from C2S DVR devices.

msjenkins-r7 added a commit that referenced this pull request Feb 7, 2019

@h00die h00die deleted the h00die:c2password branch Feb 7, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment